brut/bincio-activity
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity

fix: add local _require_admin guard to proxied endpoints; update test to expect 503 without bincio-auth
CI / Python tests (push) Waiting to run
Details
CI / Frontend build (push) Waiting to run
Details

Browse Source
This commit is contained in:
Davide Scaini
2026-06-03 22:07:41 +02:00
parent 3624fd051f
commit f167c6eed7
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bincio/serve/routers/admin.py
+4
View File
@@ -165,6 +165,7 @@ async def admin_reset_password_code(
bincio_session: str | None = Cookie(default=None),
) -> JSONResponse:
"""Generate a one-time password reset code for a user. Proxied to bincio-auth."""
deps._require_admin(bincio_session)
return await _auth_proxy("POST", f"/api/admin/users/{handle}/reset-password-code", bincio_session)
@@ -174,6 +175,7 @@ async def admin_suspend(
bincio_session: str | None = Cookie(default=None),
) -> JSONResponse:
"""Suspend a user account. Proxied to bincio-auth."""
deps._require_admin(bincio_session)
return await _auth_proxy("POST", f"/api/admin/users/{handle}/suspend", bincio_session)
@@ -183,6 +185,7 @@ async def admin_unsuspend(
bincio_session: str | None = Cookie(default=None),
) -> JSONResponse:
"""Re-enable a suspended user account. Proxied to bincio-auth."""
deps._require_admin(bincio_session)
return await _auth_proxy("POST", f"/api/admin/users/{handle}/unsuspend", bincio_session)
@@ -192,6 +195,7 @@ async def admin_delete_account(
bincio_session: str | None = Cookie(default=None),
) -> JSONResponse:
"""Delete a user account. Proxied to bincio-auth."""
deps._require_admin(bincio_session)
return await _auth_proxy("DELETE", f"/api/admin/users/{handle}/account", bincio_session)