Add initialize admin-account in migration

2025-11-29 16:27:34 +01:00
parent 6158f2ddff
commit 06e5322931
6 changed files with 135 additions and 5 deletions
--- a/app/auth_core.py
+++ b/app/auth_core.py
@@ -0,0 +1,28 @@
+from contextlib import closing
+import bcrypt
+
+from app.db import get_conn
+
+def verify_user(username: str, password: str):
+    """Prüft Username/Passwort gegen die users-Tabelle."""
+    with closing(get_conn()) as conn:
+        row = conn.execute(
+            "SELECT password_hash, role FROM users WHERE username = ?",
+            (username,),
+        ).fetchone()
+    if not row:
+        return False, None
+    stored_hash, role = row
+
+    # stored_hash ist BLOB -> bytes
+    ok = bcrypt.checkpw(password.encode("utf-8"), stored_hash)
+    return (ok, role) if ok else (False, None)
+
+def get_role_for_user(username: str) -> str | None:
+    """Liest nur die Rolle aus der DB (z.B. wenn du später OIDC nimmst)."""
+    with closing(get_conn()) as conn:
+        row = conn.execute(
+            "SELECT role FROM users WHERE username = ?",
+            (username,),
+        ).fetchone()
+    return row[0] if row else None