починка админки

2025-08-14 00:25:46 +02:00 · 2025-01-03 23:50:58 +06:00
parent c90ca5394a
commit 30d203fa7c
1 changed files with 27 additions and 10 deletions
--- a/backend/app/utils/auth.py
+++ b/backend/app/utils/auth.py
@@ -2,8 +2,12 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from passlib.context import CryptContext
+from sqlalchemy.orm import Session
 import re

+from .jwt import verify_token
+from ..database import get_db
+
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 security = HTTPBearer(auto_error=False)

@@ -15,7 +19,10 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
    """Verify password"""
    return pwd_context.verify(plain_password, hashed_password)

-def get_current_admin(credentials: HTTPAuthorizationCredentials = Depends(security)) -> dict:
+def get_current_admin(
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db)
+) -> dict:
    """Get current admin from token"""
    if not credentials:
        raise HTTPException(
@@ -26,21 +33,29 @@ def get_current_admin(credentials: HTTPAuthorizationCredentials = Depends(securi
    
    try:
        token = credentials.credentials
-        if token != "admin_token":
+        payload = verify_token(token, db)
+        employee_id = int(payload.get("sub"))
+        
+        # Проверяем, что это админ (id = -1)
+        if employee_id != -1:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Invalid authentication credentials",
+                detail="Not an admin",
                headers={"WWW-Authenticate": "Bearer"},
            )
+            
        return {"is_admin": True}
-    except Exception:
+    except Exception as e:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authentication credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )

-def get_current_employee(credentials: HTTPAuthorizationCredentials = Depends(security)) -> dict:
+def get_current_employee(
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db)
+) -> dict:
    """Get current employee from token"""
    if not credentials:
        raise HTTPException(
@@ -51,15 +66,17 @@ def get_current_employee(credentials: HTTPAuthorizationCredentials = Depends(sec
    
    try:
        token = credentials.credentials
-        # Проверяем формат токена employee_token_{id}
-        match = re.match(r"employee_token_(\d+)", token)
-        if not match:
+        payload = verify_token(token, db)
+        employee_id = int(payload.get("sub"))
+        
+        # Проверяем, что это не админ
+        if employee_id == -1:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Invalid authentication credentials",
+                detail="Admin cannot access employee endpoints",
                headers={"WWW-Authenticate": "Bearer"},
            )
-        employee_id = int(match.group(1))
+            
        return {"id": employee_id}
    except Exception:
        raise HTTPException(