from fastapi import APIRouter, HTTPException, status, Depends from pydantic import BaseModel from typing import List from model.staff_model import StaffModel from utils.auth_helper import requires_permission, assert_actor_match from utils.turnstile_helper import verify_turnstile router = APIRouter() class AddStaffRequest(BaseModel): name: str email: str permissions: List[str] = [] actorId: str @router.post("/add-staff", status_code=status.HTTP_201_CREATED, dependencies=[Depends(verify_turnstile)]) async def add_staff_controller( req: AddStaffRequest, current_user=Depends(requires_permission("admin")) ): if not req.name or not req.email: raise HTTPException(status_code=400, detail="Tên và Email là bắt buộc") try: actor_id = current_user["id"] actor_name = current_user.get("name", "") assert_actor_match(current_user, req.actorId) new_staff_data = StaffModel.create_staff( name=req.name.strip(), email=req.email.strip(), permissions=req.permissions ) return { "success": True, "data": new_staff_data, "actedBy": { "id": actor_id, "name": actor_name } } except Exception as e: print(f"Lỗi khi tạo staff: {e}") raise HTTPException(status_code=500, detail="Internal Server Error") @router.get("/add-staff", dependencies=[Depends(requires_permission("admin"))]) async def get_staff_list(): try: from model.staff_model import collection staffs = list(collection.find({"role": "staff"})) for s in staffs: s["_id"] = str(s["_id"]) return {"success": True, "data": staffs} except Exception as e: return {"success": False, "message": str(e)} class StaffLoginPayload(BaseModel): email: str password: str @router.post("/auth/login", dependencies=[Depends(verify_turnstile)]) async def staff_login(payload: StaffLoginPayload): from model.staff_model import collection user = collection.find_one({"email": payload.email, "role": "staff"}) if user and user.get("password") == payload.password: if user.get("status") == "inactive": return {"success": False, "message": "Tài khoản của bạn đã bị khóa!"} return { "success": True, "data": { "id": str(user["_id"]), "email": user["email"], "name": user.get("name", ""), "role": user["role"], "permissions": user.get("permissions", []), "status": user.get("status", "active") } } return {"success": False, "message": "Email hoặc mật khẩu Staff không chính xác!"} class ChangePasswordPayload(BaseModel): staffId: str oldPassword: str newPassword: str @router.put("/change-password", dependencies=[Depends(verify_turnstile)]) async def change_staff_password(payload: ChangePasswordPayload): success, message = StaffModel.change_password( staff_id=payload.staffId, old_password=payload.oldPassword, new_password=payload.newPassword ) return {"success": success, "message": message} class UpdateStaffPayload(BaseModel): staffId: str email: str status: str permissions: List[str] actorId: str class ResetPasswordPayload(BaseModel): staffId: str actorId: str @router.put("/update-staff", dependencies=[Depends(verify_turnstile)]) async def update_staff_endpoint( payload: UpdateStaffPayload, current_user=Depends(requires_permission("admin")) ): actor_id = current_user["id"] actor_name = current_user.get("name", "") assert_actor_match(current_user, payload.actorId) success, msg = StaffModel.update_staff( payload.staffId, payload.email, payload.status, payload.permissions ) return { "success": success, "message": msg, "actedBy": { "id": actor_id, "name": actor_name } } @router.post("/reset-password", dependencies=[Depends(verify_turnstile)]) async def reset_password_endpoint( payload: ResetPasswordPayload, current_user=Depends(requires_permission("admin")) ): actor_id = current_user["id"] actor_name = current_user.get("name", "") assert_actor_match(current_user, payload.actorId) success, msg = StaffModel.admin_reset_password(payload.staffId) return { "success": success, "message": msg, "actedBy": { "id": actor_id, "name": actor_name } }