kiwi-vpn/api/kiwi_vpn_api/routers/user.py

"""
/user endpoints.
"""

from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from pydantic import BaseModel

from ..config import Config
from ..db import TagValue, User, UserCreate, UserRead
from ._common import (Responses, get_current_config, get_current_user,
                      get_user_by_name)

router = APIRouter(prefix="/user", tags=["user"])


class Token(BaseModel):
    """
    Response model for issuing tokens.
    """

    access_token: str
    token_type: str


@router.post(
    "/authenticate",
    responses={
        status.HTTP_200_OK: Responses.OK_NONE,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
    },
    response_model=Token,
)
async def login(
    form_data: OAuth2PasswordRequestForm = Depends(),
    current_config: Config = Depends(get_current_config),
):
    """
    POST ./authenticate: Authenticate a user. Issues a bearer token.

    Status:

    - 401: username/password is incorrect
    """

    # try logging in
    if (user := User.authenticate(
        name=form_data.username,
        password=form_data.password,
    )) is None:
        # authentication failed
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Could not validate credentials",
            headers={"WWW-Authenticate": "Bearer"},
        )

    # authentication succeeded
    access_token = await current_config.jwt.create_token(user.name)
    return {"access_token": access_token, "token_type": "bearer"}


@router.get(
    "/current",
    responses={
        status.HTTP_200_OK: Responses.OK_NONE,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_USER,
    },
    response_model=UserRead,
)
async def get_current_user_route(
    current_user: User = Depends(get_current_user),
):
    """
    GET ./current: Respond with the currently logged-in user.
    """

    return current_user


@router.post(
    "",
    responses={
        status.HTTP_201_CREATED: Responses.ENTRY_ADDED,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
        status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
    },
    response_model=UserRead,
    status_code=status.HTTP_201_CREATED,
)
async def add_user(
    user: UserCreate,
    current_user: User = Depends(get_current_user),
) -> User:
    """
    POST ./: Create a new user in the database.

    Status:

    - 403: no user permission to create user
    - 409: user could not be created
    """

    # check permissions
    if not current_user.can_create(User):
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    # create the new user
    new_user = User.create(user=user)

    # fail if creation was unsuccessful
    if new_user is None:
        raise HTTPException(status_code=status.HTTP_409_CONFLICT)

    new_user.add_tags([TagValue.login])
    new_user.update()

    # return the created user on success
    return new_user


@router.delete(
    "/{user_name}",
    responses={
        status.HTTP_200_OK: Responses.OK_NONE,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
    },
    response_model=User,
)
async def remove_user(
    current_user: User = Depends(get_current_user),
    user: User = Depends(get_user_by_name),
):
    """
    DELETE ./{user_name}: Remove a user from the database.

    Status:

    - 403: no user permission to admin user
    """

    # check permissions
    if not current_user.can_admin(user):
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    # delete user
    user.delete()


@router.post(
    "/{user_name}/tags",
    responses={
        status.HTTP_201_CREATED: Responses.ENTRY_ADDED,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
    },
    status_code=status.HTTP_201_CREATED,
)
async def extend_tags(
    tags: list[TagValue],
    current_user: User = Depends(get_current_user),
    user: User = Depends(get_user_by_name),
):
    """
    POST ./{user_name}/tags: Add tags to a user.

    Status:

    - 403: no user permission to admin user
    """

    # check permissions
    if not current_user.can_admin(user):
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    # change user
    user.add_tags(tags)
    user.update()


@router.delete(
    "/{user_name}/tags",
    responses={
        status.HTTP_200_OK: Responses.OK_NONE,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
    },
)
async def remove_tags(
    tags: list[TagValue],
    current_user: User = Depends(get_current_user),
    user: User = Depends(get_user_by_name),
):
    """
    DELETE ./{user_name}/tags: Remove tags from a user.

    Status:

    - 403: no user permission to admin user
    """

    # check permissions
    if not current_user.can_admin(user):
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    # change user
    user.remove_tags(tags)
    user.update()
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`/user endpoints.`
			`"""`

basic API with OAuth2 and a little sqlite DB 2022-03-15 16:19:37 +00:00			`from fastapi import APIRouter, Depends, HTTPException, status`
get_current_user into deps 2022-03-19 04:07:19 +00:00			`from fastapi.security import OAuth2PasswordRequestForm`
basic API with OAuth2 and a little sqlite DB 2022-03-15 16:19:37 +00:00			`from pydantic import BaseModel`

