HTTP status codes and documentation

This commit is contained in:
Jörn-Michael Miehe 2022-04-07 06:23:09 +00:00
parent dcce31da0b
commit 96a3aed24e
5 changed files with 85 additions and 15 deletions

View file

@ -299,7 +299,7 @@ class EasyRSA:
dn: DistinguishedName | None = None, dn: DistinguishedName | None = None,
) -> x509.Certificate | None: ) -> x509.Certificate | None:
""" """
Issue a client or server certificate Renew a client or server certificate
""" """
if dn is None: if dn is None:

View file

@ -23,10 +23,6 @@ class Responses:
OK = { OK = {
"content": None, "content": None,
} }
INSTALLED = {
"description": "kiwi-vpn already installed",
"content": None,
}
NOT_INSTALLED = { NOT_INSTALLED = {
"description": "kiwi-vpn not installed", "description": "kiwi-vpn not installed",
"content": None, "content": None,
@ -80,6 +76,8 @@ async def get_current_user(
Status: Status:
- (400: `kiwi-vpn` not installed)
- 401: No auth token provided/not logged in
- 403: invalid auth token, or user not found - 403: invalid auth token, or user not found
""" """
@ -103,12 +101,14 @@ async def get_user_by_name(
Status: Status:
- 404: user not found - 403: user not found
""" """
# fail if device doesn't exist # don't use error 404 here - possible user enumeration
# fail if user doesn't exist
if (user := User.get(user_name)) is None: if (user := User.get(user_name)) is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND) raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
return user return user

View file

@ -16,7 +16,7 @@ router = APIRouter(prefix="/admin", tags=["admin"])
"/install/config", "/install/config",
responses={ responses={
status.HTTP_200_OK: Responses.OK, status.HTTP_200_OK: Responses.OK,
status.HTTP_400_BAD_REQUEST: Responses.INSTALLED, status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
}, },
) )
async def initial_configure( async def initial_configure(
@ -25,11 +25,15 @@ async def initial_configure(
): ):
""" """
PUT ./install/config: Configure `kiwi-vpn`. PUT ./install/config: Configure `kiwi-vpn`.
Status:
- 409: `kiwi-vpn` already installed
""" """
# fail if already configured # fail if already configured
if current_config is not None: if current_config is not None:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) raise HTTPException(status_code=status.HTTP_409_CONFLICT)
# create config file, connect to database # create config file, connect to database
config.save() config.save()
@ -39,10 +43,11 @@ async def initial_configure(
@router.put( @router.put(
"/install/admin", "/install/admin",
responses={ responses={
status.HTTP_200_OK: Responses.OK, status.HTTP_201_CREATED: Responses.OK,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED, status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS, status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
}, },
status_code=status.HTTP_201_CREATED,
) )
async def create_initial_admin( async def create_initial_admin(
admin_user: UserCreate, admin_user: UserCreate,
@ -50,6 +55,10 @@ async def create_initial_admin(
): ):
""" """
PUT ./install/admin: Create the first administrative user. PUT ./install/admin: Create the first administrative user.
Status:
- 409: not the first user
""" """
# fail if any user exists # fail if any user exists

View file

@ -19,7 +19,6 @@ router = APIRouter(prefix="/device", tags=["device"])
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED, status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION, status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS, status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
}, },
response_model=DeviceRead, response_model=DeviceRead,
@ -32,6 +31,11 @@ async def add_device(
) -> Device: ) -> Device:
""" """
POST ./: Create a new device in the database. POST ./: Create a new device in the database.
Status:
- 403: no user permission to create device
- 409: device creation unsuccessful
""" """
# check permission # check permission
@ -59,6 +63,7 @@ async def add_device(
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED, status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION, status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
}, },
response_model=User, response_model=User,
) )
@ -68,6 +73,10 @@ async def remove_device(
): ):
""" """
DELETE ./{device_id}: Remove a device from the database. DELETE ./{device_id}: Remove a device from the database.
Status:
- 403: no user permission to edit device
""" """
# check permission # check permission
@ -96,6 +105,11 @@ async def request_certificate_issuance(
) -> Device: ) -> Device:
""" """
POST ./{device_id}/issue: Request certificate issuance for a device. POST ./{device_id}/issue: Request certificate issuance for a device.
Status:
- 403: no user permission to edit device
- 409: device certificate cannot be "issued"
""" """
# check permission # check permission
@ -139,6 +153,11 @@ async def request_certificate_renewal(
) -> Device: ) -> Device:
""" """
POST ./{device_id}/renew: Request certificate renewal for a device. POST ./{device_id}/renew: Request certificate renewal for a device.
Status:
- 403: no user permission to edit device
- 409: device certificate cannot be "renewed"
""" """
# check permission # check permission
@ -182,6 +201,11 @@ async def revoke_certificate(
) -> Device: ) -> Device:
""" """
POST ./{device_id}/revoke: Revoke a device certificate. POST ./{device_id}/revoke: Revoke a device certificate.
Status:
- 403: no user permission to edit device
- 409: device certificate cannot be "revoked"
""" """
# check permission # check permission

View file

@ -23,13 +23,25 @@ class Token(BaseModel):
token_type: str token_type: str
@router.post("/authenticate", response_model=Token) @router.post(
"/authenticate",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
},
response_model=Token,
)
async def login( async def login(
form_data: OAuth2PasswordRequestForm = Depends(), form_data: OAuth2PasswordRequestForm = Depends(),
current_config: Config = Depends(get_current_config), current_config: Config = Depends(get_current_config),
): ):
""" """
POST ./authenticate: Authenticate a user. Issues a bearer token. POST ./authenticate: Authenticate a user. Issues a bearer token.
Status:
- 401: username/password is incorrect
""" """
# try logging in # try logging in
@ -49,7 +61,16 @@ async def login(
return {"access_token": access_token, "token_type": "bearer"} return {"access_token": access_token, "token_type": "bearer"}
@router.get("/current", response_model=UserRead) @router.get(
"/current",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_USER,
},
response_model=UserRead,
)
async def get_current_user_route( async def get_current_user_route(
current_user: User = Depends(get_current_user), current_user: User = Depends(get_current_user),
): ):
@ -78,6 +99,11 @@ async def add_user(
) -> User: ) -> User:
""" """
POST ./: Create a new user in the database. POST ./: Create a new user in the database.
Status:
- 403: no user permission to create user
- 409: user could not be created
""" """
# check permissions # check permissions
@ -105,7 +131,6 @@ async def add_user(
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED, status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION, status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
}, },
response_model=User, response_model=User,
) )
@ -115,6 +140,10 @@ async def remove_user(
): ):
""" """
DELETE ./{user_name}: Remove a user from the database. DELETE ./{user_name}: Remove a user from the database.
Status:
- 403: no user permission to admin user
""" """
# check permissions # check permissions
@ -142,6 +171,10 @@ async def extend_tags(
): ):
""" """
POST ./{user_name}/tags: Add tags to a user. POST ./{user_name}/tags: Add tags to a user.
Status:
- 403: no user permission to admin user
""" """
# check permissions # check permissions
@ -169,6 +202,10 @@ async def remove_tags(
): ):
""" """
DELETE ./{user_name}/tags: Remove tags from a user. DELETE ./{user_name}/tags: Remove tags from a user.
Status:
- 403: no user permission to admin user
""" """
# check permissions # check permissions