mirror of
https://code.lenaisten.de/Lenaisten/advent22.git
synced 2024-11-23 00:03:07 +00:00
Berechtigungen
This commit is contained in:
parent
2802b04657
commit
66dbf9c9d8
2 changed files with 38 additions and 11 deletions
|
@ -1,12 +1,13 @@
|
|||
# from datetime import date
|
||||
from datetime import date
|
||||
from io import BytesIO
|
||||
|
||||
from fastapi import APIRouter, Depends
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from fastapi.responses import StreamingResponse
|
||||
|
||||
from ..config import Config, get_config
|
||||
from ._image import AdventImage
|
||||
from ._misc import get_image, shuffle
|
||||
from .user import user_is_admin
|
||||
|
||||
router = APIRouter(prefix="/days", tags=["days"])
|
||||
|
||||
|
@ -52,17 +53,36 @@ async def get_letter(
|
|||
# )
|
||||
|
||||
|
||||
async def user_can_view(
|
||||
index: int,
|
||||
) -> bool:
|
||||
today = date.today()
|
||||
|
||||
if today.month in (1, 2, 3):
|
||||
return True
|
||||
|
||||
elif today.month == 12:
|
||||
return index < today.day
|
||||
|
||||
return False
|
||||
|
||||
|
||||
@router.get(
|
||||
"/picture/{index}",
|
||||
"/image/{index}",
|
||||
response_class=StreamingResponse,
|
||||
)
|
||||
async def get_image_for_day(
|
||||
image: AdventImage = Depends(get_image),
|
||||
can_view: bool = Depends(user_can_view),
|
||||
is_admin: bool = Depends(user_is_admin),
|
||||
) -> StreamingResponse:
|
||||
"""
|
||||
Bild für einen Tag erstellen
|
||||
"""
|
||||
|
||||
if not (can_view or is_admin):
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Wie unhöflich!!!")
|
||||
|
||||
# Bilddaten in Puffer laden
|
||||
img_buffer = BytesIO()
|
||||
image.img.save(img_buffer, format="JPEG", quality=85)
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
import secrets
|
||||
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from fastapi.security import HTTPBasic, HTTPBasicCredentials
|
||||
|
||||
|
@ -7,18 +9,23 @@ router = APIRouter(prefix="/user", tags=["user"])
|
|||
security = HTTPBasic()
|
||||
|
||||
|
||||
async def is_admin(
|
||||
async def user_is_admin(
|
||||
credentials: HTTPBasicCredentials = Depends(security),
|
||||
config: Config = Depends(get_config),
|
||||
) -> bool:
|
||||
if config.admin.name == credentials.username:
|
||||
if config.admin.password == credentials.password:
|
||||
return True
|
||||
return False
|
||||
username_correct = secrets.compare_digest(
|
||||
credentials.username, config.admin.name
|
||||
)
|
||||
|
||||
password_correct = secrets.compare_digest(
|
||||
credentials.password, config.admin.password
|
||||
)
|
||||
|
||||
return username_correct and password_correct
|
||||
|
||||
|
||||
async def require_admin(
|
||||
is_admin: bool = Depends(is_admin),
|
||||
is_admin: bool = Depends(user_is_admin),
|
||||
) -> None:
|
||||
if not is_admin:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED)
|
||||
|
@ -27,5 +34,5 @@ async def require_admin(
|
|||
@router.get("/admin")
|
||||
def check_admin(
|
||||
_: None = Depends(require_admin),
|
||||
) -> None:
|
||||
return None
|
||||
) -> bool:
|
||||
return True
|
||||
|
|
Loading…
Reference in a new issue