kiwi-vpn/api/kiwi_vpn_api/db/schemas.py

"""
Pydantic representation of database contents.
"""


from __future__ import annotations

from datetime import datetime
from enum import Enum
from typing import Any

from passlib.context import CryptContext
from pydantic import BaseModel, Field, validator
from sqlalchemy.exc import IntegrityError
from sqlalchemy.orm import Session

from . import models

##########
# table: user_capabilities
##########


class UserCapability(Enum):
    admin = "admin"
    login = "login"
    issue = "issue"
    renew = "renew"

    def __repr__(self) -> str:
        return self.value

    @classmethod
    def from_value(cls, value) -> UserCapability:
        """
        Create UserCapability from various formats
        """

        if isinstance(value, cls):
            # value is already a UserCapability, use that
            return value

        elif isinstance(value, models.UserCapability):
            # create from db format
            return cls(value.capability)

        else:
            # create from string representation
            return cls(str(value))

    @property
    def model(self) -> models.UserCapability:
        return models.UserCapability(
            capability=self.value,
        )


##########
# table: users
##########


class UserBase(BaseModel):
    name: str

    country: str
    state: str
    city: str
    organization: str
    organizational_unit: str

    email: str

    capabilities: list[UserCapability] = []


class UserCreate(UserBase):
    password: str


class User(UserBase):
    devices: list[Device] = Field(
        default=[], repr=False
    )

    class Config:
        orm_mode = True

    @validator("capabilities", pre=True)
    @classmethod
    def unify_capabilities(cls, value: list[Any]) -> list[UserCapability]:
        """
        Import the capabilities from various formats
        """

        return [
            UserCapability.from_value(capability)
            for capability in value
        ]

    @classmethod
    def from_db(
        cls,
        db: Session,
        name: str,
    ) -> User | None:
        """
        Load user from database by name.
        """

        db_user = models.User(name=name)
        db.refresh(db_user)

        return cls.from_orm(db_user)

    @classmethod
    def create(
        cls,
        db: Session,
        user: UserCreate,
        crypt_context: CryptContext,
    ) -> User | None:
        """
        Create a new user in the database.
        """

        try:
            db_user = models.User(
                name=user.name,
                password=crypt_context.hash(user.password),
                capabilities=[
                    capability.model
                    for capability in user.capabilities
                ],
            )

            db.add(db_user)
            db.commit()
            db.refresh(db_user)

            return cls.from_orm(db_user)

        except IntegrityError:
            # user already existed
            pass

    def is_admin(self) -> bool:
        return UserCapability.admin in self.capabilities

    def authenticate(
        self,
        db: Session,
        password: str,
        crypt_context: CryptContext,
    ) -> User | None:
        """
        Authenticate with name/password against users in database.
        """

        db_user = models.User(name=self.name)
        db.refresh(db_user)

        if db_user is None:
            # nonexistent user, fake doing password verification
            crypt_context.dummy_verify()
            return False

        if not crypt_context.verify(password, db_user.password):
            # password hash mismatch
            return False

        self.from_orm(db_user)

        return True

    def update(
        self,
        db: Session,
    ) -> None:
        """
        Update this user in the database.
        """

        db_user = models.User(name=self.name)
        db.refresh(db_user)

        for capability in db_user.capabilities:
            db.delete(capability)

        db_user.capabilities = [
            capability.model
            for capability in self.capabilities
        ]

        db.commit()

    def delete(
        self,
        db: Session,
    ) -> bool:
        """
        Delete this user from the database.
        """

        db_user = models.User(name=self.name)
        db.refresh(db_user)

        if db_user is None:
            # nonexistent user
            return False

        db.delete(db_user)
        db.commit()
        return True


##########
# table: devices
##########


class DeviceBase(BaseModel):
    name: str
    type: str
    expiry: datetime


class DeviceCreate(DeviceBase):
    owner_name: str


class Device(DeviceBase):
    class Config:
        orm_mode = True

    @classmethod
    def create(
        cls,
        db: Session,
        device: DeviceCreate,
    ) -> Device | None:
        """
        Create a new device in the database.
        """

        try:
            db_device = models.Device(
                owner_name=device.owner_name,

                name=device.name,
                type=device.type,
                expiry=device.expiry,
            )

            db.add(db_device)
            db.commit()
            db.refresh(db_device)

            return cls.from_orm(db_device)

        except IntegrityError:
            # device already existed
            pass

    def delete(
        self,
        db: Session,
    ) -> bool:
        """
        Delete this device from the database.
        """

        db_device = models.Device(
            # owner_name=
            name=self.name,
        )
        db.refresh(db_device)

        if db_device is None:
            # nonexistent device
            return False

        db.delete(db_device)
        db.commit()
        return True
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Pydantic representation of database contents.`
			`"""`


