member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): enforce admin allowlist guard on admin APIs and attach bearer for admin client

Browse Source
This commit is contained in:
Chris
2026-03-30 21:25:57 +08:00
parent 0cd863f9c2
commit 0e17997e66
8 changed files with 65 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/admin.py
View File

@@ -18,8 +18,13 @@ from app.schemas.permissions import (
PermissionRevokeRequest,
)
from app.security.api_client_auth import require_api_client
from app.security.admin_guard import require_admin_principal
router = APIRouter(prefix="/admin", tags=["admin"])
router = APIRouter(
prefix="/admin",
tags=["admin"],
dependencies=[Depends(require_admin_principal)],
)
def _resolve_module_id(db: Session, system_key: str, module_key: str | None) -> str:

7
app/api/admin_catalog.py
View File

@@ -40,9 +40,14 @@ from app.schemas.catalog import (
)
from app.schemas.permissions import PermissionGrantRequest, PermissionRevokeRequest
from app.security.api_client_auth import require_api_client
from app.security.admin_guard import require_admin_principal
from app.services.authentik_admin_service import AuthentikAdminService
router = APIRouter(prefix="/admin", tags=["admin"])
router = APIRouter(
prefix="/admin",
tags=["admin"],
dependencies=[Depends(require_admin_principal)],
)
def _resolve_module_id(db: Session, system_key: str, module_key: str | None) -> str: