Yavook.de/kiwi-vpn
1
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: Yavook.de:f56c2fb19badd773dc87541dffd6a1a01525c351
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:permission_exceptions
..
compare: Yavook.de:900131fae843202f8c1cccf30b2bf3aa68c87fad
Branches Tags
Yavook.de:develop
Yavook.de:permission_exceptions
Yavook.de:master

No commits in common. "f56c2fb19badd773dc87541dffd6a1a01525c351" and "900131fae843202f8c1cccf30b2bf3aa68c87fad" have entirely different histories.
f56c2fb19b ... 900131fae8

3 changed files with 30 additions and 40 deletions
Show stats Expand all files Collapse all files

22
api/kiwi_vpn_api/routers/_deps.py
View file

@ -1,22 +0,0 @@
from fastapi import Depends
from fastapi.security import OAuth2PasswordBearer
from sqlalchemy.orm import Session
from ..config import Config
from ..db import Connection, schemas
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/auth")
async def get_current_user(
token: str = Depends(oauth2_scheme),
db: Session | None = Depends(Connection.get),
current_config: Config | None = Depends(Config.load),
):
if current_config is None:
return None
username = await current_config.jwt.decode_token(token)
user = schemas.User.from_db(db, username)
return user

8
api/kiwi_vpn_api/routers/admin.py
View file

@ -5,7 +5,6 @@ from sqlalchemy.orm import Session
from ..config import Config from ..config import Config
from ..db import Connection, schemas from ..db import Connection, schemas
from . import _deps
router = APIRouter(prefix="/admin") router = APIRouter(prefix="/admin")
@ -25,13 +24,8 @@ router = APIRouter(prefix="/admin")
async def set_config( async def set_config(
new_config: Config, new_config: Config,
current_config: Config | None = Depends(Config.load), current_config: Config | None = Depends(Config.load),
current_user: schemas.User | None = Depends(_deps.get_current_user),
): ):
print(current_config, current_user)
if current_config is not None: if current_config is not None:
# server is configured, needs authorization
if current_user is None or "admin" not in current_user.capabilities:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
if new_config.jwt.secret is None: if new_config.jwt.secret is None:
@ -48,7 +42,7 @@ async def set_config(
"content": None, "content": None,
}, },
status.HTTP_400_BAD_REQUEST: { status.HTTP_400_BAD_REQUEST: {
"description": "Server is not configured", "description": "Database doesn't exist",
"content": None, "content": None,
}, },
}, },

38
api/kiwi_vpn_api/routers/user.py
View file

@ -1,13 +1,16 @@
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel from pydantic import BaseModel
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from ..config import Config from ..config import Config
from ..db import Connection, schemas from ..db import Connection, schemas
from . import _deps
router = APIRouter(prefix="/user") router = APIRouter(prefix="/user")
SCHEME = OAuth2PasswordBearer(
tokenUrl=f".{router.prefix}/auth",
)
class Token(BaseModel): class Token(BaseModel):
@ -18,17 +21,14 @@ class Token(BaseModel):
@router.post("/auth", response_model=Token) @router.post("/auth", response_model=Token)
async def login( async def login(
form_data: OAuth2PasswordRequestForm = Depends(), form_data: OAuth2PasswordRequestForm = Depends(),
current_config: Config | None = Depends(Config.load), config: Config = Depends(Config.load),
db: Session | None = Depends(Connection.get), db: Session = Depends(Connection.get),
): ):
if current_config is None:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
user = schemas.User.login( user = schemas.User.login(
db=db, db=db,
name=form_data.username, name=form_data.username,
password=form_data.password, password=form_data.password,
crypt_context=await current_config.crypto.crypt_context, crypt_context=await config.crypto.crypt_context,
) )
if user is None: if user is None:
@ -38,12 +38,30 @@ async def login(
headers={"WWW-Authenticate": "Bearer"}, headers={"WWW-Authenticate": "Bearer"},
) )
access_token = await current_config.jwt.create_token(user.name) access_token = await config.jwt.create_token(user.name)
return {"access_token": access_token, "token_type": "bearer"} return {"access_token": access_token, "token_type": "bearer"}
async def dep_get_current_user(
token: str = Depends(SCHEME),
db: Session = Depends(Connection.get),
config: Config = Depends(Config.load),
):
username = await config.jwt.decode_token(token)
user = schemas.User.from_db(db, username)
if user is None:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
return user
@router.get("/current", response_model=schemas.User) @router.get("/current", response_model=schemas.User)
async def get_current_user( async def get_current_user(
current_user: schemas.User | None = Depends(_deps.get_current_user), current_user: schemas.User = Depends(dep_get_current_user),
): ):
return current_user return current_user