Add HSTS, gzip, Ntfy notifications, and paginate entries endpoint
- nginx: add HSTS (max-age=31536000) and gzip for text/css/js/json - entries: add limit/offset query params (default 200, max 1000) - Ntfy: wire NTFY_URL/NTFY_TOKEN through env; notify on startup, new registration, admin login, user disable, and user delete - httpx==0.28.1 added for async Ntfy HTTP calls Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -6,6 +6,7 @@ from app.dependencies import get_db, get_current_admin, bearer_scheme
|
||||
from app.models.user import User
|
||||
from app.schemas.user import AdminUserCreate, AdminPasswordReset, AdminUserResponse, Token
|
||||
from app.utils.security import hash_password, create_token
|
||||
from app.utils.notify import notify
|
||||
|
||||
router = APIRouter(prefix="/api/admin", tags=["admin"])
|
||||
|
||||
@@ -73,6 +74,7 @@ async def disable_user(
|
||||
|
||||
user.is_disabled = True
|
||||
await db.commit()
|
||||
await notify("User disabled", f"Account disabled: {user.email} (by admin {current_admin.email})", priority="default")
|
||||
|
||||
|
||||
@router.post("/users/{user_id}/enable", status_code=status.HTTP_204_NO_CONTENT)
|
||||
@@ -106,6 +108,7 @@ async def delete_user(
|
||||
|
||||
await db.delete(user)
|
||||
await db.commit()
|
||||
await notify("User deleted", f"Account deleted: {user.email} (by admin {current_admin.email})", priority="default")
|
||||
|
||||
|
||||
@router.post("/users/{user_id}/impersonate", response_model=Token)
|
||||
|
||||
Reference in New Issue
Block a user