61 lines
1.5 KiB
Python
61 lines
1.5 KiB
Python
"""
|
|
Authentication endpoints.
|
|
"""
|
|
|
|
from typing import Any, Dict
|
|
|
|
from fastapi import APIRouter, HTTPException, status
|
|
from pydantic import BaseModel
|
|
|
|
from app.core.auth import issue_access_token
|
|
from app.core.config import get_settings
|
|
|
|
router = APIRouter(prefix="/auth", tags=["auth"])
|
|
settings = get_settings()
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
username: str
|
|
password: str
|
|
|
|
|
|
@router.post(
|
|
"/admin-login",
|
|
summary="Admin Login",
|
|
description="Login for standalone app administration.",
|
|
)
|
|
async def admin_login(request: LoginRequest) -> Dict[str, Any]:
|
|
"""Authenticate an app admin and issue a JWT token."""
|
|
if not settings.ENABLE_ADMIN:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Admin functionality is disabled.",
|
|
)
|
|
|
|
if not settings.ADMIN_USERNAME or not settings.ADMIN_PASSWORD:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="Admin credentials not configured.",
|
|
)
|
|
|
|
if (
|
|
request.username != settings.ADMIN_USERNAME
|
|
or request.password != settings.ADMIN_PASSWORD
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid credentials",
|
|
)
|
|
|
|
token = issue_access_token(
|
|
website_id=None,
|
|
role="system_admin",
|
|
expires_in_seconds=86400 * 7, # 7 days
|
|
)
|
|
|
|
return {
|
|
"access_token": token,
|
|
"token_type": "bearer",
|
|
"role": "system_admin",
|
|
}
|