Yavook.de/kiwi-vpn
1
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

/user/auth and GET /user/current working

Browse source
This commit is contained in:
Jörn-Michael Miehe 2022-03-19 00:38:57 +00:00
parent 05679409a5
commit 3cc29d4fd8
3 changed files with 91 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
api/kiwi_vpn_api/db/schemas.py
View file

@ -31,9 +31,14 @@ class UserBase(BaseModel):
@validator("capabilities", pre=True) @validator("capabilities", pre=True)
@classmethod @classmethod
def caps_from_orm(cls, value: list[models.UserCapability]) -> list[str]: def unify_capabilities(
cls,
value: list[models.UserCapability | str]
) -> list[str]:
return [ return [
capability.capability capability.capability
if isinstance(capability, models.UserCapability)
else str(capability)
for capability in value for capability in value
] ]
@ -53,12 +58,37 @@ class User(UserBase):
cls, cls,
db: Session, db: Session,
name: str, name: str,
) -> User: ) -> User | None:
user = (db user = (db
.query(models.User) .query(models.User)
.filter(models.User.name == name) .filter(models.User.name == name)
.first()) .first())
if user is None:
return None
return cls.from_orm(user)
@classmethod
def verify(
cls,
db: Session,
name: str,
password: str,
crypt_context: CryptContext,
) -> User | None:
user = (db
.query(models.User)
.filter(models.User.name == name)
.first())
if user is None:
crypt_context.dummy_verify()
return None
if not crypt_context.verify(password, user.password):
return None
return cls.from_orm(user) return cls.from_orm(user)
@classmethod @classmethod

5
api/kiwi_vpn_api/main.py
View file

@ -38,9 +38,10 @@ async def on_startup() -> None:
if (current_config := await Config.get()) is not None: if (current_config := await Config.get()) is not None:
Connection.connect(current_config.db_engine) Connection.connect(current_config.db_engine)
# some testing
async for db in Connection.get(): async for db in Connection.get():
user = schemas.User.get(db, "admin") print(schemas.User.get(db, "admin"))
print(str(user)) print(schemas.User.get(db, "nonexistent"))
def main() -> None: def main() -> None:

72
api/kiwi_vpn_api/routers/user.py
View file

@ -2,16 +2,16 @@ from datetime import datetime, timedelta
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jose import jwt from jose import JWTError, jwt
from pydantic import BaseModel from pydantic import BaseModel
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from ..config import Config from ..config import Config, JWTConfig
from ..db import Connection, schemas from ..db import Connection, schemas
router = APIRouter(prefix="/user") router = APIRouter(prefix="/user")
SCHEME = OAuth2PasswordBearer( SCHEME = OAuth2PasswordBearer(
tokenUrl=f".{router.prefix}/token", tokenUrl=f".{router.prefix}/auth",
) )
@ -20,20 +20,25 @@ class Token(BaseModel):
token_type: str token_type: str
class TokenData(BaseModel):
username: str | None = None
def create_access_token( def create_access_token(
data: dict, data: dict,
jwt_config: JWTConfig,
expires_delta: timedelta | None = None, expires_delta: timedelta | None = None,
config: Config = Depends(Config.get),
): ):
to_encode = data.copy() to_encode = data.copy()
if expires_delta is None: if expires_delta is None:
expires_delta = timedelta(minutes=15) expires_delta = timedelta(minutes=jwt_config.expiry_minutes)
to_encode.update({"exp": datetime.utcnow() + expires_delta}) to_encode.update({"exp": datetime.utcnow() + expires_delta})
return jwt.encode( return jwt.encode(
to_encode, to_encode,
config.jwt.secret, jwt_config.secret,
algorithm=config.jwt.hash_algorithm, algorithm=jwt_config.hash_algorithm,
) )
@ -42,23 +47,58 @@ async def login(
form_data: OAuth2PasswordRequestForm = Depends(), form_data: OAuth2PasswordRequestForm = Depends(),
config: Config = Depends(Config.get), config: Config = Depends(Config.get),
db: Session = Depends(Connection.get), db: Session = Depends(Connection.get),
):
user = schemas.User.verify(
db=db,
name=form_data.username,
password=form_data.password,
crypt_context=config.crypt_context,
)
if user is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
access_token = create_access_token(
data={"sub": user.name},
jwt_config=config.jwt,
)
return {"access_token": access_token, "token_type": "bearer"}
async def dep_get_current_user(
token: str = Depends(SCHEME),
db: Session = Depends(Connection.get),
config: Config = Depends(Config.get),
): ):
credentials_exception = HTTPException( credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials", detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"}, headers={"WWW-Authenticate": "Bearer"},
) )
try:
payload = jwt.decode(token, config.jwt.secret, algorithms=[
config.jwt.hash_algorithm])
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_data = TokenData(username=username)
except JWTError:
raise credentials_exception
user = schemas.User.get(db, token_data.username)
user = schemas.User.get(db, form_data.username)
if user is None: if user is None:
config.crypt_context.dummy_verify()
raise credentials_exception raise credentials_exception
return user
if not user.verify(form_data.password):
raise credentials_exception
access_token = create_access_token( @router.get("/current", response_model=schemas.User)
data={"sub": user.name}, async def get_current_user(
expires_delta=timedelta(minutes=config.jwt.expiry_minutes), current_user: schemas.User = Depends(dep_get_current_user),
) ):
return {"access_token": access_token, "token_type": "bearer"} return current_user