feat: replace SQLAdmin with Keycloak-protected API management page

- Disable SQLAdmin basic auth (comment out mount_admin, statics, redirect)
- Add /api-management page (Keycloak admin role required)
- Add admin_api_keys.py: REST endpoints for list/create clients and keys
- Add api_management.html: manage API clients, keys, permissions with copy-once key display
- Update index.html: API Management link -> /api-management
- Update auth middleware: add /api-management and /admin/users to PROTECTED_PATHS
- Add CHANGES-2026-06-04.md dev notes
This commit is contained in:
jigoong
2026-06-04 18:22:22 +07:00
parent e4d32b86cb
commit 3a5f9e9001
8 changed files with 807 additions and 20 deletions

View File

@@ -91,10 +91,11 @@ def mount_admin(app):
admin.add_view(ApiClientAdmin)
admin.add_view(ApiKeyAdmin)
@app.get("/admin")
async def _admin_redirect(request: Request):
root_path = request.scope.get("root_path") or ""
return RedirectResponse(url=f"{root_path}/admin/")
# SQLAdmin /admin route disabled — replaced by Keycloak-protected /api-management page
# @app.get("/admin")
# async def _admin_redirect(request: Request):
# root_path = request.scope.get("root_path") or ""
# return RedirectResponse(url=f"{root_path}/admin/")
@app.post("/admin/api-keys/generate")
async def _admin_generate_api_key(