api/kiwi_vpn_api/routers/_common.py

@@ -85,16 +85,19 @@ async def get_current_user_if_exists(
     return current_user
 
 
-async def current_user_is_admin(
+async def get_current_user_if_admin(
     current_user: User = Depends(get_current_user_if_exists),
 ) -> User:
     """
-    Fail if the currently logged-in user is not an admin.
+    Get the currently logged-in user if it is an admin.
     """
 
+    # fail if not requested by an admin
     if not current_user.can(UserCapabilityType.admin):
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
 
+    return current_user
+
 
 async def get_user_by_name(
     user_name: str,

api/kiwi_vpn_api/routers/admin.py

@@ -8,7 +8,7 @@ from sqlmodel import select
 
 from ..config import Config
 from ..db import Connection, User, UserCapabilityType, UserCreate
-from ._common import Responses, current_user_is_admin
+from ._common import Responses, get_current_user_if_admin
 
 router = APIRouter(prefix="/admin", tags=["admin"])
 
@@ -79,7 +79,7 @@ async def create_initial_admin(
 )
 async def set_config(
     config: Config,
-    _: User = Depends(current_user_is_admin),
+    _: User = Depends(get_current_user_if_admin),
 ):
     """
     PUT ./config: Edit `kiwi-vpn` main config.

api/kiwi_vpn_api/routers/user.py

@@ -8,8 +8,7 @@ from pydantic import BaseModel
 
 from ..config import Config
 from ..db import User, UserCapabilityType, UserCreate, UserRead
-from ._common import (Responses, current_user_is_admin,
-                      get_current_user_if_exists, get_user_by_name)
+from ._common import Responses, get_current_user, get_current_user_if_admin
 
 router = APIRouter(prefix="/user", tags=["user"])
 
@@ -59,7 +58,7 @@ async def login(
 
 @router.get("/current", response_model=UserRead)
 async def get_current_user(
-    current_user: User = Depends(get_current_user_if_exists),
+    current_user: User | None = Depends(get_current_user),
 ):
     """
     GET ./current: Respond with the currently logged-in user.
@@ -81,7 +80,7 @@ async def get_current_user(
 )
 async def add_user(
     user: UserCreate,
-    _: User = Depends(current_user_is_admin),
+    _: User = Depends(get_current_user_if_admin),
 ) -> User:
     """
     POST ./: Create a new user in the database.
@@ -113,13 +112,20 @@ async def add_user(
     response_model=User,
 )
 async def remove_user(
-    _: User = Depends(current_user_is_admin),
-    user: User = Depends(get_user_by_name),
+    user_name: str,
+    _: User = Depends(get_current_user_if_admin),
 ):
     """
     DELETE ./{user_name}: Remove a user from the database.
     """
 
+    # get the user
+    user = User.get(user_name)
+
+    # fail if user not found
+    if user is None:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
+
     # delete user
     user.delete()
 
@@ -134,14 +140,17 @@ async def remove_user(
     },
 )
 async def extend_capabilities(
+    user_name: str,
     capabilities: list[UserCapabilityType],
-    _: User = Depends(current_user_is_admin),
-    user: User = Depends(get_user_by_name),
+    _: User = Depends(get_current_user_if_admin),
 ):
     """
     POST ./{user_name}/capabilities: Add capabilities to a user.
     """
 
+    # get and change the user
+    user = User.get(user_name)
+
     user.set_capabilities(user.get_capabilities() | set(capabilities))
 
     user.update()
@@ -157,14 +166,17 @@ async def extend_capabilities(
     },
 )
 async def remove_capabilities(
+    user_name: str,
     capabilities: list[UserCapabilityType],
-    _: User = Depends(current_user_is_admin),
-    user: User = Depends(get_user_by_name),
+    _: User = Depends(get_current_user_if_admin),
 ):
     """
     DELETE ./{user_name}/capabilities: Remove capabilities from a user.
     """
 
+    # get and change the user
+    user = User.get(user_name)
+
     user.set_capabilities(user.get_capabilities() - set(capabilities))
 
     user.update()