Davide Scaini
ddd15cae0f
Steps 3–7 of the migration plan: - models.py: Pydantic request/response types - deps.py: shared state, JWT-based auth helpers, rate limiting - server.py: FastAPI app with CORS + gzip - routers/auth.py: login, logout, /api/me, reset-password, register - routers/invites.py: GET/POST /api/invites - routers/admin.py: user listing, suspend/unsuspend, delete, access flags, reset-password-code - cli.py: `bincio-auth init` (creates DB + admin + JWT secret) and `bincio-auth serve` Cookie carries a signed JWT (HS256); consumers validate locally with shared secret.
40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
"""Invite management endpoints."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from fastapi import APIRouter, Cookie, HTTPException
|
|
from fastapi.responses import JSONResponse
|
|
|
|
from bincio.auth import deps
|
|
from bincio.auth.db import create_invite, list_invites
|
|
from bincio.auth.models import CreateInviteRequest
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get("/api/invites")
|
|
async def get_invites(bincio_session: str | None = Cookie(default=None)) -> JSONResponse:
|
|
user = deps._require_user(bincio_session)
|
|
invites = list_invites(deps._get_db(), user.handle)
|
|
return JSONResponse([{
|
|
"code": i.code,
|
|
"used": i.used,
|
|
"used_by": i.used_by,
|
|
"created_at": i.created_at,
|
|
"used_at": i.used_at,
|
|
"grants_activity": i.grants_activity,
|
|
} for i in invites])
|
|
|
|
|
|
@router.post("/api/invites")
|
|
async def post_invite(
|
|
body: CreateInviteRequest = CreateInviteRequest(), # noqa: B008
|
|
bincio_session: str | None = Cookie(default=None),
|
|
) -> JSONResponse:
|
|
user = deps._require_user(bincio_session)
|
|
try:
|
|
code = create_invite(deps._get_db(), user.handle, grants_activity=body.grants_activity)
|
|
except ValueError as e:
|
|
raise HTTPException(400, str(e)) from e
|
|
return JSONResponse({"ok": True, "code": code, "grants_activity": body.grants_activity})
|