Skip to content

SQLAdmin authorization panel #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
KaliszS merged 8 commits into from
Dec 11, 2025
Merged

SQLAdmin authorization panel #95

KaliszS merged 8 commits into from
Dec 11, 2025

Conversation

@szyszkapiotr
Copy link
Contributor

@szyszkapiotr szyszkapiotr commented Dec 9, 2025
edited
Loading

This pull request introduces a simple authorization mechanism for SQLAdmin by implementing a custom AuthenticationBackend. The solution uses username and password credentials combined with a rotating token for additional security.

The token is time-based and configurable via SQLADMIN_TOKEN_TTL env variable, ensuring that stored session tokens automatically expire and are replaced periodically.

Key features added in this PR:

  • AdminAuth backend extending sqladmin.authentication.AuthenticationBackend

  • credential-based login configurable from .env

  • time-based HMAC token with configurable TTL

Resolves #94

@bartmichalak bartmichalak requested a review from KaliszS December 11, 2025 06:46
KaliszS
KaliszS requested changes Dec 11, 2025
View reviewed changes
Copy link
Collaborator

@KaliszS KaliszS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR! Since there is no real code quality check in CI for that template (it would be difficult with jinja), can you generate a local project from the template (use: copier copy https://github.com/szyszkapiotr/python-ai-kit $YOUR_LOCAL_MANUALY_CREATED_DIRECTORY --trust -r sqladmin-auth) and confirm whether uv run pre-commit run --all-files ends up clean? Or fix linter issues if not.

python-ai-kit/app/integrations/sqladmin/auth.py Outdated
Comment on lines 6 to 10
from app.config import settings
from fastapi import Request
from pydantic import SecretStr

from sqladmin.authentication import AuthenticationBackend
Copy link
Collaborator

@KaliszS KaliszS Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

External modules and internal modules improts should be in different visual sections:

from fastapi import Request
from pydantic import SecretStr
from sqladmin.authentication import AuthenticationBackend

from app.config import settings

Copy link
Contributor Author

@szyszkapiotr szyszkapiotr Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My IDE automatically sorts imports. For some reason it did not find it as internal module and placed it in such order. Changed it to be correct. Thanks!

python-ai-kit/app/integrations/sqladmin/auth.py Outdated

return hmac.compare_digest(token, current_token)

def _credentials_valid(self, username: str, password: str) -> bool:
Copy link
Collaborator

@KaliszS KaliszS Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rename that method so it will be action? Like _validate_credentials

Copy link
Contributor Author

@szyszkapiotr szyszkapiotr Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

python-ai-kit/app/integrations/sqladmin/auth.py
return str(slot_number)

@property
def VALID_PASSWORD(self) -> str: # noqa: N802
Copy link
Collaborator

@KaliszS KaliszS Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why noqa here and in property below?

Copy link
Contributor Author

@szyszkapiotr szyszkapiotr Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uv run pre-commit run --all-files
ruff check...............................................................Failed

  • hook id: ruff-check
  • exit code: 1

N802 Function name VALID_PASSWORD should be lowercase
--> app/integrations/sqladmin/auth.py:62:9

@szyszkapiotr
Copy link
Contributor Author

szyszkapiotr commented Dec 11, 2025

Done uv run pre-commit run --all-files many times before. Did not find any diagnostic related to my changes. Although there are few errors from other files.

Output from uv run pre-commit run --all-files shown in screenshot below (in api-monolith project)
image

@KaliszS KaliszS merged commit 0af7925 into the-momentum:main Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KaliszS KaliszS KaliszS approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add SQLAdmin authorization panel

2 participants

@szyszkapiotr @KaliszS