JWT handling 2022-03-19 02:22:49 +00:00			`from ..config import Config`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`from ..db import TagValue, User, UserCreate, UserRead`
get_current_config dependable 2022-03-30 20:57:09 +00:00			`from ._common import (Responses, get_current_config, get_current_user,`
			`get_user_by_name)`
relative imports 2022-03-15 16:25:07 +00:00
router tags 2022-03-24 23:45:01 +00:00			`router = APIRouter(prefix="/user", tags=["user"])`
basic API with OAuth2 and a little sqlite DB 2022-03-15 16:19:37 +00:00

			`class Token(BaseModel):`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`Response model for issuing tokens.`
			`"""`

basic API with OAuth2 and a little sqlite DB 2022-03-15 16:19:37 +00:00			`access_token: str`
			`token_type: str`


HTTP status codes and documentation 2022-04-07 06:23:09 +00:00			`@router.post(`
			`"/authenticate",`
			`responses={`
HTTP 2XX rework 2022-04-07 11:59:42 +00:00			`status.HTTP_200_OK: Responses.OK_NONE,`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
			`},`
			`response_model=Token,`
			`)`
refactor CRUD utils 2022-03-18 23:45:09 +00:00			`async def login(`
"auth" -> "user" 2022-03-18 23:04:28 +00:00			`form_data: OAuth2PasswordRequestForm = Depends(),`
get_current_config dependable 2022-03-30 20:57:09 +00:00			`current_config: Config = Depends(get_current_config),`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`):`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`POST ./authenticate: Authenticate a user. Issues a bearer token.`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00
			`Status:`

			`- 401: username/password is incorrect`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`

			`# try logging in`
basic permissions system 2022-03-29 23:36:23 +00:00			`if (user := User.authenticate(`
fix user router 2022-03-28 20:18:19 +00:00			`name=form_data.username,`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`password=form_data.password,`
basic permissions system 2022-03-29 23:36:23 +00:00			`)) is None:`
make User.authenticate an instance function 2022-03-20 04:00:14 +00:00			`# authentication failed`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Could not validate credentials",`
			`headers={"WWW-Authenticate": "Bearer"},`
			`)`

documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# authentication succeeded`
get_current_user into deps 2022-03-19 04:07:19 +00:00			`access_token = await current_config.jwt.create_token(user.name)`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`return {"access_token": access_token, "token_type": "bearer"}`


HTTP status codes and documentation 2022-04-07 06:23:09 +00:00			`@router.get(`
			`"/current",`
			`responses={`
HTTP 2XX rework 2022-04-07 11:59:42 +00:00			`status.HTTP_200_OK: Responses.OK_NONE,`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
			`status.HTTP_403_FORBIDDEN: Responses.NEEDS_USER,`
			`},`
			`response_model=UserRead,`
			`)`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`async def get_current_user_route(`
basic permissions system 2022-03-29 23:36:23 +00:00			`current_user: User = Depends(get_current_user),`
/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`):`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
			`GET ./current: Respond with the currently logged-in user.`
			`"""`

/user/auth and GET /user/current working 2022-03-19 00:38:57 +00:00			`return current_user`
new user creation 2022-03-19 18:06:28 +00:00

			`@router.post(`
typo 2022-03-23 13:40:14 +00:00			`"",`
new user creation 2022-03-19 18:06:28 +00:00			`responses={`
HTTP 201 2022-04-01 06:35:28 +00:00			`status.HTTP_201_CREATED: Responses.ENTRY_ADDED,`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
remove NEEDS_ADMIN 2022-03-30 02:07:22 +00:00			`status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,`
new user creation 2022-03-19 18:06:28 +00:00			`},`
minor bugs 2022-03-28 23:11:58 +00:00			`response_model=UserRead,`
HTTP 201 2022-04-01 06:35:28 +00:00			`status_code=status.HTTP_201_CREATED,`
new user creation 2022-03-19 18:06:28 +00:00			`)`
			`async def add_user(`
brevity 2022-03-20 02:32:40 +00:00			`user: UserCreate,`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`current_user: User = Depends(get_current_user),`
minor bugs 2022-03-28 23:11:58 +00:00			`) -> User:`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`
User creation/deletion 2022-03-23 13:25:00 +00:00			`POST ./: Create a new user in the database.`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00
			`Status:`

			`- 403: no user permission to create user`
			`- 409: user could not be created`
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`"""`

remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# check permissions`
			`if not current_user.can_create(User):`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`

