""" /admin endpoints. """ from fastapi import APIRouter, Depends, HTTPException, status from ..config import Config from ..db import Connection from ..db.schemas import User, UserCapability, UserCreate from ._common import Responses, get_current_user router = APIRouter(prefix="/admin") @router.put( "/install", responses={ status.HTTP_200_OK: Responses.OK, status.HTTP_400_BAD_REQUEST: Responses.INSTALLED, }, ) async def install( config: Config, admin_user: UserCreate, current_config: Config | None = Depends(Config.load), ): """ PUT ./install: Install `kiwi-vpn`. """ # fail if already installed if current_config is not None: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) # create config file, connect to database await config.save() Connection.connect(await config.db.db_engine) # create an administrative user with Connection.use() as db: User.create( db=db, user=admin_user, crypt_context=await config.crypto.crypt_context, ).add_capabilities( db=db, capabilities=[UserCapability.admin], ) @router.put( "/config", responses={ status.HTTP_200_OK: Responses.OK, status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED, status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN, }, ) async def set_config( new_config: Config, current_config: Config | None = Depends(Config.load), current_user: User | None = Depends(get_current_user), ): """ PUT ./config: Edit `kiwi-vpn` main config. """ # fail if not installed if current_config is None: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) # fail if not requested by an admin if (current_user is None or UserCapability.admin not in current_user.capabilities): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN) # update config file, reconnect to database await new_config.save() Connection.connect(await new_config.db.db_engine)