import secrets from fastapi import APIRouter, HTTPException from sqlalchemy import select, delete import database from models import settings, user, DeleteUser from .utils import Admin, hash_password router = APIRouter(prefix="/admin") @router.post("/user") async def create_user(auth: user.Auth, admin_token: Admin): if len(auth.username.strip()) == 0: raise HTTPException(400, "Username must not be empty") if len(auth.password.strip()) == 0: raise HTTPException(400, "Password must not be empty") if settings.DISABLE_ADMIN: raise HTTPException(403, "You are not admin") salt = secrets.token_hex(8) async with database.sessions.begin() as session: stmt = select(database.User).where( database.User.username == auth.username.strip() ) db_request = await session.execute(stmt) user = db_request.scalar_one_or_none() if user is not None: raise HTTPException(400, "User with this username already exists") new_user = database.User( username=auth.username.strip(), password=hash_password(auth.password.strip(), salt), salt=salt, ) session.add(new_user) @router.delete("/user") async def delete_user(user: DeleteUser, admin_token: Admin): async with database.sessions.begin() as session: stmt = delete(database.User).where( database.User.username == user.username.strip() ) await session.execute(stmt)