patristic-be / src /lib /auth /models.py
Mario33333's picture
deploy: reader-access security hardening (feature/audiobook@06a5ed8)
7c2d250 verified
Raw
History Blame Contribute Delete
856 Bytes
"""Auth domain models. Tiny on purpose — auth is a 3-account system."""
from __future__ import annotations
from dataclasses import dataclass
@dataclass(frozen=True)
class User:
"""A logged-in identity.
``password`` holds the *stored* credential as configured — either a
PBKDF2 hash (``pbkdf2_sha256$…``) or, for back-compat, legacy plaintext.
Verification goes through :func:`src.lib.auth.passwords.verify_password`,
which handles both forms in constant time; nothing here assumes plaintext.
"""
username: str
password: str
role: str # "admin" | "viewer" | "reader"
display_name: str | None = None
@property
def is_admin(self) -> bool:
return self.role == "admin"
@property
def label(self) -> str:
return self.display_name or self.username