Compare commits
No commits in common. "692bf0ef6350203f0fc2b04422a027cafd7b9846" and "e49a99367645ad239615b82b65d9cc7f7b43cefd" have entirely different histories.
692bf0ef63
...
e49a993676
3 changed files with 54 additions and 52 deletions
|
|
@ -76,8 +76,8 @@ class UserCreate(UserBase):
|
||||||
|
|
||||||
|
|
||||||
class User(UserBase):
|
class User(UserBase):
|
||||||
certificates: list[Certificate] = []
|
certificates: list[Certificate]
|
||||||
capabilities: list[UserCapability] = []
|
capabilities: list[UserCapability]
|
||||||
|
|
||||||
class Config:
|
class Config:
|
||||||
orm_mode = True
|
orm_mode = True
|
||||||
|
|
@ -109,6 +109,29 @@ class User(UserBase):
|
||||||
|
|
||||||
return cls.from_orm(db_user)
|
return cls.from_orm(db_user)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def authenticate(
|
||||||
|
cls,
|
||||||
|
db: Session,
|
||||||
|
name: str,
|
||||||
|
password: str,
|
||||||
|
crypt_context: CryptContext,
|
||||||
|
) -> User | None:
|
||||||
|
"""
|
||||||
|
Authenticate with name/password against users in database.
|
||||||
|
"""
|
||||||
|
|
||||||
|
if (db_user := models.User.load(db, name)) is None:
|
||||||
|
# nonexistent user, fake doing password verification
|
||||||
|
crypt_context.dummy_verify()
|
||||||
|
return None
|
||||||
|
|
||||||
|
if not crypt_context.verify(password, db_user.password):
|
||||||
|
# password hash mismatch
|
||||||
|
return None
|
||||||
|
|
||||||
|
return cls.from_orm(db_user)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def create(
|
def create(
|
||||||
cls,
|
cls,
|
||||||
|
|
@ -137,29 +160,6 @@ class User(UserBase):
|
||||||
# user already existed
|
# user already existed
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def authenticate(
|
|
||||||
self,
|
|
||||||
db: Session,
|
|
||||||
password: str,
|
|
||||||
crypt_context: CryptContext,
|
|
||||||
) -> User | None:
|
|
||||||
"""
|
|
||||||
Authenticate with name/password against users in database.
|
|
||||||
"""
|
|
||||||
|
|
||||||
if (db_user := models.User.load(db, self.name)) is None:
|
|
||||||
# nonexistent user, fake doing password verification
|
|
||||||
crypt_context.dummy_verify()
|
|
||||||
return False
|
|
||||||
|
|
||||||
if not crypt_context.verify(password, db_user.password):
|
|
||||||
# password hash mismatch
|
|
||||||
return False
|
|
||||||
|
|
||||||
self.from_orm(db_user)
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
def add_capabilities(
|
def add_capabilities(
|
||||||
self,
|
self,
|
||||||
db: Session,
|
db: Session,
|
||||||
|
|
|
||||||
|
|
@ -17,31 +17,8 @@ from .db import Connection
|
||||||
from .db.schemas import User
|
from .db.schemas import User
|
||||||
from .routers import admin, user
|
from .routers import admin, user
|
||||||
|
|
||||||
settings = Settings.get()
|
|
||||||
|
|
||||||
app = FastAPI()
|
app = FastAPI()
|
||||||
|
|
||||||
api = FastAPI(
|
|
||||||
title="kiwi-vpn API",
|
|
||||||
description="This API enables the `kiwi-vpn` service.",
|
|
||||||
contact={
|
|
||||||
"name": "Jörn-Michael Miehe",
|
|
||||||
"email": "40151420+ldericher@users.noreply.github.com",
|
|
||||||
},
|
|
||||||
license_info={
|
|
||||||
"name": "MIT License",
|
|
||||||
"url": "https://opensource.org/licenses/mit-license.php",
|
|
||||||
},
|
|
||||||
openapi_url=settings.openapi_url,
|
|
||||||
docs_url=settings.docs_url if not settings.production_mode else None,
|
|
||||||
redoc_url=settings.redoc_url if not settings.production_mode else None,
|
|
||||||
)
|
|
||||||
|
|
||||||
api.include_router(admin.router)
|
|
||||||
api.include_router(user.router)
|
|
||||||
|
|
||||||
app.mount("/api", api)
|
|
||||||
|
|
||||||
|
|
||||||
@app.on_event("startup")
|
@app.on_event("startup")
|
||||||
async def on_startup() -> None:
|
async def on_startup() -> None:
|
||||||
|
|
@ -57,6 +34,29 @@ async def on_startup() -> None:
|
||||||
|
|
||||||
|
|
||||||
def main() -> None:
|
def main() -> None:
|
||||||
|
settings = Settings.get()
|
||||||
|
|
||||||
|
api = FastAPI(
|
||||||
|
title="kiwi-vpn API",
|
||||||
|
description="This API enables the `kiwi-vpn` service.",
|
||||||
|
contact={
|
||||||
|
"name": "Jörn-Michael Miehe",
|
||||||
|
"email": "40151420+ldericher@users.noreply.github.com",
|
||||||
|
},
|
||||||
|
license_info={
|
||||||
|
"name": "MIT License",
|
||||||
|
"url": "https://opensource.org/licenses/mit-license.php",
|
||||||
|
},
|
||||||
|
openapi_url=settings.openapi_url,
|
||||||
|
docs_url=settings.docs_url if not settings.production_mode else None,
|
||||||
|
redoc_url=settings.redoc_url if not settings.production_mode else None,
|
||||||
|
)
|
||||||
|
|
||||||
|
api.include_router(admin.router)
|
||||||
|
api.include_router(user.router)
|
||||||
|
|
||||||
|
app.mount("/api", api)
|
||||||
|
|
||||||
uvicorn.run(
|
uvicorn.run(
|
||||||
"kiwi_vpn_api.main:app",
|
"kiwi_vpn_api.main:app",
|
||||||
host="0.0.0.0",
|
host="0.0.0.0",
|
||||||
|
|
|
||||||
|
|
@ -39,13 +39,15 @@ async def login(
|
||||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
|
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
# try logging in
|
# try logging in
|
||||||
user = User(name=form_data.username)
|
user = User.authenticate(
|
||||||
if not user.authenticate(
|
|
||||||
db=db,
|
db=db,
|
||||||
|
name=form_data.username,
|
||||||
password=form_data.password,
|
password=form_data.password,
|
||||||
crypt_context=await current_config.crypto.crypt_context,
|
crypt_context=await current_config.crypto.crypt_context,
|
||||||
):
|
)
|
||||||
# authentication failed
|
|
||||||
|
# authentication failed
|
||||||
|
if user is None:
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
detail="Could not validate credentials",
|
detail="Could not validate credentials",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue