Improve Auth Controller
This merge request contains multiple tasks and should be seen as a discussion entry (esp. point 3):
- Refactor AuthController to split Controller Tasks and Business Logic
- Split Authentification and User Management
- Instead of checking if the user is logged in on multiple places checking it once how it should be.
- For this I added an AuthorizationMiddleware which checks if the user is logged in and the accessed route is restricted or not
- But: This is not how it should be used. The FlaskAPI approach using
OAuth2PasswordBearer
is to add the Token dependency on each route method which should be restricted. An example of that can be found inUserController.read_users_me
method. - I tried to improve this approach to get the current user instead of the token only as a dependency but on the current structure with Controller / Logic I failed of doing so…
- So we need to discuss here, which approach (Middleware vs. FlaskAPI way) we prefer. Both have advantages and disadvantages…