kiwi-vpn/api/kiwi_vpn_api/routers/_common.py

"""
Common dependencies for routers.
"""


from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from sqlalchemy.orm import Session

from ..config import Config
from ..db import Connection
from ..db.schemata import User

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/authenticate")


class Responses:
    """
    Just a namespace.

    Describes API response status codes.
    """

    OK = {
        "content": None,
    }
    INSTALLED = {
        "description": "kiwi-vpn already installed",
        "content": None,
    }
    NOT_INSTALLED = {
        "description": "kiwi-vpn not installed",
        "content": None,
    }
    NEEDS_USER = {
        "description": "Must be logged in",
        "content": None,
    }
    NEEDS_ADMIN = {
        "description": "Must be admin",
        "content": None,
    }
    NEEDS_ADMIN_OR_SELF = {
        "description": "Must be the requested user",
        "content": None,
    }
    ENTRY_EXISTS = {
        "description": "Entry exists in database",
        "content": None,
    }
    ENTRY_DOESNT_EXIST = {
        "description": "Entry does not exist in database",
        "content": None,
    }


async def get_current_user(
    token: str = Depends(oauth2_scheme),
    db: Session | None = Depends(Connection.get),
    current_config: Config | None = Depends(Config.load),
) -> User | None:
    """
    Get the currently logged-in user from the database.
    """

    # can't connect to an unconfigured database
    if current_config is None:
        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)

    username = await current_config.jwt.decode_token(token)
    user = User.from_db(db, username)

    return user


async def get_current_user_if_exists(
    current_config: Config | None = Depends(Config.load),
    current_user: User | None = Depends(get_current_user),
) -> User:
    """
    Get the currently logged-in user if it exists.
    """

    # fail if not requested by a user
    if current_user is None:
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    return current_user


async def get_current_user_if_admin(
    current_config: Config | None = Depends(Config.load),
    current_user: User = Depends(get_current_user_if_exists),
) -> User:
    """
    Get the currently logged-in user if it is an admin.
    """

    # fail if not requested by an admin
    if not current_user.is_admin():
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    return current_user


async def get_current_user_if_admin_or_self(
    user_name: str,
    current_config: Config | None = Depends(Config.load),
    current_user: User = Depends(get_current_user_if_exists),
) -> User:
    """
    Get the currently logged-in user.

    Fails a) if the currently logged-in user is not the requested user,
    and b) if it is not an admin.
    """

    # fail if not requested by an admin or self
    if not (current_user.is_admin() or current_user.name == user_name):
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    return current_user
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Common dependencies for routers.`
			`"""`


add and remove capabilities 2022-03-23 00:39:19 +00:00			`from fastapi import Depends, HTTPException, status`
get_current_user into deps 2022-03-19 04:07:19 +00:00			`from fastapi.security import OAuth2PasswordBearer`
			`from sqlalchemy.orm import Session`

			`from ..config import Config`
brevity 2022-03-20 02:32:40 +00:00			`from ..db import Connection`
split db.schemas -> db.schemata package 2022-03-25 23:54:19 +00:00			`from ..db.schemata import User`
get_current_user into deps 2022-03-19 04:07:19 +00:00
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/authenticate")`
get_current_user into deps 2022-03-19 04:07:19 +00:00

"install" endpoint 2022-03-19 17:11:52 +00:00			`class Responses:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Just a namespace.`

			`Describes API response status codes.`
			`"""`

			`OK = {`
"install" endpoint 2022-03-19 17:11:52 +00:00			`"content": None,`
			`}`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`INSTALLED = {`
"install" endpoint 2022-03-19 17:11:52 +00:00			`"description": "kiwi-vpn already installed",`
			`"content": None,`
			`}`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`NOT_INSTALLED = {`
"install" endpoint 2022-03-19 17:11:52 +00:00			`"description": "kiwi-vpn not installed",`
			`"content": None,`
			`}`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`NEEDS_USER = {`
"install" endpoint 2022-03-19 17:11:52 +00:00			`"description": "Must be logged in",`
			`"content": None,`
			`}`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`NEEDS_ADMIN = {`
"install" endpoint 2022-03-19 17:11:52 +00:00			`"description": "Must be admin",`
			`"content": None,`
			`}`
Endpoint POST api/dn 2022-03-23 15:44:35 +00:00			`NEEDS_ADMIN_OR_SELF = {`
			`"description": "Must be the requested user",`
			`"content": None,`
			`}`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`ENTRY_EXISTS = {`
new user creation 2022-03-19 18:06:28 +00:00			`"description": "Entry exists in database",`
			`"content": None,`
			`}`
User creation/deletion 2022-03-23 13:25:00 +00:00			`ENTRY_DOESNT_EXIST = {`
			`"description": "Entry does not exist in database",`
			`"content": None,`
			`}`
"install" endpoint 2022-03-19 17:11:52 +00:00

get_current_user into deps 2022-03-19 04:07:19 +00:00			`async def get_current_user(`
			`token: str = Depends(oauth2_scheme),`
			`db: Session \| None = Depends(Connection.get),`
			`current_config: Config \| None = Depends(Config.load),`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`) -> User \| None:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Get the currently logged-in user from the database.`
			`"""`

			`# can't connect to an unconfigured database`
get_current_user into deps 2022-03-19 04:07:19 +00:00			`if current_config is None:`
fix common getters 2022-03-24 15:51:36 +00:00			`raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)`
get_current_user into deps 2022-03-19 04:07:19 +00:00
			`username = await current_config.jwt.decode_token(token)`
brevity 2022-03-20 02:32:40 +00:00			`user = User.from_db(db, username)`
get_current_user into deps 2022-03-19 04:07:19 +00:00
			`return user`
add and remove capabilities 2022-03-23 00:39:19 +00:00

fix common getters 2022-03-24 15:51:36 +00:00			`async def get_current_user_if_exists(`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`current_config: Config \| None = Depends(Config.load),`
			`current_user: User \| None = Depends(get_current_user),`
			`) -> User:`
			`"""`
fix common getters 2022-03-24 15:51:36 +00:00			`Get the currently logged-in user if it exists.`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`"""`

brevity 2022-03-23 01:14:02 +00:00			`# fail if not requested by a user`
			`if current_user is None:`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`

fix common getters 2022-03-24 15:51:36 +00:00			`return current_user`


			`async def get_current_user_if_admin(`
			`current_config: Config \| None = Depends(Config.load),`
			`current_user: User = Depends(get_current_user_if_exists),`
			`) -> User:`
			`"""`
			`Get the currently logged-in user if it is an admin.`
			`"""`

add and remove capabilities 2022-03-23 00:39:19 +00:00			`# fail if not requested by an admin`
brevity 2022-03-23 01:14:02 +00:00			`if not current_user.is_admin():`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`

fix common getters 2022-03-24 15:51:36 +00:00			`return current_user`

brevity 2022-03-23 01:14:02 +00:00
			`async def get_current_user_if_admin_or_self(`
			`user_name: str,`
			`current_config: Config \| None = Depends(Config.load),`
fix common getters 2022-03-24 15:51:36 +00:00			`current_user: User = Depends(get_current_user_if_exists),`
brevity 2022-03-23 01:14:02 +00:00			`) -> User:`
			`"""`
			`Get the currently logged-in user.`

			`Fails a) if the currently logged-in user is not the requested user,`
			`and b) if it is not an admin.`
			`"""`

			`# fail if not requested by an admin or self`
			`if not (current_user.is_admin() or current_user.name == user_name):`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`
fix common getters 2022-03-24 15:51:36 +00:00
			`return current_user`