59 lines
1.7 KiB
Python
59 lines
1.7 KiB
Python
# app/api/v1/admin/auth.py
|
|
"""
|
|
Admin authentication endpoints.
|
|
|
|
This module provides:
|
|
- Admin user login
|
|
- Admin token validation
|
|
- Admin-specific authentication logic
|
|
"""
|
|
|
|
import logging
|
|
from fastapi import APIRouter, Depends
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.core.database import get_db
|
|
from app.services.auth_service import auth_service
|
|
from app.exceptions import InvalidCredentialsException
|
|
from models.schemas.auth import LoginResponse, UserLogin
|
|
|
|
router = APIRouter()
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
@router.post("/login", response_model=LoginResponse)
|
|
def admin_login(user_credentials: UserLogin, db: Session = Depends(get_db)):
|
|
"""
|
|
Admin login endpoint.
|
|
|
|
Only allows users with 'admin' role to login.
|
|
Returns JWT token for authenticated admin users.
|
|
"""
|
|
# Authenticate user
|
|
login_result = auth_service.login_user(db=db, user_credentials=user_credentials)
|
|
|
|
# Verify user is admin
|
|
if login_result["user"].role != "admin":
|
|
logger.warning(f"Non-admin user attempted admin login: {user_credentials.username}")
|
|
raise InvalidCredentialsException("Admin access required")
|
|
|
|
logger.info(f"Admin login successful: {login_result['user'].username}")
|
|
|
|
return LoginResponse(
|
|
access_token=login_result["token_data"]["access_token"],
|
|
token_type=login_result["token_data"]["token_type"],
|
|
expires_in=login_result["token_data"]["expires_in"],
|
|
user=login_result["user"],
|
|
)
|
|
|
|
|
|
@router.post("/logout")
|
|
def admin_logout():
|
|
"""
|
|
Admin logout endpoint.
|
|
|
|
Client should remove token from storage.
|
|
Server-side token invalidation can be implemented here if needed.
|
|
"""
|
|
return {"message": "Logged out successfully"}
|