			`# create the new user`
User.create() methods 2022-03-29 00:01:28 +00:00			`new_user = User.create(user=user)`
new user creation 2022-03-19 18:06:28 +00:00
documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# fail if creation was unsuccessful`
new user creation 2022-03-19 18:06:28 +00:00			`if new_user is None:`
			`raise HTTPException(status_code=status.HTTP_409_CONFLICT)`

rework User methods 2022-03-30 01:51:43 +00:00			`new_user.add_tags([TagValue.login])`
minor bugs 2022-03-28 23:11:58 +00:00			`new_user.update()`

documentation & some minor refactoring 2022-03-20 03:45:40 +00:00			`# return the created user on success`
new user creation 2022-03-19 18:06:28 +00:00			`return new_user`
add and remove capabilities 2022-03-23 00:39:19 +00:00

User creation/deletion 2022-03-23 13:25:00 +00:00			`@router.delete(`
			`"/{user_name}",`
			`responses={`
HTTP 2XX rework 2022-04-07 11:59:42 +00:00			`status.HTTP_200_OK: Responses.OK_NONE,`
User creation/deletion 2022-03-23 13:25:00 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,`
User creation/deletion 2022-03-23 13:25:00 +00:00			`},`
			`response_model=User,`
			`)`
			`async def remove_user(`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`current_user: User = Depends(get_current_user),`
use get_user_by_name 2022-03-29 00:10:24 +00:00			`user: User = Depends(get_user_by_name),`
User creation/deletion 2022-03-23 13:25:00 +00:00			`):`
			`"""`
			`DELETE ./{user_name}: Remove a user from the database.`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00
			`Status:`

			`- 403: no user permission to admin user`
User creation/deletion 2022-03-23 13:25:00 +00:00			`"""`

remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# check permissions`
			`if not current_user.can_admin(user):`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`
don't delete yourself 2022-03-29 15:38:36 +00:00
fix user router 2022-03-28 20:18:19 +00:00			`# delete user`
			`user.delete()`

User creation/deletion 2022-03-23 13:25:00 +00:00
add and remove capabilities 2022-03-23 00:39:19 +00:00			`@router.post(`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`"/{user_name}/tags",`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`responses={`
HTTP 201 2022-04-01 06:35:28 +00:00			`status.HTTP_201_CREATED: Responses.ENTRY_ADDED,`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
remove NEEDS_ADMIN 2022-03-30 02:07:22 +00:00			`status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`},`
HTTP 201 2022-04-01 06:35:28 +00:00			`status_code=status.HTTP_201_CREATED,`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`)`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`async def extend_tags(`
			`tags: list[TagValue],`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`current_user: User = Depends(get_current_user),`
use get_user_by_name 2022-03-29 00:10:24 +00:00			`user: User = Depends(get_user_by_name),`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`):`
			`"""`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`POST ./{user_name}/tags: Add tags to a user.`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00
			`Status:`

			`- 403: no user permission to admin user`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`"""`

remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# check permissions`
			`if not current_user.can_admin(user):`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`
add and remove capabilities 2022-03-23 00:39:19 +00:00
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# change user`
			`user.add_tags(tags)`
fix user router 2022-03-28 20:18:19 +00:00			`user.update()`
add and remove capabilities 2022-03-23 00:39:19 +00:00

			`@router.delete(`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`"/{user_name}/tags",`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`responses={`
HTTP 2XX rework 2022-04-07 11:59:42 +00:00			`status.HTTP_200_OK: Responses.OK_NONE,`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,`
			`status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,`
remove NEEDS_ADMIN 2022-03-30 02:07:22 +00:00			`status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`},`
			`)`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`async def remove_tags(`
			`tags: list[TagValue],`
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`current_user: User = Depends(get_current_user),`
use get_user_by_name 2022-03-29 00:10:24 +00:00			`user: User = Depends(get_user_by_name),`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`):`
			`"""`
rename "capability" -> "tag" 2022-03-29 19:57:33 +00:00			`DELETE ./{user_name}/tags: Remove tags from a user.`
HTTP status codes and documentation 2022-04-07 06:23:09 +00:00
			`Status:`

			`- 403: no user permission to admin user`
add and remove capabilities 2022-03-23 00:39:19 +00:00			`"""`

remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# check permissions`
			`if not current_user.can_admin(user):`
			`raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)`
add and remove capabilities 2022-03-23 00:39:19 +00:00
remove get_current_user_if_admin 2022-03-30 02:02:45 +00:00			`# change user`
			`user.remove_tags(tags)`
fix user router 2022-03-28 20:18:19 +00:00			`user.update()`