Create approvals.py

routes/approvals.py

@@ -0,0 +1,109 @@
+import os
+import logging
+import aiohttp
+import asyncio
+from fastapi import APIRouter, HTTPException, Header, Query
+from typing import Dict, Any
+
+router = APIRouter()
+
+# Configuração do Supabase
+SUPABASE_URL = "https://ussxqnifefkgkaumjann.supabase.co"
+SUPABASE_KEY = os.getenv("SUPA_KEY")
+
+if not SUPABASE_KEY:
+    raise ValueError("❌ SUPA_KEY não foi definido no ambiente!")
+
+SUPABASE_HEADERS = {
+    "apikey": SUPABASE_KEY,
+    "Authorization": f"Bearer {SUPABASE_KEY}",
+    "Content-Type": "application/json"
+}
+
+# Configuração do logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+# Cache de admin
+from functools import lru_cache
+import requests
+
+@lru_cache(maxsize=128)
+def get_cached_admin_status(user_id: str) -> bool:
+    user_data_url = f"{SUPABASE_URL}/rest/v1/User?id=eq.{user_id}"
+    response = requests.get(user_data_url, headers=SUPABASE_HEADERS)
+    
+    if response.status_code != 200 or not response.json():
+        return False
+    
+    user_info = response.json()[0]
+    return user_info.get("is_admin", False)
+
+async def verify_admin_token(user_token: str) -> str:
+    headers = {
+        "Authorization": f"Bearer {user_token}",
+        "apikey": SUPABASE_KEY,
+        "Content-Type": "application/json"
+    }
+
+    async with aiohttp.ClientSession() as session:
+        async with session.get(f"{SUPABASE_URL}/auth/v1/user", headers=headers) as response:
+            if response.status != 200:
+                raise HTTPException(status_code=401, detail="Token inválido ou expirado")
+            
+            user_data = await response.json()
+            user_id = user_data.get("id")
+            if not user_id:
+                raise HTTPException(status_code=400, detail="ID do usuário não encontrado")
+    
+    is_admin = await asyncio.to_thread(get_cached_admin_status, user_id)
+
+    if not is_admin:
+        raise HTTPException(status_code=403, detail="Acesso negado: privilégios de administrador necessários")
+
+    return user_id
+
+async def get_users_pending_approval() -> Dict[str, Any]:
+    """Obtém todos os usuários que ainda não foram aprovados mas completaram o onboarding"""
+    try:
+        query = (
+            f"{SUPABASE_URL}/rest/v1/User"
+            "?select=id,name,avatar,role,blurhash"
+            "&approved_account=eq.false"
+            "&finished_onboarding=eq.true"
+            "&finished_stripe_onboarding=eq.true"
+            "&or=(approval_reason.is.null,approval_reason.eq.)"
+        )
+
+        headers = SUPABASE_HEADERS.copy()
+        headers["Accept"] = "application/json; charset=utf-8"
+
+        async with aiohttp.ClientSession() as session:
+            async with session.get(query, headers=headers) as response:
+                if response.status != 200:
+                    logger.error(f"❌ Erro ao buscar usuários pendentes de aprovação: {response.status}")
+                    raise HTTPException(status_code=500, detail="Erro ao consultar o Supabase")
+                
+                users = await response.json()
+                return {"users": users, "count": len(users)}
+
+    except Exception as e:
+        logger.error(f"❌ Erro ao buscar usuários pendentes: {str(e)}")
+        raise HTTPException(status_code=500, detail="Erro interno do servidor")
+
+@router.get("/admin/pending-approvals")
+async def pending_approvals_endpoint(
+    user_token: str = Header(None, alias="User-key")
+):
+    """
+    Endpoint para listar usuários que ainda não foram aprovados,
+    mas já finalizaram o onboarding e o Stripe.
+    """
+    try:
+        await verify_admin_token(user_token)
+        return await get_users_pending_approval()
+    except HTTPException as he:
+        raise he
+    except Exception as e:
+        logger.error(f"❌ Erro no endpoint de aprovações: {str(e)}")
+        raise HTTPException(status_code=500, detail=str(e))