refactor CRUD utils 2022-03-18 23:45:09 +00:00			`from __future__ import annotations`

peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00			`from datetime import datetime`
move caps to "User" schema 2022-03-19 18:31:03 +00:00			`from enum import Enum`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`from typing import Any`
refactor CRUD utils 2022-03-18 23:45:09 +00:00
			`from passlib.context import CryptContext`
plan models + schemas 2022-03-25 23:03:56 +00:00			`from pydantic import BaseModel, Field, validator`
double user creation fail 2022-03-19 18:06:17 +00:00			`from sqlalchemy.exc import IntegrityError`
refactor CRUD utils 2022-03-18 23:45:09 +00:00			`from sqlalchemy.orm import Session`

			`from . import models`
peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`##########`
			`# table: user_capabilities`
			`##########`

peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00
move caps to "User" schema 2022-03-19 18:31:03 +00:00			`class UserCapability(Enum):`
			`admin = "admin"`
plan models + schemas 2022-03-25 23:03:56 +00:00			`login = "login"`
			`issue = "issue"`
			`renew = "renew"`
move caps to "User" schema 2022-03-19 18:31:03 +00:00
Endpoint POST api/dn 2022-03-23 15:44:35 +00:00			`def __repr__(self) -> str:`
			`return self.value`

less messy cap unification 2022-03-19 23:56:11 +00:00			`@classmethod`
			`def from_value(cls, value) -> UserCapability:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Create UserCapability from various formats`
			`"""`

less messy cap unification 2022-03-19 23:56:11 +00:00			`if isinstance(value, cls):`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# value is already a UserCapability, use that`
less messy cap unification 2022-03-19 23:56:11 +00:00			`return value`

			`elif isinstance(value, models.UserCapability):`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# create from db format`
less messy cap unification 2022-03-19 23:56:11 +00:00			`return cls(value.capability)`

			`else:`
			`# create from string representation`
			`return cls(str(value))`
don't make everyone an admin :) 2022-03-19 19:24:43 +00:00
plan models + schemas 2022-03-25 23:03:56 +00:00			`@property`
			`def model(self) -> models.UserCapability:`
			`return models.UserCapability(`
			`capability=self.value,`
			`)`


documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`##########`
			`# table: users`
			`##########`

move caps to "User" schema 2022-03-19 18:31:03 +00:00
peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00			`class UserBase(BaseModel):`
			`name: str`

plan models + schemas 2022-03-25 23:03:56 +00:00			`country: str`
			`state: str`
			`city: str`
			`organization: str`
			`organizational_unit: str`

			`email: str`

			`capabilities: list[UserCapability] = []`

peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00
			`class UserCreate(UserBase):`
			`password: str`


			`class User(UserBase):`
plan models + schemas 2022-03-25 23:03:56 +00:00			`devices: list[Device] = Field(`
Endpoint POST api/dn 2022-03-23 15:44:35 +00:00			`default=[], repr=False`
			`)`
peewee -> sqlalchemy (kind of working) 2022-03-17 17:06:00 +00:00
			`class Config:`
			`orm_mode = True`

move caps to "User" schema 2022-03-19 18:31:03 +00:00			`@validator("capabilities", pre=True)`
			`@classmethod`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`def unify_capabilities(cls, value: list[Any]) -> list[UserCapability]:`
			`"""`
			`Import the capabilities from various formats`
			`"""`

move caps to "User" schema 2022-03-19 18:31:03 +00:00			`return [`
less messy cap unification 2022-03-19 23:56:11 +00:00			`UserCapability.from_value(capability)`
move caps to "User" schema 2022-03-19 18:31:03 +00:00			`for capability in value`
			`]`

refactor CRUD utils 2022-03-18 23:45:09 +00:00			`@classmethod`
some renames 2022-03-19 02:38:32 +00:00			`def from_db(`
refactor CRUD utils 2022-03-18 23:45:09 +00:00			`cls,`
			`db: Session,`
			`name: str,`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`) -> User \| None:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Load user from database by name.`
			`"""`

plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user = models.User(name=name)`
			`db.refresh(db_user)`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00
less messy cap unification 2022-03-19 23:56:11 +00:00			`return cls.from_orm(db_user)`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00
refactor CRUD utils 2022-03-18 23:45:09 +00:00			`@classmethod`
			`def create(`
			`cls,`
			`db: Session,`
			`user: UserCreate,`
			`crypt_context: CryptContext,`
double user creation fail 2022-03-19 18:06:17 +00:00			`) -> User \| None:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Create a new user in the database.`
			`"""`

