setup admin connection

2026-05-06 12:22:17 +02:00
parent bdb523d4b8
commit 824173e63e
20 changed files with 425 additions and 136 deletions
--- a/sop-back/app/api/routes/auth.py
+++ b/sop-back/app/api/routes/auth.py
@@ -0,0 +1,37 @@
+import secrets
+from fastapi import APIRouter, HTTPException, status
+from pydantic import BaseModel
+
+from app.core.config import settings
+
+router = APIRouter()
+
+
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+
+
+class LoginResponse(BaseModel):
+    token: str
+
+
+@router.post("/admin/login", response_model=LoginResponse)
+def admin_login(body: LoginRequest):
+    if not settings.ADMIN_USERNAME or not settings.ADMIN_PASSWORD:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Admin account is not configured",
+        )
+    # constant-time compare to avoid leaking timing info
+    user_ok = secrets.compare_digest(body.username, settings.ADMIN_USERNAME)
+    pass_ok = secrets.compare_digest(body.password, settings.ADMIN_PASSWORD)
+    if not (user_ok and pass_ok):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials",
+        )
+    # The token IS the password. Single account, no expiry, no rotation —
+    # simple and matches what require_admin() expects in the Authorization
+    # header. Swap for a signed/expiring token if you ever add multiple users.
+    return LoginResponse(token=settings.ADMIN_PASSWORD)