feat: Statischer firmenweiter QR-Code für mobiles Ein-/Ausstempeln
Mitarbeiter scannen einen am Eingang ausgehängten QR-Code mit dem Privat-Handy
(/stamp?t=<token>), melden sich per Personalnummer + PIN an und stempeln ein/aus.
Eigener öffentlicher Endpunkt-Pfad, da der Kiosk-PIN-Login Ed25519-Geräte-
Signaturen verlangt, die ein Privat-Handy nicht hat.
Backend:
- Company.public_stamp_enabled (opt-in, default OFF) + rotierbares
public_stamp_token_hash (SHA-256) + created_at; Migration 0033
- Router /time/public: company/auth/action (slowapi-Limits, AuditLog)
- kiosk_auth_service.login_pin_public() reused PIN-Lockout, keyed auf
(public:company_id, personnel_number)
- public_stamp_session_service: 120s Redis-Kurz-Session
- Admin-Token-Endpunkte in companies.py (GET/rotate/DELETE)
Frontend:
- Public-Route /stamp (PublicStampPage)
- Stempel-PIN-Verwaltung in ProfilePage (reused POST /users/{id}/kiosk-pin)
- QR-Generierung/Druck/Toggle in CompanySettingsPage
Sicherheit: schwächer als Kiosk (keine Geräte-Signatur/Nonce/IP-Whitelist),
bewusster BYOD-Komfort-Tradeoff; Schutz über PIN + Lockout + opt-in.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -1,12 +1,17 @@
|
||||
import hashlib
|
||||
import secrets
|
||||
from datetime import datetime, timezone
|
||||
from uuid import UUID
|
||||
|
||||
from fastapi import APIRouter, Depends
|
||||
from fastapi import APIRouter, Depends, Request
|
||||
from sqlalchemy import select
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from app.core.config import settings
|
||||
from app.core.database import get_db
|
||||
from app.core.dependencies import CurrentUser, require_role
|
||||
from app.core.dependencies import CurrentUser, get_client_ip, require_role
|
||||
from app.models import Company
|
||||
from app.models.audit_log import AuditLog
|
||||
from app.models.department import Department
|
||||
from app.models.user import User, UserRole
|
||||
from app.schemas.company import (
|
||||
@@ -15,6 +20,8 @@ from app.schemas.company import (
|
||||
DepartmentCreate,
|
||||
DepartmentOut,
|
||||
DepartmentUpdate,
|
||||
PublicStampTokenRotated,
|
||||
PublicStampTokenStatus,
|
||||
)
|
||||
|
||||
router = APIRouter(prefix="/companies", tags=["Companies"])
|
||||
@@ -22,6 +29,10 @@ router = APIRouter(prefix="/companies", tags=["Companies"])
|
||||
_admin_roles = (UserRole.COMPANY_ADMIN, UserRole.SUPER_ADMIN)
|
||||
|
||||
|
||||
def _public_stamp_url(token: str) -> str:
|
||||
return f"{settings.frontend_url.rstrip('/')}/stamp?t={token}"
|
||||
|
||||
|
||||
@router.get("/me", response_model=CompanyOut)
|
||||
async def get_my_company(current_user: CurrentUser, db: AsyncSession = Depends(get_db)):
|
||||
company = await db.get(Company, current_user.company_id)
|
||||
@@ -46,6 +57,71 @@ async def update_my_company(
|
||||
return CompanyOut.model_validate(company)
|
||||
|
||||
|
||||
# ── Öffentliches QR-Stempel-Token ────────────────────────────────────────────
|
||||
|
||||
@router.get("/me/public-stamp-token", response_model=PublicStampTokenStatus)
|
||||
async def get_public_stamp_token_status(
|
||||
current_user: User = require_role(*_admin_roles),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
company = await db.get(Company, current_user.company_id)
|
||||
return PublicStampTokenStatus(
|
||||
enabled=company.public_stamp_enabled,
|
||||
configured=company.public_stamp_token_hash is not None,
|
||||
created_at=company.public_stamp_token_created_at,
|
||||
)
|
||||
|
||||
|
||||
@router.post("/me/public-stamp-token/rotate", response_model=PublicStampTokenRotated)
|
||||
async def rotate_public_stamp_token(
|
||||
request: Request,
|
||||
current_user: User = require_role(*_admin_roles),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
company = await db.get(Company, current_user.company_id)
|
||||
token = secrets.token_urlsafe(32)
|
||||
company.public_stamp_token_hash = hashlib.sha256(token.encode("utf-8")).hexdigest()
|
||||
company.public_stamp_token_created_at = datetime.now(timezone.utc)
|
||||
|
||||
db.add(AuditLog(
|
||||
company_id=company.id,
|
||||
user_id=current_user.id,
|
||||
action="public_stamp_token_rotated",
|
||||
entity_type="company",
|
||||
entity_id=company.id,
|
||||
ip=get_client_ip(request),
|
||||
))
|
||||
await db.commit()
|
||||
return PublicStampTokenRotated(
|
||||
token=token,
|
||||
public_url=_public_stamp_url(token),
|
||||
created_at=company.public_stamp_token_created_at,
|
||||
)
|
||||
|
||||
|
||||
@router.delete("/me/public-stamp-token", status_code=204)
|
||||
async def delete_public_stamp_token(
|
||||
request: Request,
|
||||
current_user: User = require_role(*_admin_roles),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
):
|
||||
company = await db.get(Company, current_user.company_id)
|
||||
if company.public_stamp_token_hash is None:
|
||||
return
|
||||
company.public_stamp_token_hash = None
|
||||
company.public_stamp_token_created_at = None
|
||||
|
||||
db.add(AuditLog(
|
||||
company_id=company.id,
|
||||
user_id=current_user.id,
|
||||
action="public_stamp_token_revoked",
|
||||
entity_type="company",
|
||||
entity_id=company.id,
|
||||
ip=get_client_ip(request),
|
||||
))
|
||||
await db.commit()
|
||||
|
||||
|
||||
# ── Departments ──────────────────────────────────────────────────────────────
|
||||
|
||||
@router.get("/me/departments", response_model=list[DepartmentOut])
|
||||
|
||||
Reference in New Issue
Block a user