revamped authentication system
This commit is contained in:
@@ -28,7 +28,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
|
||||
from fastapi.templating import Jinja2Templates
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_admin_user, get_db
|
||||
from app.api.deps import get_current_admin_from_cookie_or_header, get_db
|
||||
from models.database.user import User
|
||||
|
||||
router = APIRouter()
|
||||
@@ -70,7 +70,7 @@ async def admin_login_page(request: Request):
|
||||
@router.get("/dashboard", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_dashboard_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -93,7 +93,7 @@ async def admin_dashboard_page(
|
||||
@router.get("/vendors", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_vendors_list_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -112,7 +112,7 @@ async def admin_vendors_list_page(
|
||||
@router.get("/vendors/create", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_vendor_create_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -131,7 +131,7 @@ async def admin_vendor_create_page(
|
||||
async def admin_vendor_detail_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -152,7 +152,7 @@ async def admin_vendor_detail_page(
|
||||
async def admin_vendor_edit_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -176,7 +176,7 @@ async def admin_vendor_edit_page(
|
||||
async def admin_vendor_domains_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -201,7 +201,7 @@ async def admin_vendor_domains_page(
|
||||
async def admin_vendor_theme_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -225,7 +225,7 @@ async def admin_vendor_theme_page(
|
||||
@router.get("/users", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_users_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -248,7 +248,7 @@ async def admin_users_page(
|
||||
@router.get("/imports", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_imports_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -271,7 +271,7 @@ async def admin_imports_page(
|
||||
@router.get("/settings", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_settings_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -294,7 +294,7 @@ async def admin_settings_page(
|
||||
@router.get("/components", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_components_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -313,7 +313,7 @@ async def admin_components_page(
|
||||
@router.get("/icons", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_icons_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -332,7 +332,7 @@ async def admin_icons_page(
|
||||
@router.get("/testing", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_testing_hub(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -351,7 +351,7 @@ async def admin_testing_hub(
|
||||
@router.get("/test/auth-flow", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_test_auth_flow(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -370,7 +370,7 @@ async def admin_test_auth_flow(
|
||||
@router.get("/test/vendors-users-migration", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def admin_test_vendors_users_migration(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_admin_user),
|
||||
current_user: User = Depends(get_current_admin_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
|
||||
@@ -5,6 +5,14 @@ Shop/Customer HTML page routes using Jinja2 templates.
|
||||
These routes serve the public-facing shop interface for customers.
|
||||
Authentication required only for account pages.
|
||||
|
||||
AUTHENTICATION:
|
||||
- Public pages (catalog, products): No auth required
|
||||
- Account pages (dashboard, orders): Requires customer authentication
|
||||
- Customer authentication accepts:
|
||||
* customer_token cookie (path=/shop) - for page navigation
|
||||
* Authorization header - for API calls
|
||||
- Customers CANNOT access admin or vendor routes
|
||||
|
||||
Routes:
|
||||
- GET /shop/ → Shop homepage / product catalog
|
||||
- GET /shop/products → Product catalog
|
||||
@@ -26,7 +34,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
|
||||
from fastapi.templating import Jinja2Templates
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_customer_user, get_db
|
||||
from app.api.deps import get_current_customer_from_cookie_or_header, get_db
|
||||
from models.database.user import User
|
||||
|
||||
router = APIRouter()
|
||||
@@ -191,7 +199,7 @@ async def shop_account_root():
|
||||
@router.get("/shop/account/dashboard", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_account_dashboard_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -211,7 +219,7 @@ async def shop_account_dashboard_page(
|
||||
@router.get("/shop/account/orders", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_orders_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -232,7 +240,7 @@ async def shop_orders_page(
|
||||
async def shop_order_detail_page(
|
||||
request: Request,
|
||||
order_id: int = Path(..., description="Order ID"),
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -253,7 +261,7 @@ async def shop_order_detail_page(
|
||||
@router.get("/shop/account/profile", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_profile_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -273,7 +281,7 @@ async def shop_profile_page(
|
||||
@router.get("/shop/account/addresses", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_addresses_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -293,7 +301,7 @@ async def shop_addresses_page(
|
||||
@router.get("/shop/account/wishlist", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_wishlist_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
@@ -313,7 +321,7 @@ async def shop_wishlist_page(
|
||||
@router.get("/shop/account/settings", response_class=HTMLResponse, include_in_schema=False)
|
||||
async def shop_settings_page(
|
||||
request: Request,
|
||||
current_user: User = Depends(get_current_customer_user),
|
||||
current_user: User = Depends(get_current_customer_from_cookie_or_header),
|
||||
db: Session = Depends(get_db)
|
||||
):
|
||||
"""
|
||||
|
||||
@@ -25,7 +25,7 @@ from fastapi import APIRouter, Request, Depends, Path
|
||||
from fastapi.responses import HTMLResponse, RedirectResponse
|
||||
from fastapi.templating import Jinja2Templates
|
||||
|
||||
from app.api.deps import get_current_vendor_user
|
||||
from app.api.deps import get_current_vendor_from_cookie_or_header
|
||||
from models.database.user import User
|
||||
|
||||
router = APIRouter()
|
||||
@@ -85,7 +85,7 @@ async def vendor_login_page(
|
||||
async def vendor_dashboard_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render vendor dashboard.
|
||||
@@ -114,7 +114,7 @@ async def vendor_dashboard_page(
|
||||
async def vendor_products_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render products management page.
|
||||
@@ -138,7 +138,7 @@ async def vendor_products_page(
|
||||
async def vendor_orders_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render orders management page.
|
||||
@@ -162,7 +162,7 @@ async def vendor_orders_page(
|
||||
async def vendor_customers_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render customers management page.
|
||||
@@ -186,7 +186,7 @@ async def vendor_customers_page(
|
||||
async def vendor_inventory_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render inventory management page.
|
||||
@@ -210,7 +210,7 @@ async def vendor_inventory_page(
|
||||
async def vendor_marketplace_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render marketplace import page.
|
||||
@@ -234,7 +234,7 @@ async def vendor_marketplace_page(
|
||||
async def vendor_team_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render team management page.
|
||||
@@ -258,7 +258,7 @@ async def vendor_team_page(
|
||||
async def vendor_settings_page(
|
||||
request: Request,
|
||||
vendor_code: str = Path(..., description="Vendor code"),
|
||||
current_user: User = Depends(get_current_vendor_user)
|
||||
current_user: User = Depends(get_current_vendor_from_cookie_or_header)
|
||||
):
|
||||
"""
|
||||
Render vendor settings page.
|
||||
|
||||
Reference in New Issue
Block a user