Jonathan
0803d86e38
First registered user becomes admin automatically. Admins see a "Manage Users" button in the dashboard header that opens a new /admin page for listing, creating, and deleting users. Backend enforces admin-only access on /admin/* routes. Startup migration adds the is_admin column to existing SQLite databases. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.5 KiB
Python
46 lines
1.5 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
from pydantic import BaseModel
|
|
|
|
from ..database import get_db
|
|
from .. import models
|
|
from ..auth import hash_password, verify_password, create_access_token
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
class UserCreate(BaseModel):
|
|
username: str
|
|
password: str
|
|
|
|
|
|
class Token(BaseModel):
|
|
access_token: str
|
|
token_type: str
|
|
is_admin: bool
|
|
|
|
|
|
@router.post("/register", status_code=status.HTTP_201_CREATED)
|
|
def register(user_in: UserCreate, db: Session = Depends(get_db)):
|
|
existing = db.query(models.User).filter(models.User.username == user_in.username).first()
|
|
if existing:
|
|
raise HTTPException(status_code=400, detail="Username already taken")
|
|
no_users_yet = db.query(models.User).first() is None
|
|
user = models.User(
|
|
username=user_in.username,
|
|
password=hash_password(user_in.password),
|
|
is_admin=no_users_yet,
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
return {"message": "User created"}
|
|
|
|
|
|
@router.post("/login", response_model=Token)
|
|
def login(user_in: UserCreate, db: Session = Depends(get_db)):
|
|
user = db.query(models.User).filter(models.User.username == user_in.username).first()
|
|
if not user or not verify_password(user_in.password, user.password):
|
|
raise HTTPException(status_code=401, detail="Invalid credentials")
|
|
token = create_access_token({"sub": user.username})
|
|
return {"access_token": token, "token_type": "bearer", "is_admin": user.is_admin}
|