"""Dashboard login — minimal cookie-session auth. Credentials come from `core_config.json` → `auth.{username,password}`. The session is signed by Starlette's SessionMiddleware (stateless cookie). """ from __future__ import annotations from fastapi import APIRouter, HTTPException, Request from fastapi.responses import HTMLResponse, RedirectResponse from pydantic import BaseModel from Project.Sanad.config import BASE_DIR from Project.Sanad.core.config_loader import section as _cfg_section from Project.Sanad.core.logger import get_logger router = APIRouter() log = get_logger("dashboard.auth") _AUTH_CFG = _cfg_section("core", "auth") or {} USERNAME = _AUTH_CFG.get("username", "admin") PASSWORD = _AUTH_CFG.get("password", "admin") LOGIN_PAGE = BASE_DIR / "dashboard" / "static" / "login.html" def is_authed(request: Request) -> bool: return bool(request.session.get("user")) class LoginPayload(BaseModel): username: str password: str @router.get("/login", include_in_schema=False) async def login_page(request: Request): if is_authed(request): return RedirectResponse("/", status_code=303) if LOGIN_PAGE.exists(): return HTMLResponse(LOGIN_PAGE.read_text(encoding="utf-8")) return HTMLResponse("