double user creation fail 2022-03-19 18:06:17 +00:00			`try:`
plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user = models.User(`
double user creation fail 2022-03-19 18:06:17 +00:00			`name=user.name,`
			`password=crypt_context.hash(user.password),`
plan models + schemas 2022-03-25 23:03:56 +00:00			`capabilities=[`
			`capability.model`
			`for capability in user.capabilities`
			`],`
double user creation fail 2022-03-19 18:06:17 +00:00			`)`

plan models + schemas 2022-03-25 23:03:56 +00:00			`db.add(db_user)`
double user creation fail 2022-03-19 18:06:17 +00:00			`db.commit()`
plan models + schemas 2022-03-25 23:03:56 +00:00			`db.refresh(db_user)`
double user creation fail 2022-03-19 18:06:17 +00:00
plan models + schemas 2022-03-25 23:03:56 +00:00			`return cls.from_orm(db_user)`
double user creation fail 2022-03-19 18:06:17 +00:00
			`except IntegrityError:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# user already existed`
double user creation fail 2022-03-19 18:06:17 +00:00			`pass`
refactor CRUD utils 2022-03-18 23:45:09 +00:00
add User.is_admin() 2022-03-23 13:23:33 +00:00			`def is_admin(self) -> bool:`
			`return UserCapability.admin in self.capabilities`

make User.authenticate an instance function 2022-03-20 04:00:14 +00:00			`def authenticate(`
			`self,`
			`db: Session,`
			`password: str,`
			`crypt_context: CryptContext,`
			`) -> User \| None:`
			`"""`
			`Authenticate with name/password against users in database.`
			`"""`

plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user = models.User(name=self.name)`
			`db.refresh(db_user)`

			`if db_user is None:`
make User.authenticate an instance function 2022-03-20 04:00:14 +00:00			`# nonexistent user, fake doing password verification`
			`crypt_context.dummy_verify()`
			`return False`

			`if not crypt_context.verify(password, db_user.password):`
			`# password hash mismatch`
			`return False`

			`self.from_orm(db_user)`

			`return True`

User update 2022-03-20 13:14:12 +00:00			`def update(`
don't make everyone an admin :) 2022-03-19 19:24:43 +00:00			`self,`
			`db: Session,`
give admin user "admin" capability 2022-03-20 00:12:37 +00:00			`) -> None:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
User update 2022-03-20 13:14:12 +00:00			`Update this user in the database.`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`

plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user = models.User(name=self.name)`
			`db.refresh(db_user)`
User update 2022-03-20 13:14:12 +00:00
plan models + schemas 2022-03-25 23:03:56 +00:00			`for capability in db_user.capabilities:`
			`db.delete(capability)`
give admin user "admin" capability 2022-03-20 00:12:37 +00:00
plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user.capabilities = [`
			`capability.model`
			`for capability in self.capabilities`
			`]`
add and remove capabilities 2022-03-23 00:39:19 +00:00
give admin user "admin" capability 2022-03-20 00:12:37 +00:00			`db.commit()`
User creation/deletion 2022-03-23 13:25:00 +00:00
			`def delete(`
			`self,`
			`db: Session,`
			`) -> bool:`
			`"""`
			`Delete this user from the database.`
			`"""`

plan models + schemas 2022-03-25 23:03:56 +00:00			`db_user = models.User(name=self.name)`
			`db.refresh(db_user)`

			`if db_user is None:`
User creation/deletion 2022-03-23 13:25:00 +00:00			`# nonexistent user`
			`return False`

			`db.delete(db_user)`
			`db.commit()`
			`return True`
plan models + schemas 2022-03-25 23:03:56 +00:00

			`##########`
			`# table: devices`
			`##########`


			`class DeviceBase(BaseModel):`
			`name: str`
			`type: str`
			`expiry: datetime`


			`class DeviceCreate(DeviceBase):`
			`owner_name: str`


			`class Device(DeviceBase):`
			`class Config:`
			`orm_mode = True`

			`@classmethod`
			`def create(`
			`cls,`
			`db: Session,`
			`device: DeviceCreate,`
			`) -> Device \| None:`
			`"""`
			`Create a new device in the database.`
			`"""`

			`try:`
			`db_device = models.Device(`
			`owner_name=device.owner_name,`

			`name=device.name,`
			`type=device.type,`
			`expiry=device.expiry,`
			`)`

			`db.add(db_device)`
			`db.commit()`
			`db.refresh(db_device)`

			`return cls.from_orm(db_device)`

			`except IntegrityError:`
			`# device already existed`
			`pass`

			`def delete(`
			`self,`
			`db: Session,`
			`) -> bool:`
			`"""`
			`Delete this device from the database.`
			`"""`

			`db_device = models.Device(`
			`# owner_name=`
			`name=self.name,`
			`)`
			`db.refresh(db_device)`

			`if db_device is None:`
			`# nonexistent device`
			`return False`

			`db.delete(db_device)`
			`db.commit()`
			`return True`