member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add authentik admin user sync endpoint

Browse Source
This commit is contained in:
Chris
2026-03-29 23:08:52 +08:00
parent 2b81fd01c3
commit c84d7286a1
10 changed files with 154 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/api/internal.py
View File

@@ -5,8 +5,10 @@ from app.core.config import get_settings
from app.db.session import get_db
from app.repositories.permissions_repo import PermissionsRepository
from app.repositories.users_repo import UsersRepository
from app.schemas.authentik_admin import AuthentikEnsureUserRequest, AuthentikEnsureUserResponse
from app.schemas.permissions import PermissionSnapshotResponse
from app.schemas.users import UserUpsertBySubRequest
from app.services.authentik_admin_service import AuthentikAdminService
from app.services.permission_service import PermissionService
router = APIRouter(prefix="/internal", tags=["internal"])
@@ -36,6 +38,7 @@ def upsert_user_by_sub(
return {
"id": user.id,
"sub": user.authentik_sub,
"authentik_user_id": user.authentik_user_id,
"email": user.email,
"display_name": user.display_name,
"is_active": user.is_active,
@@ -58,3 +61,29 @@ def get_permission_snapshot(
permissions = perms_repo.list_by_user_id(user.id)
tuples = [(p.scope_type, p.scope_id, p.module, p.action) for p in permissions]
return PermissionService.build_snapshot(authentik_sub=authentik_sub, permissions=tuples)
@router.post("/authentik/users/ensure", response_model=AuthentikEnsureUserResponse)
def ensure_authentik_user(
payload: AuthentikEnsureUserRequest,
_: None = Depends(verify_internal_secret),
db: Session = Depends(get_db),
) -> AuthentikEnsureUserResponse:
settings = get_settings()
authentik_service = AuthentikAdminService(settings=settings)
sync_result = authentik_service.ensure_user(
sub=payload.sub,
email=payload.email,
display_name=payload.display_name,
is_active=payload.is_active,
)
users_repo = UsersRepository(db)
users_repo.upsert_by_sub(
authentik_sub=payload.sub,
email=payload.email,
display_name=payload.display_name,
is_active=payload.is_active,
authentik_user_id=sync_result.user_id,
)
return AuthentikEnsureUserResponse(authentik_user_id=sync_result.user_id, action=sync_result.action)