2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
Common dependencies for routers.
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
2022-03-23 00:39:19 +00:00
|
|
|
from fastapi import Depends, HTTPException, status
|
2022-03-19 04:07:19 +00:00
|
|
|
from fastapi.security import OAuth2PasswordBearer
|
|
|
|
|
2022-03-28 20:18:19 +00:00
|
|
|
from ..config import Config, Settings
|
2022-03-28 22:07:12 +00:00
|
|
|
from ..db import User, UserCapabilityType
|
2022-03-19 04:07:19 +00:00
|
|
|
|
2022-03-28 20:18:19 +00:00
|
|
|
oauth2_scheme = OAuth2PasswordBearer(
|
|
|
|
tokenUrl=f"{Settings._.api_v1_prefix}/user/authenticate"
|
|
|
|
)
|
2022-03-19 04:07:19 +00:00
|
|
|
|
|
|
|
|
2022-03-19 17:11:52 +00:00
|
|
|
class Responses:
|
2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
Just a namespace.
|
|
|
|
|
|
|
|
Describes API response status codes.
|
|
|
|
"""
|
|
|
|
|
|
|
|
OK = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
INSTALLED = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"description": "kiwi-vpn already installed",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
NOT_INSTALLED = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"description": "kiwi-vpn not installed",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
NEEDS_USER = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"description": "Must be logged in",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
NEEDS_ADMIN = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"description": "Must be admin",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-29 00:01:12 +00:00
|
|
|
NEEDS_REQUESTED_USER = {
|
2022-03-23 15:44:35 +00:00
|
|
|
"description": "Must be the requested user",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
ENTRY_EXISTS = {
|
2022-03-19 18:06:28 +00:00
|
|
|
"description": "Entry exists in database",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-23 13:25:00 +00:00
|
|
|
ENTRY_DOESNT_EXIST = {
|
|
|
|
"description": "Entry does not exist in database",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-29 15:38:36 +00:00
|
|
|
CANT_TARGET_SELF = {
|
|
|
|
"description": "Operation can't target yourself",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-19 17:11:52 +00:00
|
|
|
|
|
|
|
|
2022-03-19 04:07:19 +00:00
|
|
|
async def get_current_user(
|
|
|
|
token: str = Depends(oauth2_scheme),
|
|
|
|
current_config: Config | None = Depends(Config.load),
|
2022-03-23 00:39:19 +00:00
|
|
|
) -> User | None:
|
2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
Get the currently logged-in user from the database.
|
|
|
|
"""
|
|
|
|
|
|
|
|
# can't connect to an unconfigured database
|
2022-03-19 04:07:19 +00:00
|
|
|
if current_config is None:
|
2022-03-24 15:51:36 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
|
2022-03-19 04:07:19 +00:00
|
|
|
|
|
|
|
username = await current_config.jwt.decode_token(token)
|
|
|
|
|
2022-03-28 01:31:37 +00:00
|
|
|
return User.get(username)
|
2022-03-23 00:39:19 +00:00
|
|
|
|
|
|
|
|
2022-03-24 15:51:36 +00:00
|
|
|
async def get_current_user_if_exists(
|
2022-03-23 00:39:19 +00:00
|
|
|
current_user: User | None = Depends(get_current_user),
|
|
|
|
) -> User:
|
|
|
|
"""
|
2022-03-24 15:51:36 +00:00
|
|
|
Get the currently logged-in user if it exists.
|
2022-03-23 00:39:19 +00:00
|
|
|
"""
|
|
|
|
|
2022-03-23 01:14:02 +00:00
|
|
|
# fail if not requested by a user
|
|
|
|
if current_user is None:
|
2022-03-29 15:56:05 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
|
2022-03-23 01:14:02 +00:00
|
|
|
|
2022-03-24 15:51:36 +00:00
|
|
|
return current_user
|
|
|
|
|
|
|
|
|
2022-03-29 15:39:02 +00:00
|
|
|
async def get_current_user_if_admin(
|
2022-03-24 15:51:36 +00:00
|
|
|
current_user: User = Depends(get_current_user_if_exists),
|
|
|
|
) -> User:
|
|
|
|
"""
|
2022-03-29 00:13:38 +00:00
|
|
|
Fail if the currently logged-in user is not an admin.
|
2022-03-24 15:51:36 +00:00
|
|
|
"""
|
|
|
|
|
2022-03-28 21:41:49 +00:00
|
|
|
if not current_user.can(UserCapabilityType.admin):
|
2022-03-23 01:14:02 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
|
|
|
|
2022-03-29 15:39:02 +00:00
|
|
|
return current_user
|
|
|
|
|
2022-03-23 01:14:02 +00:00
|
|
|
|
2022-03-29 00:01:12 +00:00
|
|
|
async def get_user_by_name(
|
2022-03-23 01:14:02 +00:00
|
|
|
user_name: str,
|
2022-03-24 15:51:36 +00:00
|
|
|
current_user: User = Depends(get_current_user_if_exists),
|
2022-03-23 01:14:02 +00:00
|
|
|
) -> User:
|
|
|
|
"""
|
2022-03-29 00:01:12 +00:00
|
|
|
Get a user by name.
|
2022-03-23 01:14:02 +00:00
|
|
|
|
2022-03-29 00:01:12 +00:00
|
|
|
Works if a) the currently logged-in user is an admin,
|
|
|
|
or b) if it is the requested user.
|
2022-03-23 01:14:02 +00:00
|
|
|
"""
|
|
|
|
|
2022-03-29 00:01:12 +00:00
|
|
|
# check if current user is admin
|
|
|
|
if current_user.can(UserCapabilityType.admin):
|
|
|
|
# fail if requested user doesn't exist
|
|
|
|
if (user := User.get(user_name)) is None:
|
|
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
# check if current user is requested user
|
|
|
|
elif current_user.name == user_name:
|
|
|
|
pass
|
|
|
|
|
|
|
|
# current user is neither admin nor the requested user
|
|
|
|
else:
|
2022-03-23 00:39:19 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
2022-03-24 15:51:36 +00:00
|
|
|
|
2022-03-29 00:01:12 +00:00
|
|
|
return user
|