Initial project commit

server/app/admin/auth.py

@@ -0,0 +1,54 @@
+from sqladmin.authentication import AuthenticationBackend
+from sqlalchemy import select
+from starlette.requests import Request
+
+from app.core.security import verify_password
+from app.db.session import sync_engine
+from app.models.user import User
+
+from sqlalchemy.orm import Session
+
+
+class AdminAuthBackend(AuthenticationBackend):
+    async def login(self, request: Request) -> bool:
+        form = await request.form()
+        username = form.get("username", "")
+        password = form.get("password", "")
+
+        with Session(sync_engine) as session:
+            result = session.execute(
+                select(User).where(
+                    (User.phone == username) | (User.email == username)
+                )
+            )
+            user = result.scalar_one_or_none()
+
+        if not user:
+            return False
+
+        if user.role not in ("admin", "moderator"):
+            return False
+
+        if not verify_password(str(password), user.password_hash):
+            return False
+
+        request.session.update({"admin_user_id": user.id})
+        return True
+
+    async def logout(self, request: Request) -> bool:
+        request.session.clear()
+        return True
+
+    async def authenticate(self, request: Request) -> bool:
+        user_id = request.session.get("admin_user_id")
+        if not user_id:
+            return False
+
+        with Session(sync_engine) as session:
+            result = session.execute(select(User).where(User.id == user_id))
+            user = result.scalar_one_or_none()
+
+        if not user or user.role not in ("admin", "moderator"):
+            return False
+
+        return True