2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
Common dependencies for routers.
|
|
|
|
"""
|
|
|
|
|
2022-03-23 00:39:19 +00:00
|
|
|
from fastapi import Depends, HTTPException, status
|
2022-03-19 04:07:19 +00:00
|
|
|
from fastapi.security import OAuth2PasswordBearer
|
|
|
|
|
2022-04-05 21:33:48 +00:00
|
|
|
from ..config import SETTINGS, Config
|
2022-03-29 16:35:41 +00:00
|
|
|
from ..db import Device, User
|
2022-04-07 11:37:36 +00:00
|
|
|
from ..easyrsa import EASYRSA, EasyRSA
|
2022-03-19 04:07:19 +00:00
|
|
|
|
2022-03-28 20:18:19 +00:00
|
|
|
oauth2_scheme = OAuth2PasswordBearer(
|
2022-04-05 21:33:48 +00:00
|
|
|
tokenUrl=f"{SETTINGS.api_v1_prefix}/user/authenticate"
|
2022-03-28 20:18:19 +00:00
|
|
|
)
|
2022-03-19 04:07:19 +00:00
|
|
|
|
|
|
|
|
2022-03-19 17:11:52 +00:00
|
|
|
class Responses:
|
2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
Just a namespace.
|
|
|
|
|
|
|
|
Describes API response status codes.
|
|
|
|
"""
|
|
|
|
|
|
|
|
OK = {
|
2022-04-07 11:59:42 +00:00
|
|
|
"description": "Operation successful",
|
|
|
|
}
|
|
|
|
OK_NONE = {
|
|
|
|
"description": "Operation successful",
|
2022-03-19 17:11:52 +00:00
|
|
|
"content": None,
|
|
|
|
}
|
2022-04-07 11:59:42 +00:00
|
|
|
OK_WAIT = {
|
|
|
|
"description": "Operation successful, waiting for approval",
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
NOT_INSTALLED = {
|
2022-03-19 17:11:52 +00:00
|
|
|
"description": "kiwi-vpn not installed",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
NEEDS_USER = {
|
2022-04-01 17:15:56 +00:00
|
|
|
"description": "Not logged in",
|
2022-03-19 17:11:52 +00:00
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-30 02:02:45 +00:00
|
|
|
NEEDS_PERMISSION = {
|
2022-03-31 16:49:04 +00:00
|
|
|
"description": "Operation not permitted",
|
2022-03-23 15:44:35 +00:00
|
|
|
"content": None,
|
|
|
|
}
|
2022-04-07 09:43:58 +00:00
|
|
|
NEEDS_PKI = {
|
|
|
|
"description": "PKI hasn't been initialized",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-04-01 06:35:28 +00:00
|
|
|
ENTRY_ADDED = {
|
|
|
|
"description": "Entry added to database",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-20 03:45:40 +00:00
|
|
|
ENTRY_EXISTS = {
|
2022-03-19 18:06:28 +00:00
|
|
|
"description": "Entry exists in database",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-23 13:25:00 +00:00
|
|
|
ENTRY_DOESNT_EXIST = {
|
|
|
|
"description": "Entry does not exist in database",
|
|
|
|
"content": None,
|
|
|
|
}
|
2022-03-19 17:11:52 +00:00
|
|
|
|
|
|
|
|
2022-03-30 20:57:09 +00:00
|
|
|
async def get_current_config(
|
2022-03-19 04:07:19 +00:00
|
|
|
current_config: Config | None = Depends(Config.load),
|
2022-03-30 20:57:09 +00:00
|
|
|
) -> Config:
|
2022-03-20 03:45:40 +00:00
|
|
|
"""
|
2022-03-30 20:57:09 +00:00
|
|
|
Get the current configuration if it exists.
|
2022-04-01 17:05:57 +00:00
|
|
|
|
|
|
|
Status:
|
|
|
|
|
|
|
|
- 400: `kiwi-vpn` not installed
|
2022-03-20 03:45:40 +00:00
|
|
|
"""
|
|
|
|
|
2022-03-30 20:57:09 +00:00
|
|
|
# fail if not configured
|
2022-03-19 04:07:19 +00:00
|
|
|
if current_config is None:
|
2022-03-24 15:51:36 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
|
2022-03-19 04:07:19 +00:00
|
|
|
|
2022-03-30 20:57:09 +00:00
|
|
|
return current_config
|
|
|
|
|
|
|
|
|
|
|
|
async def get_current_user(
|
|
|
|
token: str = Depends(oauth2_scheme),
|
|
|
|
current_config: Config = Depends(get_current_config),
|
|
|
|
) -> User:
|
|
|
|
"""
|
|
|
|
Get the currently logged-in user if it exists.
