HTTP 2XX rework

This commit is contained in:
Jörn-Michael Miehe 2022-04-07 11:59:42 +00:00
parent 702aefc6e3
commit fa4c2e45ab
5 changed files with 43 additions and 22 deletions

View file

@ -22,8 +22,15 @@ class Responses:
"""
OK = {
"description": "Operation successful",
}
OK_NONE = {
"description": "Operation successful",
"content": None,
}
OK_WAIT = {
"description": "Operation successful, waiting for approval",
}
NOT_INSTALLED = {
"description": "kiwi-vpn not installed",
"content": None,

View file

@ -15,7 +15,7 @@ router = APIRouter(prefix="/admin", tags=["admin"])
@router.put(
"/install/config",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
},
)
@ -43,7 +43,7 @@ async def initial_configure(
@router.put(
"/install/admin",
responses={
status.HTTP_201_CREATED: Responses.OK,
status.HTTP_201_CREATED: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_409_CONFLICT: Responses.ENTRY_EXISTS,
},
@ -77,7 +77,7 @@ async def create_initial_admin(
@router.put(
"/config",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,

View file

@ -2,7 +2,7 @@
/device endpoints.
"""
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi import APIRouter, Depends, HTTPException, Response, status
from ..db import Device, DeviceCreate, DeviceRead, DeviceStatus, User
from ..easyrsa import DistinguishedName, EasyRSA
@ -59,7 +59,7 @@ async def add_device(
@router.delete(
"/{device_id}",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
@ -87,10 +87,11 @@ async def remove_device(
device.delete()
@router.post(
"/{device_id}/issue",
@router.put(
"/{device_id}/certificate",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK | {"model": DeviceRead},
status.HTTP_202_ACCEPTED: Responses.OK_WAIT | {"model": DeviceRead},
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
@ -99,17 +100,21 @@ async def remove_device(
status.HTTP_425_TOO_EARLY: Responses.NEEDS_PKI,
},
response_model=DeviceRead,
status_code=status.HTTP_202_ACCEPTED,
)
async def request_certificate_issuance(
response: Response,
current_user: User = Depends(get_current_user),
device: Device = Depends(get_device_by_id),
pki: EasyRSA = Depends(get_pki),
) -> Device:
"""
POST ./{device_id}/issue: Request certificate issuance for a device.
PUT ./{device_id}/certificate: Request certificate issuance for a device.
Status:
- 200: certificate issued
- 202: issuance requested
- 403: no user permission to edit device
- 409: device certificate cannot be "issued"
"""
@ -132,15 +137,18 @@ async def request_certificate_issuance(
device.set_status(DeviceStatus.certified)
device.expiry = certificate.not_valid_after
response.status_code = status.HTTP_200_OK
# return updated device
device.update()
return device
@router.post(
"/{device_id}/renew",
@router.patch(
"/{device_id}/certificate",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK | {"model": DeviceRead},
status.HTTP_202_ACCEPTED: Responses.OK_WAIT | {"model": DeviceRead},
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
@ -149,17 +157,21 @@ async def request_certificate_issuance(
status.HTTP_425_TOO_EARLY: Responses.NEEDS_PKI,
},
response_model=DeviceRead,
status_code=status.HTTP_202_ACCEPTED,
)
async def request_certificate_renewal(
response: Response,
current_user: User = Depends(get_current_user),
device: Device = Depends(get_device_by_id),
pki: EasyRSA = Depends(get_pki),
) -> Device:
"""
POST ./{device_id}/renew: Request certificate renewal for a device.
PATCH ./{device_id}/certificate: Request certificate renewal for a device.
Status:
- 200: certificate renewed
- 202: renewal requested
- 403: no user permission to edit device
- 409: device certificate cannot be "renewed"
"""
@ -182,15 +194,17 @@ async def request_certificate_renewal(
device.set_status(DeviceStatus.certified)
device.expiry = certificate.not_valid_after
response.status_code = status.HTTP_200_OK
# return updated device
device.update()
return device
@router.post(
"/{device_id}/revoke",
@router.delete(
"/{device_id}/certificate",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
@ -206,7 +220,7 @@ async def revoke_certificate(
pki: EasyRSA = Depends(get_pki),
) -> Device:
"""
POST ./{device_id}/revoke: Revoke a device certificate.
DELETE ./{device_id}/certificate: Revoke a device certificate.
Status:

View file

@ -14,7 +14,7 @@ router = APIRouter(prefix="/service", tags=["service"])
@router.put(
"/pki/init",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,

View file

@ -26,7 +26,7 @@ class Token(BaseModel):
@router.post(
"/authenticate",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
},
@ -64,7 +64,7 @@ async def login(
@router.get(
"/current",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_USER,
@ -127,7 +127,7 @@ async def add_user(
@router.delete(
"/{user_name}",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
@ -189,7 +189,7 @@ async def extend_tags(
@router.delete(
"/{user_name}/tags",
responses={
status.HTTP_200_OK: Responses.OK,
status.HTTP_200_OK: Responses.OK_NONE,
status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,