Initial YakPanel commit

2026-04-07 02:04:22 +05:30
commit 2826d3e7f3
5359 changed files with 1390724 additions and 0 deletions
--- a/YakPanel-server/backend/app/api/user.py
+++ b/YakPanel-server/backend/app/api/user.py
@@ -0,0 +1,109 @@
+"""YakPanel - User management API (admin only)"""
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
+from pydantic import BaseModel
+
+from app.core.database import get_db
+from app.core.security import get_password_hash
+from app.api.auth import get_current_user
+from app.models.user import User
+
+router = APIRouter(prefix="/user", tags=["user"])
+
+
+def require_superuser(current_user: User):
+    if not current_user.is_superuser:
+        raise HTTPException(status_code=403, detail="Admin access required")
+
+
+class CreateUserRequest(BaseModel):
+    username: str
+    password: str
+    email: str = ""
+
+
+@router.get("/list")
+async def user_list(
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """List all users (admin only)"""
+    require_superuser(current_user)
+    result = await db.execute(select(User).order_by(User.id))
+    rows = result.scalars().all()
+    return [
+        {
+            "id": r.id,
+            "username": r.username,
+            "email": r.email or "",
+            "is_active": r.is_active,
+            "is_superuser": r.is_superuser,
+        }
+        for r in rows
+    ]
+
+
+@router.post("/create")
+async def user_create(
+    body: CreateUserRequest,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """Create a new user (admin only)"""
+    require_superuser(current_user)
+    if not body.username or len(body.username) < 2:
+        raise HTTPException(status_code=400, detail="Username must be at least 2 characters")
+    if not body.password or len(body.password) < 6:
+        raise HTTPException(status_code=400, detail="Password must be at least 6 characters")
+    result = await db.execute(select(User).where(User.username == body.username))
+    if result.scalar_one_or_none():
+        raise HTTPException(status_code=400, detail="Username already exists")
+    user = User(
+        username=body.username,
+        password=get_password_hash(body.password),
+        email=body.email.strip() or None,
+        is_active=True,
+        is_superuser=False,
+    )
+    db.add(user)
+    await db.commit()
+    return {"status": True, "msg": "User created", "id": user.id}
+
+
+@router.delete("/{user_id}")
+async def user_delete(
+    user_id: int,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """Delete a user (admin only). Cannot delete self."""
+    require_superuser(current_user)
+    if user_id == current_user.id:
+        raise HTTPException(status_code=400, detail="Cannot delete your own account")
+    result = await db.execute(select(User).where(User.id == user_id))
+    user = result.scalar_one_or_none()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    await db.delete(user)
+    await db.commit()
+    return {"status": True, "msg": "User deleted"}
+
+
+@router.put("/{user_id}/toggle-active")
+async def user_toggle_active(
+    user_id: int,
+    current_user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """Toggle user active status (admin only). Cannot deactivate self."""
+    require_superuser(current_user)
+    if user_id == current_user.id:
+        raise HTTPException(status_code=400, detail="Cannot deactivate your own account")
+    result = await db.execute(select(User).where(User.id == user_id))
+    user = result.scalar_one_or_none()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    user.is_active = not user.is_active
+    await db.commit()
+    return {"status": True, "msg": "Updated", "is_active": user.is_active}