Complete admin package restructuring

2025-05-10 08:28:15 +02:00
parent 4f970a3f71
commit 0a427b6a91
80 changed files with 1282 additions and 843 deletions
--- a/packages/sshecret-admin/src/sshecret_admin/api/router.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/router.py
@ -0,0 +1,78 @@
+"""Main API Router."""
+
+# pyright: reportUnusedFunction=false
+
+import logging
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+
+from sqlmodel import Session, select
+
+from sshecret_admin.services.admin_backend import AdminBackend
+from sshecret_admin.core.dependencies import BaseDependencies, AdminDependencies
+from sshecret_admin.auth import PasswordDB, User, decode_token
+
+from .endpoints import auth, clients, secrets
+
+LOG = logging.getLogger(__name__)
+
+API_VERSION = "v1"
+
+
+def create_router(dependencies: BaseDependencies) -> APIRouter:
+    """Create clients router."""
+
+    oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+
+    async def get_current_user(
+        token: Annotated[str, Depends(oauth2_scheme)],
+        session: Annotated[Session, Depends(dependencies.get_db_session)],
+    ) -> User:
+        """Get current user from token."""
+        credentials_exception = HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+        token_data = decode_token(dependencies.settings, token)
+        if not token_data:
+            raise credentials_exception
+
+        user = session.exec(
+            select(User).where(User.username == token_data.username)
+        ).first()
+        if not user:
+            raise credentials_exception
+        return user
+
+    async def get_current_active_user(
+        current_user: Annotated[User, Depends(get_current_user)],
+    ) -> User:
+        """Get current active user."""
+        if current_user.disabled:
+            raise HTTPException(status_code=400, detail="Inactive or disabled user")
+        return current_user
+
+    async def get_admin_backend(session: Annotated[Session, Depends(dependencies.get_db_session)]):
+        """Get admin backend API."""
+        password_db = session.exec(select(PasswordDB).where(PasswordDB.id == 1)).first()
+        if not password_db:
+            raise HTTPException(
+                500, detail="Error: The password manager has not yet been set up."
+            )
+        admin = AdminBackend(dependencies.settings, password_db.encrypted_password)
+        yield admin
+
+    app = APIRouter(
+        prefix=f"/api/{API_VERSION}", dependencies=[Depends(get_current_active_user)]
+    )
+
+    endpoint_deps = AdminDependencies.create(dependencies, get_admin_backend)
+
+    app.include_router(auth.create_router(endpoint_deps))
+    app.include_router(clients.create_router(endpoint_deps))
+    app.include_router(secrets.create_router(endpoint_deps))
+
+    return app