Spaces:
Sleeping
Sleeping
| """ | |
| Authentication helpers — session-cookie-based for FastAPI. | |
| Supports admin and provider login. Sessions stored in-memory keyed by token. | |
| """ | |
| import os | |
| import secrets | |
| import threading | |
| from core import data_manager | |
| def get_secret(key: str) -> str: | |
| return os.environ.get(key) | |
| # In-memory session store: token -> session dict | |
| _lock = threading.Lock() | |
| _sessions: dict[str, dict] = {} | |
| def check_credentials(username: str, password: str) -> bool: | |
| admin_user = get_secret("ADMIN_USERNAME") | |
| admin_pass = get_secret("ADMIN_PASSWORD") | |
| return bool(admin_user) and bool(admin_pass) and username == admin_user and password == admin_pass | |
| def check_provider_credentials(name: str, password: str) -> dict | None: | |
| provider = data_manager.get_provider_by_name(name) | |
| if provider and provider.get("password") == password: | |
| return provider | |
| return None | |
| def create_session(user_role: str, current_user: str, provider_id: str | None = None) -> str: | |
| token = secrets.token_urlsafe(32) | |
| with _lock: | |
| _sessions[token] = { | |
| "user_role": user_role, | |
| "current_user": current_user, | |
| "provider_id": provider_id, | |
| } | |
| return token | |
| def get_session(token: str | None) -> dict | None: | |
| if not token: | |
| return None | |
| with _lock: | |
| return _sessions.get(token) | |
| def destroy_session(token: str | None) -> None: | |
| if not token: | |
| return | |
| with _lock: | |
| _sessions.pop(token, None) | |