Add HSTS, gzip, Ntfy notifications, and paginate entries endpoint

- nginx: add HSTS (max-age=31536000) and gzip for text/css/js/json
- entries: add limit/offset query params (default 200, max 1000)
- Ntfy: wire NTFY_URL/NTFY_TOKEN through env; notify on startup, new
  registration, admin login, user disable, and user delete
- httpx==0.28.1 added for async Ntfy HTTP calls

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-25 01:12:59 -07:00
parent 2c45e599c0
commit e08e031ad0
10 changed files with 49 additions and 1 deletions
+3
View File
@@ -6,6 +6,7 @@ from app.dependencies import get_db, get_current_admin, bearer_scheme
from app.models.user import User
from app.schemas.user import AdminUserCreate, AdminPasswordReset, AdminUserResponse, Token
from app.utils.security import hash_password, create_token
from app.utils.notify import notify
router = APIRouter(prefix="/api/admin", tags=["admin"])
@@ -73,6 +74,7 @@ async def disable_user(
user.is_disabled = True
await db.commit()
await notify("User disabled", f"Account disabled: {user.email} (by admin {current_admin.email})", priority="default")
@router.post("/users/{user_id}/enable", status_code=status.HTTP_204_NO_CONTENT)
@@ -106,6 +108,7 @@ async def delete_user(
await db.delete(user)
await db.commit()
await notify("User deleted", f"Account deleted: {user.email} (by admin {current_admin.email})", priority="default")
@router.post("/users/{user_id}/impersonate", response_model=Token)