7 add admin authentication#16
Merged
Merged
Conversation
Closed
- Implement HTML sanitization in post creation - Add user ID association to blog posts - Update user creation to enforce admin role check - Modify post retrieval endpoints to use slug and ID - Improve post deletion and update authorization checks - Add is_admin field to User model - Update initial admin creation to set is_admin to True - Update PostGrid component styles for better UX - Refactor post detail page for improved layout and content rendering
There was a problem hiding this comment.
Pull Request Overview
This PR implements admin authentication functionality for the blog application, including user management, session-based authentication, and secure access controls for the post editor and API endpoints.
- Adds user authentication system with login/logout functionality and session management
- Implements admin-only access controls for post creation, editing, and deletion
- Updates API endpoints to use proper authentication and authorization
- Migrates backend from port 8000 to 3000 and adds Docker secrets for secure credential management
Reviewed Changes
Copilot reviewed 18 out of 21 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| nginx/nginx.conf | Updates proxy configuration to forward requests to backend on port 3000 |
| frontend/src/routes/posts/[slug]/+page.svelte | Updates API endpoint and improves post display with HTML rendering |
| frontend/src/routes/post-editor/+page.svelte | Adds user authentication check and welcome message |
| frontend/src/routes/post-editor/+page.server.ts | Implements server-side authentication validation for post editor access |
| frontend/src/routes/old/+page.svelte | Removes old page implementation |
| frontend/src/routes/login/+page.svelte | Adds login form component with authentication handling |
| frontend/src/routes/login/+page.server.ts | Implements login page server-side logic |
| frontend/src/routes/+page.svelte | Removes unused CSS and code cleanup |
| frontend/src/lib/components/PostGrid.svelte | Adds styling for post card links |
| docker-compose.yml | Adds Docker secrets and environment variables for secure authentication |
| backend/app/models/user.py | Defines user model with authentication fields |
| backend/app/models/session.py | Implements session management model |
| backend/app/models/blog_post.py | Adds user_id foreign key to blog posts |
| backend/app/main.py | Updates main application with authentication routers and production mode |
| backend/app/core/db_init.py | Implements initial admin user creation |
| backend/app/api/users.py | Adds user management and authentication endpoints |
| backend/app/api/posts.py | Updates post endpoints with authentication and HTML sanitization |
| backend/Dockerfile | Updates backend to run on port 3000 |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| ADMIN_USERNAME = os.getenv("ADMIN_USERNAME") | ||
| secret_file = Path("/run/secrets/admin_password") | ||
| ADMIN_PASSWORD = secret_file.read_text().strip() | ||
| print(f"ADMIN_USERNAME: {ADMIN_USERNAME}, ADMIN_PASSWORD: {ADMIN_PASSWORD}") |
There was a problem hiding this comment.
Logging the admin password in plain text is a security risk. Remove or mask the password from the log output.
Suggested change
| print(f"ADMIN_USERNAME: {ADMIN_USERNAME}, ADMIN_PASSWORD: {ADMIN_PASSWORD}") | |
| print(f"ADMIN_USERNAME: {ADMIN_USERNAME}") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.