sso

backend/routers/sso.py

@@ -0,0 +1,31 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from .. import database, models, schemas, auth_utils
+
+router = APIRouter(tags=["SSO"])
+
+@router.post("/verify", response_model=schemas.SSOVerifyResponse)
+async def verify_user(request: schemas.SSOVerifyRequest, db: Session = Depends(database.get_db)):
+    # 1. Validate API Key
+    app = db.query(models.Application).filter(models.Application.api_key == request.api_key).first()
+    if not app:
+        raise HTTPException(status_code=403, detail="Invalid API Key")
+    
+    # 2. Validate User Credentials
+    user = db.query(models.User).filter(models.User.username == request.username).first()
+    if not user or not auth_utils.verify_password(request.password, user.hashed_password):
+        return {"authorized": False, "message": "Invalid username or password"}
+    
+    if not user.is_active:
+        return {"authorized": False, "message": "User account is inactive"}
+        
+    # 3. Check Assignment
+    assignment = db.query(models.UserApplication).filter(
+        models.UserApplication.user_id == user.id,
+        models.UserApplication.application_id == app.id
+    ).first()
+    
+    if not assignment:
+        return {"authorized": False, "message": "User not authorized for this application"}
+        
+    return {"authorized": True, "message": "Authorized", "user": user}