feat: Multi-User-Unterstützung mit JWT-Authentifizierung

- User-Modell (username, password_hash, role admin/user, is_active) - Standard-Admin-Benutzer wird beim ersten Start automatisch angelegt - JWT-Tokens (HS256) für Benutzer-Sessions, konfigurierbare Ablaufzeit - API-Key bleibt für service-to-service-Calls (backward-compatible) - POST /api/v1/auth/login → JWT-Token - GET /api/v1/auth/me → aktueller Benutzer - CRUD /api/v1/users/ → Benutzerverwaltung (nur Admin) - TUI zeigt Login-Screen beim Start; nach Erfolg → MainScreen - Passwort-Hashing mit bcrypt (python-jose für JWT)
2026-03-04 20:55:13 +01:00
parent 0e2a8a6bc0
commit 6eb27a62b1
14 changed files with 421 additions and 10 deletions
--- a/schemas.py
+++ b/schemas.py
@@ -126,3 +126,43 @@ class SystemStatusResponse(BaseModel):
    channels: list[ChannelStatusResponse]
    database: bool
    timestamp: datetime
+
+# ── Auth / User ─────────────────────────────────────────────────────────────
+
+class UserRole(str, Enum):
+    admin = "admin"
+    user = "user"
+
+
+class LoginRequest(BaseModel):
+    username: str = Field(..., min_length=1, max_length=64)
+    password: str = Field(..., min_length=1)
+
+
+class TokenResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    username: str
+    role: UserRole
+
+
+class UserCreate(BaseModel):
+    username: str = Field(..., min_length=1, max_length=64)
+    password: str = Field(..., min_length=6)
+    role: UserRole = UserRole.user
+
+
+class UserUpdate(BaseModel):
+    password: Optional[str] = Field(None, min_length=6)
+    role: Optional[UserRole] = None
+    is_active: Optional[bool] = None
+
+
+class UserResponse(BaseModel):
+    model_config = {"from_attributes": True}
+
+    id: str
+    username: str
+    role: UserRole
+    is_active: bool
+    created_at: datetime