Secure all endpoints behind auth

2026-05-15 22:19:41 +02:00
parent cbc2526c14
commit e44d87f7be
5 changed files with 32 additions and 19 deletions
--- a/app/services/auth.py
+++ b/app/services/auth.py
@@ -70,6 +70,16 @@ def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
            raise credentials_exception
        return user

+def auth_is_admin(token: str = Depends(oauth2_scheme)):
+    user = get_current_user(token=token)
+    if not user.is_admin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not authorized to perform this action",
+            headers={"WWW-Authenticate": "Bearer"}
+        )
+    return True
+
 def create_first_user():
    print("Checking for admin user")
    with Session(engine) as db: