"install" endpoint

api/kiwi_vpn_api/routers/_deps.py

@@ -8,6 +8,29 @@ from ..db import Connection, schemas
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/auth")
 
 
+# just a namespace
+class Responses:
+    ok = {
+        "content": None,
+    }
+    installed = {
+        "description": "kiwi-vpn already installed",
+        "content": None,
+    }
+    not_installed = {
+        "description": "kiwi-vpn not installed",
+        "content": None,
+    }
+    needs_user = {
+        "description": "Must be logged in",
+        "content": None,
+    }
+    needs_admin = {
+        "description": "Must be admin",
+        "content": None,
+    }
+
+
 async def get_current_user(
     token: str = Depends(oauth2_scheme),
     db: Session | None = Depends(Connection.get),

api/kiwi_vpn_api/routers/admin.py

@@ -1,7 +1,4 @@
-from secrets import token_hex
-
 from fastapi import APIRouter, Depends, HTTPException, status
-from sqlalchemy.orm import Session
 
 from ..config import Config
 from ..db import Connection, schemas
@@ -10,61 +7,53 @@ from . import _deps
 router = APIRouter(prefix="/admin")
 
 
+@router.put(
+    "/install",
+    responses={
+        status.HTTP_200_OK: _deps.Responses.ok,
+        status.HTTP_400_BAD_REQUEST: _deps.Responses.installed,
+    },
+)
+async def install(
+    config: Config,
+    user: schemas.UserCreate,
+    current_config: Config | None = Depends(Config.load),
+):
+    if current_config is not None:
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
+
+    await config.save()
+    Connection.connect(await config.db.db_engine)
+
+    async for db in Connection.get():
+        user.capabilities.append("admin")
+
+        schemas.User.create(
+            db=db,
+            user=user,
+            crypt_context=await config.crypto.crypt_context,
+        )
+
+
 @router.put(
     "/config",
     responses={
-        status.HTTP_200_OK: {
-            "content": None,
-        },
-        status.HTTP_403_FORBIDDEN: {
-            "description": "Must be admin",
-            "content": None,
-        },
+        status.HTTP_200_OK: _deps.Responses.ok,
+        status.HTTP_400_BAD_REQUEST: _deps.Responses.not_installed,
+        status.HTTP_401_UNAUTHORIZED: _deps.Responses.needs_user,
+        status.HTTP_403_FORBIDDEN: _deps.Responses.needs_admin,
     },
 )
 async def set_config(
     new_config: Config,
     current_config: Config | None = Depends(Config.load),
     current_user: schemas.User | None = Depends(_deps.get_current_user),
-):
-    print(current_config, current_user)
-
-    if current_config is not None:
-        # server is configured, needs authorization
-        if current_user is None or "admin" not in current_user.capabilities:
-            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
-
-    if new_config.jwt.secret is None:
-        new_config.jwt.secret = token_hex(32)
-
-    await new_config.save()
-    Connection.connect(await new_config.db.db_engine)
-
-
-@router.post(
-    "/user",
-    responses={
-        status.HTTP_200_OK: {
-            "content": None,
-        },
-        status.HTTP_400_BAD_REQUEST: {
-            "description": "Server is not configured",
-            "content": None,
-        },
-    },
-)
-async def add_user(
-    user: schemas.UserCreate,
-    current_config: Config | None = Depends(Config.load),
-    db: Session | None = Depends(Connection.get),
 ):
     if current_config is None:
         raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
 
-    user.capabilities.append("admin")
+    if current_user is None or "admin" not in current_user.capabilities:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
 
-    schemas.User.create(
-        db=db,
-        user=user,
-        crypt_context=await current_config.crypto.crypt_context,
-    )
+    await new_config.save()
+    Connection.connect(await new_config.db.db_engine)