|
2022-04-01 17:05:57 +00:00
|
|
|
|
|
|
|
Status:
|
|
|
|
|
2022-04-07 06:23:09 +00:00
|
|
|
- (400: `kiwi-vpn` not installed)
|
|
|
|
- 401: No auth token provided/not logged in
|
2022-04-01 17:05:57 +00:00
|
|
|
- 403: invalid auth token, or user not found
|
2022-03-30 20:57:09 +00:00
|
|
|
"""
|
|
|
|
|
2022-03-31 16:32:07 +00:00
|
|
|
# don't use error 404 here - possible user enumeration
|
2022-03-19 04:07:19 +00:00
|
|
|
|
2022-03-23 01:14:02 +00:00
|
|
|
# fail if not requested by a user
|
2022-03-31 16:32:07 +00:00
|
|
|
if (username := await current_config.jwt.decode_token(token)) is None:
|
|
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
|
|
|
|
2022-03-29 23:36:23 +00:00
|
|
|
if (user := User.get(username)) is None:
|
2022-03-29 16:12:29 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
2022-03-23 01:14:02 +00:00
|
|
|
|
2022-03-29 23:36:23 +00:00
|
|
|
return user
|
2022-03-24 15:51:36 +00:00
|
|
|
|
|
|
|
|
2022-03-29 00:01:12 +00:00
|
|
|
async def get_user_by_name(
|
2022-03-23 01:14:02 +00:00
|
|
|
user_name: str,
|
2022-04-01 17:05:57 +00:00
|
|
|
) -> User:
|
2022-03-23 01:14:02 +00:00
|
|
|
"""
|
2022-03-29 00:01:12 +00:00
|
|
|
Get a user by name.
|
2022-04-01 17:05:57 +00:00
|
|
|
|
|
|
|
Status:
|
|
|
|
|
2022-04-07 06:23:09 +00:00
|
|
|
- 403: user not found
|
2022-03-23 01:14:02 +00:00
|
|
|
"""
|
|
|
|
|
2022-04-07 06:23:09 +00:00
|
|
|
# don't use error 404 here - possible user enumeration
|
|
|
|
|
|
|
|
# fail if user doesn't exist
|
2022-04-01 17:05:57 +00:00
|
|
|
if (user := User.get(user_name)) is None:
|
2022-04-07 06:23:09 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
|
2022-04-01 17:05:57 +00:00
|
|
|
|
|
|
|
return user
|
2022-03-29 16:12:55 +00:00
|
|
|
|
|
|
|
|
2022-03-29 15:56:12 +00:00
|
|
|
async def get_device_by_id(
|
|
|
|
device_id: int,
|
2022-04-01 17:05:57 +00:00
|
|
|
) -> Device:
|
|
|
|
"""
|
|
|
|
Get a device by ID.
|
2022-03-29 15:56:12 +00:00
|
|
|
|
2022-04-01 17:05:57 +00:00
|
|
|
Status:
|
|
|
|
|
|
|
|
- 404: device not found
|
|
|
|
"""
|
2022-03-29 15:56:12 +00:00
|
|
|
|
|
|
|
# fail if device doesn't exist
|
2022-03-29 23:36:23 +00:00
|
|
|
if (device := Device.get(device_id)) is None:
|
2022-03-29 15:56:12 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
return device
|
2022-04-07 09:43:58 +00:00
|
|
|
|
|
|
|
|
|
|
|
async def get_pki() -> EasyRSA:
|
|
|
|
"""
|
|
|
|
Get the EasyRSA object if the CA has been built.
|
|
|
|
|
|
|
|
Status:
|
|
|
|
|
|
|
|
- 425: EasyRSA not initialized
|
|
|
|
"""
|
|
|
|
|
2022-04-07 11:37:36 +00:00
|
|
|
if EASYRSA.get_certificate() is None:
|
2022-04-07 09:43:58 +00:00
|
|
|
raise HTTPException(status_code=status.HTTP_425_TOO_EARLY)
|
|
|
|
|
|
|
|
return EASYRSA
|