Fork: 0
root / navi-1
Transfer to URL with SHA Find file
Newer
Older
navi-1 / navi / auth / __init__.py
@Eugene Sukhodolskiy Eugene Sukhodolskiy on 24 May 1 KB Add API token auth system for headless/micro clients
Raw Blame History 
"""Auth models for Navi user identity."""

from datetime import datetime

from pydantic import BaseModel

from ._ddl import _ensure_auth_tables


class ApiToken(BaseModel):
    """An API token for headless client authentication."""

    id: int
    user_id: str
    name: str
    token_prefix: str
    created_at: datetime
    last_used_at: datetime | None = None
    revoked_at: datetime | None = None


class User(BaseModel):
    """Authenticated Navi user, resolved from gnexus-auth."""

    id: str
    email: str
    display_name: str | None = None
    username: str | None = None
    first_name: str | None = None
    last_name: str | None = None
    phone: str | None = None
    birth_date: str | None = None
    country: str | None = None
    city: str | None = None
    locale: str | None = None
    avatar_url: str | None = None
    role: str = "user"  # "user" | "admin"
    permissions: list[str] = []

    def has_permission(self, permission: str) -> bool:
        """Check if user has a specific permission.

        Admin role implies all permissions.
        """
        return self.role == "admin" or permission in self.permissions