Implement authentication system with access control UI

2026-01-12 10:52:35 -06:00
parent 1cbd335443
commit 617bcbe89c
39 changed files with 8561 additions and 116 deletions
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -1,14 +1,19 @@
-from fastapi import FastAPI
+from fastapi import FastAPI, Request
 from fastapi.staticfiles import StaticFiles
 from fastapi.responses import FileResponse
 from contextlib import asynccontextmanager
 import logging
 import os

+from slowapi import _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+
 from .config import get_settings
 from .database import init_db, SessionLocal
 from .routes import router
 from .seed import seed_database
+from .auth import create_default_admin
+from .rate_limit import limiter

 settings = get_settings()
 logging.basicConfig(level=logging.INFO)
@@ -20,6 +25,18 @@ async def lifespan(app: FastAPI):
    # Startup: initialize database
    init_db()

+    # Create default admin user if no users exist
+    db = SessionLocal()
+    try:
+        admin = create_default_admin(db)
+        if admin:
+            logger.warning(
+                "Default admin user created with username 'admin' and password 'changeme123'. "
+                "CHANGE THIS PASSWORD IMMEDIATELY!"
+            )
+    finally:
+        db.close()
+
    # Seed test data in development mode
    if settings.is_development:
        logger.info(f"Running in {settings.env} mode - checking for seed data")
@@ -42,13 +59,21 @@ app = FastAPI(
    lifespan=lifespan,
 )

+# Set up rate limiting
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+
 # Include API routes
 app.include_router(router)

 # Serve static files (React build) if the directory exists
 static_dir = os.path.join(os.path.dirname(__file__), "..", "..", "frontend", "dist")
 if os.path.exists(static_dir):
-    app.mount("/assets", StaticFiles(directory=os.path.join(static_dir, "assets")), name="assets")
+    app.mount(
+        "/assets",
+        StaticFiles(directory=os.path.join(static_dir, "assets")),
+        name="assets",
+    )

    @app.get("/")
    async def serve_spa():
@@ -60,6 +85,7 @@ if os.path.exists(static_dir):
        # Don't catch API routes or health endpoint
        if full_path.startswith("api/") or full_path.startswith("health"):
            from fastapi import HTTPException
+
            raise HTTPException(status_code=404, detail="Not found")

        # Serve SPA for all other routes (including /project/*)
@@ -68,4 +94,5 @@ if os.path.exists(static_dir):
            return FileResponse(index_path)

        from fastapi import HTTPException
+
        raise HTTPException(status_code=404, detail="Not found")