vitor
/
orquestrador
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
feat/self-evolving-tools-foundation
main
chore/observability-latency-markers
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a40e3df6ff'
${ noResults }
orquestrador/admin_app/api/routes/auth.py

109 lines
3.6 KiB
Python
Raw Blame History

from fastapi import APIRouter, Depends, HTTPException, Request, status
from admin_app.api.dependencies import (
get_auth_service,
get_current_staff_context,
get_current_staff_principal,
)
from admin_app.api.schemas import (
AdminAuthenticatedStaffResponse,
AdminLoginRequest,
AdminLogoutResponse,
AdminRefreshTokenRequest,
AdminSessionResponse,
)
from admin_app.core import AuthenticatedStaffContext, AuthenticatedStaffPrincipal
from admin_app.services import AuthService
router = APIRouter(prefix="/auth", tags=["auth"])
def _extract_request_metadata(request: Request) -> tuple[str | None, str | None]:
ip_address = request.client.host if request.client else None
user_agent = request.headers.get("user-agent")
return ip_address, user_agent
@router.post("/login", response_model=AdminSessionResponse)
def login(
payload: AdminLoginRequest,
request: Request,
auth_service: AuthService = Depends(get_auth_service),
):
ip_address, user_agent = _extract_request_metadata(request)
session = auth_service.login(
email=payload.email,
password=payload.password,
ip_address=ip_address,
user_agent=user_agent,
)
if session is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Credenciais administrativas invalidas.",
)
return AdminSessionResponse(
session_id=session.session_id,
access_token=session.access_token,
refresh_token=session.refresh_token,
token_type=session.token_type,
expires_in_seconds=session.expires_in_seconds,
staff_account=AdminAuthenticatedStaffResponse(**session.principal.model_dump()),
)
@router.post("/refresh", response_model=AdminSessionResponse)
def refresh(
payload: AdminRefreshTokenRequest,
request: Request,
auth_service: AuthService = Depends(get_auth_service),
):
ip_address, user_agent = _extract_request_metadata(request)
session = auth_service.refresh_session(
refresh_token=payload.refresh_token,
ip_address=ip_address,
user_agent=user_agent,
)
if session is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Refresh token administrativo invalido.",
)
return AdminSessionResponse(
session_id=session.session_id,
access_token=session.access_token,
refresh_token=session.refresh_token,
token_type=session.token_type,
expires_in_seconds=session.expires_in_seconds,
staff_account=AdminAuthenticatedStaffResponse(**session.principal.model_dump()),
)
@router.post("/logout", response_model=AdminLogoutResponse)
def logout(
request: Request,
current_context: AuthenticatedStaffContext = Depends(get_current_staff_context),
auth_service: AuthService = Depends(get_auth_service),
):
ip_address, user_agent = _extract_request_metadata(request)
auth_service.logout(
current_context.session_id,
actor_staff_account_id=current_context.principal.id,
ip_address=ip_address,
user_agent=user_agent,
)
return AdminLogoutResponse(
service="orquestrador-admin",
status="ok",
message="Sessao administrativa encerrada.",
session_id=current_context.session_id,
)
@router.get("/me", response_model=AdminAuthenticatedStaffResponse)
def current_staff(
current_staff_account: AuthenticatedStaffPrincipal = Depends(get_current_staff_principal),
):
return AdminAuthenticatedStaffResponse(**current_staff_account.model_dump())
Reference in New Issue View Git Blame Copy Permalink