""" Authentication helpers — session-cookie-based for FastAPI. Supports admin and provider login. Sessions stored in-memory keyed by token. """ import os import secrets import threading from core import data_manager def get_secret(key: str) -> str: return os.environ.get(key) # In-memory session store: token -> session dict _lock = threading.Lock() _sessions: dict[str, dict] = {} def check_credentials(username: str, password: str) -> bool: admin_user = get_secret("ADMIN_USERNAME") admin_pass = get_secret("ADMIN_PASSWORD") return bool(admin_user) and bool(admin_pass) and username == admin_user and password == admin_pass def check_provider_credentials(name: str, password: str) -> dict | None: provider = data_manager.get_provider_by_name(name) if provider and provider.get("password") == password: return provider return None def create_session(user_role: str, current_user: str, provider_id: str | None = None) -> str: token = secrets.token_urlsafe(32) with _lock: _sessions[token] = { "user_role": user_role, "current_user": current_user, "provider_id": provider_id, } return token def get_session(token: str | None) -> dict | None: if not token: return None with _lock: return _sessions.get(token) def destroy_session(token: str | None) -> None: if not token: return with _lock: _sessions.pop(token, None)