Switch to cognito user/password authentication. Major code refactor - Fix 2

app/auth/dependencies.py

@@ -7,8 +7,10 @@ from fastapi.security import OAuth2PasswordBearer
 from app.auth.cognito import get_user_from_token
 from app.models.auth import CognitoUser
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="signin")
+oauth2_scheme = OAuth2PasswordBearer(
-
+    tokenUrl="signin",
+    scheme_name="Bearer"
+)
 
 def get_current_user(token: str = Depends(oauth2_scheme)) -> CognitoUser:
     """

app/main.py

@@ -1,3 +1,4 @@
+from fastapi.security import OAuth2PasswordBearer
 import uvicorn
 from fastapi import FastAPI, Depends
 from fastapi.responses import RedirectResponse
@@ -5,7 +6,54 @@ from app.auth.cognito import initiate_auth
 from app.auth.dependencies import get_current_user, require_roles
 from app.models.auth import CognitoUser, SigninRequest, TokenResponse
 
-app = FastAPI()
+from fastapi import FastAPI, Depends, Security
+from fastapi.security import OAuth2PasswordBearer
+from fastapi.openapi.utils import get_openapi
+
+app = FastAPI(
+    title="IPTV Updater API",
+    description="API for IPTV Updater service",
+    version="1.0.0",
+)
+
+def custom_openapi():
+    if app.openapi_schema:
+        return app.openapi_schema
+
+    openapi_schema = get_openapi(
+        title=app.title,
+        version=app.version,
+        description=app.description,
+        routes=app.routes,
+    )
+
+    # Ensure components object exists
+    if "components" not in openapi_schema:
+        openapi_schema["components"] = {}
+
+    # Add schemas if they don't exist
+    if "schemas" not in openapi_schema["components"]:
+        openapi_schema["components"]["schemas"] = {}
+
+    # Add security scheme component
+    openapi_schema["components"]["securitySchemes"] = {
+        "Bearer": {
+            "type": "http",
+            "scheme": "bearer",
+            "bearerFormat": "JWT"
+        }
+    }
+
+    # Add global security requirement
+    openapi_schema["security"] = [{"Bearer": []}]
+
+    # Set OpenAPI version explicitly
+    openapi_schema["openapi"] = "3.1.0"
+
+    app.openapi_schema = openapi_schema
+    return app.openapi_schema
+
+app.openapi = custom_openapi
 
 @app.get("/")
 async def root():
@@ -25,7 +73,8 @@ def signin(credentials: SigninRequest):
         token_type="Bearer",
     )
 
-@app.get("/protected")
+@app.get("/protected", 
+         summary="Protected endpoint for authenticated users")
 async def protected_route(user: CognitoUser = Depends(get_current_user)):
     """
     Protected endpoint that requires for all authenticated users.

app/utils/constants.py

@@ -11,7 +11,7 @@ AWS_REGION = os.environ.get("AWS_REGION", "us-east-2")
 COGNITO_USER_POOL_ID = os.getenv("COGNITO_USER_POOL_ID")
 COGNITO_CLIENT_ID = os.getenv("COGNITO_CLIENT_ID")
 COGNITO_CLIENT_SECRET = os.environ.get("COGNITO_CLIENT_SECRET", None)
-USER_ROLE_ATTRIBUTE = "custom:role"
+USER_ROLE_ATTRIBUTE = "zoneinfo"
 
 IPTV_SERVER_URL = os.getenv("IPTV_SERVER_URL", "https://iptv.fiorinis.com")
 

infrastructure/stack.py

@@ -152,7 +152,8 @@ class IptvUpdaterStack(Stack):
         # Adds one or more commands to the userdata object.
         userdata.add_commands(
             f'echo "COGNITO_USER_POOL_ID={user_pool.user_pool_id}" >> /etc/environment',
-            f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment'
+            f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment',
+            f'echo "COGNITO_CLIENT_SECRET={client.user_pool_client_secret}" >> /etc/environment'
         )
         userdata.add_commands(str(userdata_file, 'utf-8'))