User Utilities and Helpers

check_critical_action_forbidden(target_user: UserModel, calling_superuser_id: UUID) → None

Disallow destructive action on self or system admin.

Parameters:

• target_user (User) – The user object targeted for action.

• calling_superuser_id (UUID) – UUID of the superuser calling the action.

Raises:

PermissionDeniedException – If target is the system admin or the caller themselves.

async perform_logout_cleanup(refresh_jti: str, ttl: int, user_id: UUID) → None

Perform asynchronous cleanup tasks upon user logout.

This function is intended to be executed as a FastAPI background task to non-blocking revoke the refresh token in cache with a specified TTL and immediately invalidate cached user data.

Parameters:

• refresh_jti (str) – The JWT ID (JTI) of the refresh token to be blacklisted.

• ttl (int) – The time-to-live duration in seconds for token invalidation.

• user_id (UUID) – The ID of the user whose cache needs to be invalidated.

get_refresh_context(user_auth: UserAuth) → tuple[str, float]

Validate that the user authentication context contains refresh metadata.