2026-04-25 22:51:36 +12:00
|
|
|
from fastapi import APIRouter, Depends, HTTPException, status
|
2026-04-25 20:43:37 +12:00
|
|
|
from pydantic import BaseModel
|
2026-04-25 22:51:36 +12:00
|
|
|
from sqlalchemy import select
|
|
|
|
|
from sqlalchemy.orm import Session
|
2026-04-25 20:43:37 +12:00
|
|
|
|
2026-04-25 22:51:36 +12:00
|
|
|
from app.api.deps import AuthSession, require_admin_session, require_client_session
|
2026-04-25 20:43:37 +12:00
|
|
|
from app.core.config import settings
|
2026-04-25 22:51:36 +12:00
|
|
|
from app.core.security import issue_token
|
|
|
|
|
from app.db.session import get_db
|
|
|
|
|
from app.models.client_access import ClientAccount
|
2026-04-25 20:43:37 +12:00
|
|
|
|
|
|
|
|
router = APIRouter(prefix="/api/auth", tags=["auth"])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
|
|
|
email: str
|
|
|
|
|
password: str
|
|
|
|
|
|
|
|
|
|
|
2026-04-25 22:51:36 +12:00
|
|
|
class SessionResponse(BaseModel):
|
2026-04-25 20:43:37 +12:00
|
|
|
name: str
|
|
|
|
|
email: str
|
|
|
|
|
role: str
|
2026-04-25 22:51:36 +12:00
|
|
|
tenant_id: str | None = None
|
|
|
|
|
token: str
|
2026-04-25 20:43:37 +12:00
|
|
|
|
|
|
|
|
|
2026-04-25 22:51:36 +12:00
|
|
|
def _build_session_response(*, name: str, email: str, role: str, tenant_id: str | None = None) -> SessionResponse:
|
|
|
|
|
token = issue_token({"name": name, "email": email, "role": role, "tenant_id": tenant_id})
|
|
|
|
|
return SessionResponse(name=name, email=email, role=role, tenant_id=tenant_id, token=token)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.post("/client/login", response_model=SessionResponse)
|
|
|
|
|
def client_login(payload: LoginRequest, db: Session = Depends(get_db)):
|
|
|
|
|
if payload.email.strip().lower() != settings.client_email.lower() or payload.password != settings.client_password:
|
|
|
|
|
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid client email or password")
|
|
|
|
|
|
|
|
|
|
client_account = db.scalar(select(ClientAccount).where(ClientAccount.tenant_id == settings.client_tenant_id))
|
|
|
|
|
if client_account is None:
|
|
|
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Client account is not configured")
|
|
|
|
|
|
|
|
|
|
return _build_session_response(
|
|
|
|
|
name=settings.client_name,
|
|
|
|
|
email=settings.client_email,
|
|
|
|
|
role="client",
|
|
|
|
|
tenant_id=client_account.tenant_id,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.post("/admin/login", response_model=SessionResponse)
|
|
|
|
|
def admin_login(payload: LoginRequest):
|
|
|
|
|
if payload.email.strip().lower() != settings.admin_email.lower() or payload.password != settings.admin_password:
|
|
|
|
|
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid admin email or password")
|
|
|
|
|
|
|
|
|
|
return _build_session_response(name=settings.admin_name, email=settings.admin_email, role="admin")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.get("/client/session", response_model=SessionResponse)
|
|
|
|
|
def read_client_session(session: AuthSession = Depends(require_client_session)):
|
|
|
|
|
return _build_session_response(name=session.name, email=session.email, role=session.role, tenant_id=session.tenant_id)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.get("/admin/session", response_model=SessionResponse)
|
|
|
|
|
def read_admin_session(session: AuthSession = Depends(require_admin_session)):
|
|
|
|
|
return _build_session_response(name=session.name, email=session.email, role=session.role)
|
