ligbox/ligbox-ops-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ligbox-ops-platform/projects/ops-desk/api/app/purge_auth_routes.py
Ligbox Spec Hub a39618afb8 Add purge authorization codes for protected domains (myvexx.com). 
Root generates single-use codes in Infra with root password; Serviços purge requires code plus root password for PURGE_EXTRA_AUTH_DOMAINS.
2026-06-19 22:20:04 +00:00

75 lines
2.2 KiB
Python
Raw Blame History

"""Rotas Infra — códigos autorização purge (root / super_admin)."""
from __future__ import annotations
from fastapi import APIRouter, Depends, HTTPException, Query
from pydantic import BaseModel, Field
from app import auth, purge_auth_codes, vm112_domains
from app.permissions import can_manage_users
router = APIRouter(prefix="/api/v1/infra", tags=["infra-purge-auth"])
class PurgeAuthCodeCreate(BaseModel):
domain: str = Field(..., min_length=3)
root_password: str = Field(..., min_length=1)
note: str = Field("", max_length=500)
ttl_hours: int = Field(24, ge=1, le=168)
def _require_root_admin(user: auth.DeskUser = Depends(auth.get_current_user)) -> auth.DeskUser:
if not can_manage_users(user.role):
raise HTTPException(403, "Apenas super_admin (root) pode gerar códigos de purge")
return user
@router.get("/purge-auth-codes")
def list_purge_auth_codes(
active_only: bool = Query(True),
limit: int = Query(50, ge=1, le=200),
user: auth.DeskUser = Depends(_require_root_admin),
):
conn = auth.db()
try:
purge_auth_codes.init_purge_auth_schema(conn)
codes = purge_auth_codes.list_codes(conn, active_only=active_only, limit=limit)
return {
"codes": codes,
"extra_auth_domains": sorted(vm112_domains.PURGE_EXTRA_AUTH_DOMAINS),
}
finally:
conn.close()
@router.get("/purge-auth-domains")
def list_purge_auth_domains(
user: auth.DeskUser = Depends(auth.get_current_user),
):
return {
"domains": sorted(vm112_domains.PURGE_EXTRA_AUTH_DOMAINS),
"can_generate": can_manage_users(user.role),
}
@router.post("/purge-auth-codes")
def create_purge_auth_code(
body: PurgeAuthCodeCreate,
user: auth.DeskUser = Depends(_require_root_admin),
):
conn = auth.db()
try:
purge_auth_codes.init_purge_auth_schema(conn)
result = purge_auth_codes.create_code(
conn,
body.domain,
body.root_password,
user.username,
body.note,
ttl_hours=body.ttl_hours,
)
return result
except ValueError as exc:
raise HTTPException(400, str(exc)) from exc
finally:
conn.close()
Reference in a new issue View git blame Copy permalink