fix: Trying to fix Auto Restart. And Fixed MQTT admin auth

2026-02-27 10:17:38 +02:00
parent 12784462f9
commit 7f51c60062
2 changed files with 15 additions and 5 deletions
--- a/backend/mqtt/auth.py
+++ b/backend/mqtt/auth.py
@@ -18,7 +18,7 @@ User types handled:
 - Kiosk users (e.g. "PV25L22BP01R01-kiosk"):
    Same HMAC auth derived from the full kiosk username.
    ACL: allowed to access topics of their base device (suffix stripped).
- bonamin, NodeRED, and other non-device users:
+- admin, bonamin, NodeRED, and other non-device users:
    These connect via the passwd file backend (go-auth file backend).
    They never reach this HTTP backend — go-auth resolves them first.
    The ACL endpoint below handles them defensively anyway (superuser list).
@@ -35,7 +35,7 @@ LEGACY_PASSWORD = "vesper"

 # Users authenticated via passwd file (go-auth file backend).
 # If they somehow reach the HTTP ACL endpoint, grant full access.
-SUPERUSERS = {"bonamin", "NodeRED"}
+SUPERUSERS = {"admin", "bonamin", "NodeRED"}


 def _derive_password(username: str) -> str:
@@ -86,7 +86,7 @@ async def mqtt_auth_user(
               or kiosk variant: "PV25L22BP01R01-kiosk"
    Password = HMAC-derived (new firmware) or "vesper" (legacy firmware)

-    Note: bonamin and NodeRED authenticate via the go-auth passwd file backend
+    Note: admin, bonamin and NodeRED authenticate via the go-auth passwd file backend
    and never reach this endpoint.
    """
    if _is_valid_password(username, password):