diff --git a/api/kiwi_vpn_api/routers/_deps.py b/api/kiwi_vpn_api/routers/_deps.py index b82cc0e..ac6431e 100644 --- a/api/kiwi_vpn_api/routers/_deps.py +++ b/api/kiwi_vpn_api/routers/_deps.py @@ -8,6 +8,29 @@ from ..db import Connection, schemas oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/auth") +# just a namespace +class Responses: + ok = { + "content": None, + } + installed = { + "description": "kiwi-vpn already installed", + "content": None, + } + not_installed = { + "description": "kiwi-vpn not installed", + "content": None, + } + needs_user = { + "description": "Must be logged in", + "content": None, + } + needs_admin = { + "description": "Must be admin", + "content": None, + } + + async def get_current_user( token: str = Depends(oauth2_scheme), db: Session | None = Depends(Connection.get), diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py index 5d47246..87c14b5 100644 --- a/api/kiwi_vpn_api/routers/admin.py +++ b/api/kiwi_vpn_api/routers/admin.py @@ -1,7 +1,4 @@ -from secrets import token_hex - from fastapi import APIRouter, Depends, HTTPException, status -from sqlalchemy.orm import Session from ..config import Config from ..db import Connection, schemas @@ -10,61 +7,53 @@ from . import _deps router = APIRouter(prefix="/admin") +@router.put( + "/install", + responses={ + status.HTTP_200_OK: _deps.Responses.ok, + status.HTTP_400_BAD_REQUEST: _deps.Responses.installed, + }, +) +async def install( + config: Config, + user: schemas.UserCreate, + current_config: Config | None = Depends(Config.load), +): + if current_config is not None: + raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) + + await config.save() + Connection.connect(await config.db.db_engine) + + async for db in Connection.get(): + user.capabilities.append("admin") + + schemas.User.create( + db=db, + user=user, + crypt_context=await config.crypto.crypt_context, + ) + + @router.put( "/config", responses={ - status.HTTP_200_OK: { - "content": None, - }, - status.HTTP_403_FORBIDDEN: { - "description": "Must be admin", - "content": None, - }, + status.HTTP_200_OK: _deps.Responses.ok, + status.HTTP_400_BAD_REQUEST: _deps.Responses.not_installed, + status.HTTP_401_UNAUTHORIZED: _deps.Responses.needs_user, + status.HTTP_403_FORBIDDEN: _deps.Responses.needs_admin, }, ) async def set_config( new_config: Config, current_config: Config | None = Depends(Config.load), current_user: schemas.User | None = Depends(_deps.get_current_user), -): - print(current_config, current_user) - - if current_config is not None: - # server is configured, needs authorization - if current_user is None or "admin" not in current_user.capabilities: - raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) - - if new_config.jwt.secret is None: - new_config.jwt.secret = token_hex(32) - - await new_config.save() - Connection.connect(await new_config.db.db_engine) - - -@router.post( - "/user", - responses={ - status.HTTP_200_OK: { - "content": None, - }, - status.HTTP_400_BAD_REQUEST: { - "description": "Server is not configured", - "content": None, - }, - }, -) -async def add_user( - user: schemas.UserCreate, - current_config: Config | None = Depends(Config.load), - db: Session | None = Depends(Connection.get), ): if current_config is None: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) - user.capabilities.append("admin") + if current_user is None or "admin" not in current_user.capabilities: + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) - schemas.User.create( - db=db, - user=user, - crypt_context=await current_config.crypto.crypt_context, - ) + await new_config.save() + Connection.connect(await new_config.db.db_engine)