fix: harden admin access, repair ORM joins, and add migration/tests

2026-04-01 14:59:54 +07:00
parent de592d140e
commit 16ab13e911
21 changed files with 1275 additions and 368 deletions
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -35,6 +35,22 @@ class Settings(BaseSettings):
    ENVIRONMENT: Literal["development", "staging", "production"] = Field(
        default="development", description="Environment name"
    )
+    ENABLE_ADMIN: bool = Field(
+        default=False,
+        description="Enable admin UI and admin-only API routes",
+    )
+    ADMIN_USERNAME: str = Field(
+        default="",
+        description="Admin panel username",
+    )
+    ADMIN_PASSWORD: str = Field(
+        default="",
+        description="Admin panel password (plain env value)",
+    )
+    ADMIN_SESSION_EXPIRE_SECONDS: int = Field(
+        default=3600,
+        description="Admin session lifetime in seconds",
+    )

    # OpenRouter (AI Generation)
    OPENROUTER_API_KEY: str = Field(