member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

Browse Source
This commit is contained in:
Chris
2026-04-01 02:01:41 +08:00
parent 34fc865b30
commit 0bc667847d
21 changed files with 368 additions and 681 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/api/internal.py
View File

@@ -6,11 +6,11 @@ from app.db.session import get_db
from app.repositories.permissions_repo import PermissionsRepository
from app.schemas.internal import InternalUpsertUserBySubResponse
from app.repositories.users_repo import UsersRepository
from app.schemas.authentik_admin import AuthentikEnsureUserRequest, AuthentikEnsureUserResponse
from app.schemas.idp_admin import KeycloakEnsureUserRequest, KeycloakEnsureUserResponse
from app.schemas.permissions import PermissionSnapshotResponse
from app.schemas.users import UserUpsertBySubRequest
from app.security.api_client_auth import require_api_client
from app.services.authentik_admin_service import AuthentikAdminService
from app.services.idp_admin_service import KeycloakAdminService
from app.services.permission_service import PermissionService
router = APIRouter(prefix="/internal", tags=["internal"], dependencies=[Depends(require_api_client)])
@@ -56,16 +56,15 @@ def get_permission_snapshot(
return PermissionService.build_snapshot(user_sub=user_sub, permissions=permissions)
@router.post("/authentik/users/ensure", response_model=AuthentikEnsureUserResponse)
@router.post("/idp/users/ensure", response_model=AuthentikEnsureUserResponse)
@router.post("/keycloak/users/ensure", response_model=AuthentikEnsureUserResponse)
def ensure_authentik_user(
payload: AuthentikEnsureUserRequest,
@router.post("/idp/users/ensure", response_model=KeycloakEnsureUserResponse)
@router.post("/keycloak/users/ensure", response_model=KeycloakEnsureUserResponse)
def ensure_idp_user(
payload: KeycloakEnsureUserRequest,
db: Session = Depends(get_db),
) -> AuthentikEnsureUserResponse:
) -> KeycloakEnsureUserResponse:
settings = get_settings()
authentik_service = AuthentikAdminService(settings=settings)
sync_result = authentik_service.ensure_user(
idp_service = KeycloakAdminService(settings=settings)
sync_result = idp_service.ensure_user(
sub=payload.user_sub,
email=payload.email,
username=payload.username,
@@ -78,7 +77,7 @@ def ensure_authentik_user(
if sync_result.user_sub:
resolved_sub = sync_result.user_sub
if not resolved_sub:
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail="authentik_missing_sub")
raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail="idp_missing_sub")
users_repo.upsert_by_sub(
user_sub=resolved_sub,
username=payload.username,
@@ -87,4 +86,4 @@ def ensure_authentik_user(
is_active=payload.is_active,
idp_user_id=sync_result.user_id,
)
return AuthentikEnsureUserResponse(idp_user_id=sync_result.user_id, action=sync_result.action)
return KeycloakEnsureUserResponse(idp_user_id=sync_result.user_id, action=sync_result.action)