52 lines
1.6 KiB
Python
52 lines
1.6 KiB
Python
from fastapi import APIRouter, HTTPException, status, Form
|
|
from datetime import timedelta
|
|
from app.core.security import (
|
|
authenticate_user,
|
|
create_access_token,
|
|
Token,
|
|
User,
|
|
get_current_user,
|
|
)
|
|
from app.core.config import settings
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.post("/login", response_model=Token)
|
|
async def login(username: str = Form(...), password: str = Form(...)):
|
|
"""
|
|
Endpoint d'authentification PAM
|
|
Authentifie l'utilisateur contre le système Debian via PAM
|
|
"""
|
|
user = authenticate_user(username, password)
|
|
if not user:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Identifiants incorrects",
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
)
|
|
|
|
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
access_token = create_access_token(
|
|
username=user.username, expires_delta=access_token_expires
|
|
)
|
|
|
|
return {
|
|
"access_token": access_token,
|
|
"token_type": "bearer",
|
|
"username": user.username,
|
|
}
|
|
|
|
|
|
@router.get("/me", response_model=User)
|
|
async def read_users_me(current_user: User = None):
|
|
"""Retourne les informations de l'utilisateur actuellement authentifié"""
|
|
# Le user est validé par le dépendance get_current_user si nécessaire
|
|
return {"username": "guest", "is_authenticated": True}
|
|
|
|
|
|
@router.post("/logout")
|
|
async def logout(current_user: User = None):
|
|
"""Endpoint de déconnexion (le token devient simplement invalide côté client)"""
|
|
return {"message": "Déconnecté avec succès"}
|