Remnants/AdministrationItDepartmens
1
0
Fork 0
mirror of https://gitlab.com/MoonTestUse1/AdministrationItDepartmens.git synced 2025-08-14 00:25:46 +02:00
Code Activity

Fix: Admin autorization

Browse Source
This commit is contained in:
MoonTestUse1
2025-01-07 08:10:40 +06:00
parent eaafb9cf8f
commit a40bd9af73
4 changed files with 92 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
backend/app/routers/auth.py
View File

@@ -1,20 +1,57 @@
"""Authentication router"""
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session
from typing import Optional
from ..database import get_db
from ..crud import employees
from ..schemas.auth import Token, LoginCredentials
from ..utils.auth import verify_password
from ..schemas.token import Token
from ..utils.security import verify_password
from ..utils.jwt import create_and_save_token
from ..dependencies import get_db
router = APIRouter()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login")
ADMIN_LOGIN = "admin"
ADMIN_PASSWORD = "admin123"
@router.post("/admin/login", response_model=Token)
async def admin_login(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)
):
"""Авторизация администратора"""
# Проверяем фиксированные учетные данные администратора
if form_data.username != ADMIN_LOGIN or form_data.password != ADMIN_PASSWORD:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
# Получаем или создаем админа в базе
admin = employees.get_employee_by_login(db, ADMIN_LOGIN)
if not admin:
# Если админа нет в базе, создаем его
admin = employees.create_employee(db, {
"login": ADMIN_LOGIN,
"first_name": "Admin",
"last_name": "User",
"department": "IT",
"office": "Main",
"password": ADMIN_PASSWORD,
"is_admin": True
})
# Создаем и сохраняем токен
access_token = create_and_save_token(admin.id, db)
return {
"access_token": access_token,
"token_type": "bearer"
}
@router.post("/login", response_model=Token)
async def login_for_access_token(
async def login(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)
):
@@ -24,8 +61,8 @@ async def login_for_access_token(
first_name, last_name = form_data.username.split()
except ValueError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Username should be in format: 'First Last'",
status_code=status.HTTP_400_BAD_REQUEST,
detail="Username must be in format: 'First Last'",
headers={"WWW-Authenticate": "Bearer"},
)
@@ -46,36 +83,3 @@ async def login_for_access_token(
"token_type": "bearer"
}
@router.post("/admin/login", response_model=Token)
async def admin_login(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)
):
"""Авторизация администратора"""
# Разделяем username на имя и фамилию
try:
first_name, last_name = form_data.username.split()
except ValueError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Username should be in format: 'First Last'",
headers={"WWW-Authenticate": "Bearer"},
)
# Проверяем учетные данные администратора
employee = employees.get_employee_by_credentials(db, first_name, last_name)
if not employee or not employee.is_admin or not verify_password(form_data.password, employee.hashed_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
# Создаем и сохраняем токен
access_token = create_and_save_token(employee.id, db)
return {
"access_token": access_token,
"token_type": "bearer"
}