api: restructure user authentication modelling to support other user backends

api/src/dooris_api/models.py

@@ -1,6 +1,6 @@
-from typing import Optional, Literal, List
-from datetime import datetime
-from pydantic import BaseModel, HttpUrl
+from typing import Optional, Literal, Self
+from datetime import datetime, UTC
+from pydantic import BaseModel, HttpUrl, Field
 from enum import Enum
 from simple_openid_connect.data import IdToken
 
@@ -27,24 +27,27 @@ class HttpProblemDetail(BaseModel):
     instance: Optional[HttpUrl]
 
 
-class CurrentUser(BaseModel):
-    id_token: IdToken
-    raw_id_token: str
-
-    @property
-    def ccchh_roles(self) -> List[str]:
-        return getattr(self.id_token, "ccchh-roles", [])
-
-    @property
-    def may_operate_locks(self) -> bool:
-        return "intern@" in self.ccchh_roles
-
-
-class UserStatus(BaseModel):
-    is_authorized: bool
-    guaranteed_session_until: datetime
+class ApiUser(BaseModel):
+    is_anonymous: bool
+    is_ccchh_user: bool
+    is_token_user: bool
+    may_operate_locks: bool
     username: str
-    ccchh_roles: List[str]
+    guaranteed_session_until: Optional[datetime]
+
+    raw_id_token: Optional[str] = Field(exclude=True)
+
+    @classmethod
+    def from_id_token(cls, id_token: IdToken, raw_id_token: str) -> Self:
+        return cls(
+            is_anonymous=False,
+            is_ccchh_user=True,
+            is_token_user=False,
+            may_operate_locks="intern@" in getattr(id_token, "ccchh-roles", []),
+            username=id_token.preferred_username,
+            guaranteed_session_until=datetime.fromtimestamp(id_token.exp, UTC),
+            raw_id_token=raw_id_token,
+        )
 
 
 class LockStatus(BaseModel):