itdrui.de
6eb27a62b1
- User-Modell (username, password_hash, role admin/user, is_active) - Standard-Admin-Benutzer wird beim ersten Start automatisch angelegt - JWT-Tokens (HS256) für Benutzer-Sessions, konfigurierbare Ablaufzeit - API-Key bleibt für service-to-service-Calls (backward-compatible) - POST /api/v1/auth/login → JWT-Token - GET /api/v1/auth/me → aktueller Benutzer - CRUD /api/v1/users/ → Benutzerverwaltung (nur Admin) - TUI zeigt Login-Screen beim Start; nach Erfolg → MainScreen - Passwort-Hashing mit bcrypt (python-jose für JWT)
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
|
|
from api.auth import create_access_token, require_auth, verify_password
|
|
from db.database import get_db
|
|
from db.models import User
|
|
from schemas import LoginRequest, TokenResponse
|
|
|
|
router = APIRouter(prefix="/auth", tags=["auth"])
|
|
|
|
|
|
@router.post("/login", response_model=TokenResponse)
|
|
def login(req: LoginRequest, db: Session = Depends(get_db)):
|
|
user = (
|
|
db.query(User)
|
|
.filter(User.username == req.username, User.is_active == True) # noqa: E712
|
|
.first()
|
|
)
|
|
if not user or not verify_password(req.password, user.password_hash):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Ungültiger Benutzername oder Passwort",
|
|
)
|
|
token = create_access_token(
|
|
{"sub": user.id, "username": user.username, "role": user.role}
|
|
)
|
|
return TokenResponse(access_token=token, username=user.username, role=user.role)
|
|
|
|
|
|
@router.get("/me", response_model=dict)
|
|
def me(principal: dict = Depends(require_auth)):
|
|
return {"username": principal["username"], "role": principal["role"]}
|