feat: Guests API keys. Closes #3

app/api/routes/api_keys.py

@@ -0,0 +1,85 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy import select
+
+from app.core.database import async_session
+from app.models.api_key import ApiKeyModel
+from app.api.deps import require_admin, AuthContext
+
+# Все операции с ключами -- только для админов (мастер-ключ)
+router = APIRouter(dependencies=[Depends(require_admin)])
+
+
+@router.get("")
+async def list_keys():
+    """Список всех гостевых ключей."""
+    async with async_session() as session:
+        result = await session.execute(select(ApiKeyModel))
+        keys = result.scalars().all()
+
+    return [
+        {
+            "key": k.key,
+            "name": k.name,
+            "is_admin": k.is_admin,
+            "active": k.active,
+            "created_at": k.created_at,
+        }
+        for k in keys
+    ]
+
+
+@router.post("")
+async def create_key(name: str, is_admin: bool = False):
+    """Создать гостевой ключ. Возвращает сгенерированный токен."""
+    new_key = ApiKeyModel(
+        key=ApiKeyModel.generate_key(),
+        name=name,
+        is_admin=is_admin,
+    )
+
+    async with async_session() as session:
+        session.add(new_key)
+        await session.commit()
+
+    return {
+        "key": new_key.key,
+        "name": new_key.name,
+        "is_admin": new_key.is_admin,
+        "message": "Сохраните ключ -- он больше не будет показан полностью",
+    }
+
+
+@router.delete("/{key}")
+async def revoke_key(key: str):
+    """Деактивировать (отозвать) гостевой ключ."""
+    async with async_session() as session:
+        result = await session.execute(
+            select(ApiKeyModel).where(ApiKeyModel.key == key)
+        )
+        api_key = result.scalar_one_or_none()
+        if not api_key:
+            raise HTTPException(status_code=404, detail="Ключ не найден")
+
+        api_key.active = False
+        session.add(api_key)
+        await session.commit()
+
+    return {"status": "revoked", "name": api_key.name}
+
+
+@router.post("/{key}/activate")
+async def activate_key(key: str):
+    """Повторно активировать ключ."""
+    async with async_session() as session:
+        result = await session.execute(
+            select(ApiKeyModel).where(ApiKeyModel.key == key)
+        )
+        api_key = result.scalar_one_or_none()
+        if not api_key:
+            raise HTTPException(status_code=404, detail="Ключ не найден")
+
+        api_key.active = True
+        session.add(api_key)
+        await session.commit()
+
+    return {"status": "activated", "name": api_key.name}

app/api/routes/devices.py

@@ -3,7 +3,7 @@ from sqlalchemy import select
 from app.core.state import state_manager, discovery_service
 from app.core.database import async_session
 from app.models.device import GroupModel, GroupCreateSchema
-from app.api.deps import verify_token
+from app.api.deps import verify_token, require_admin
 from app.drivers.wiz import WizDriver
 
 # Создаем роутер с защитой
@@ -26,7 +26,7 @@ async def get_scenes():
     return wiz.SCENES
 
 
-@router.post("/groups")
+@router.post("/groups", dependencies=[Depends(require_admin)])
 async def create_group(data: GroupCreateSchema):
     async with async_session() as session:
         existing = await session.get(GroupModel, data.id)
@@ -40,7 +40,7 @@ async def create_group(data: GroupCreateSchema):
     return {"status": "created", "group": data.name}
 
 
-@router.delete("/groups/{group_id}")
+@router.delete("/groups/{group_id}", dependencies=[Depends(require_admin)])
 async def delete_group(group_id: str):
     async with async_session() as session:
         result = await session.execute(
@@ -56,7 +56,7 @@ async def delete_group(group_id: str):
     return {"status": "deleted", "id": group_id}
 
 
-@router.post("/rescan")
+@router.post("/rescan", dependencies=[Depends(require_admin)])
 async def rescan_network():
     found_devices = await discovery_service.scan_network()
     for dev_data in found_devices:

app/api/routes/schedules.py

@@ -8,11 +8,11 @@ from apscheduler.triggers.date import DateTrigger
 from app.core.scheduler import app_tz, scheduler
 from app.core.state import state_manager
 from app.drivers.wiz import WizDriver
-from app.api.deps import verify_token
+from app.api.deps import require_admin
 
 logger = logging.getLogger(__name__)
 
-router = APIRouter(dependencies=[Depends(verify_token)])
+router = APIRouter(dependencies=[Depends(require_admin)])
 
 
 async def run_group_command(target_id: str, is_group: bool, params: dict):