RulEngine-clone/diff_app_utils_auth.py at main · ripclass/RulEngine-clone · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
diff --git a/app/utils/auth.py b/app/utils/auth.py
new file mode 100644
index 00000000..1f01cf26
--- /dev/null
+++ b/app/utils/auth.py
@@ -0,0 +1,26 @@
+"""Utility helpers for authentication and role derivation."""
+from typing import Optional
+
+from app.models import ApiKey, Tenant
+
+
+def derive_api_key_role(api_key: ApiKey, tenant: Optional[Tenant]) -> str:
+    """Determine role designation for an API key."""
+    if not api_key:
+        return "client"
+
+    name = (api_key.name or "").lower()
+    prefix = (api_key.prefix or "").lower()
+    tenant_id = (tenant.id if tenant else "") or ""
+    tenant_name = (tenant.name if tenant else "") or ""
+
+    if tenant_id == "admin":
+        return "admin"
+
+    if "admin" in name or prefix.startswith("sk_admin") or "admin" in prefix:
+        return "admin"
+
+    if tenant_name.lower() == "admin":
+        return "admin"
+
+    return "client"