➕ api: admin/credentials: only allow certain "name" values

2026-02-25 22:50:24 +01:00 · 2026-02-25 22:50:24 +01:00 · 1ca9a2083e
commit 1ca9a2083e
parent 049ae8fc56
1 changed files with 11 additions and 5 deletions
--- a/api/advent22_api/routers/admin.py
+++ b/api/advent22_api/routers/admin.py
@ -1,6 +1,7 @@
 from datetime import date
+from enum import Enum

-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException, status
 from pydantic import BaseModel

 from advent22_api.core.helpers import EventDates
@ -173,16 +174,21 @@ async def put_doors(
    await cal_cfg.change(cfg)


+class CredentialsName(str, Enum):
+    DAV = "dav"
+    UI = "ui"
+
+
@router.get("/credentials/{name}")
 async def get_credentials(
-    name: str,
+    name: CredentialsName,
    _: None = Depends(require_admin),
    cfg: Config = Depends(get_config),
 ) -> Credentials:

-    if name == "dav":
+    if name == CredentialsName.DAV:
        return SETTINGS.webdav.auth
-    elif name == "ui":
+    elif name == CredentialsName.UI:
        return cfg.admin
    else:
-        return Credentials()
+        raise HTTPException(status.HTTP_400_BAD_REQUEST)