""" Common dependencies for routers. """ from fastapi import Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer from sqlalchemy.orm import Session from ..config import Config from ..db import Connection from ..db.schemas import User, UserCapability oauth2_scheme = OAuth2PasswordBearer(tokenUrl="user/authenticate") class Responses: """ Just a namespace. Describes API response status codes. """ OK = { "content": None, } INSTALLED = { "description": "kiwi-vpn already installed", "content": None, } NOT_INSTALLED = { "description": "kiwi-vpn not installed", "content": None, } NEEDS_USER = { "description": "Must be logged in", "content": None, } NEEDS_ADMIN = { "description": "Must be admin", "content": None, } ENTRY_EXISTS = { "description": "Entry exists in database", "content": None, } async def get_current_user( token: str = Depends(oauth2_scheme), db: Session | None = Depends(Connection.get), current_config: Config | None = Depends(Config.load), ) -> User | None: """ Get the currently logged-in user from the database. """ # can't connect to an unconfigured database if current_config is None: return None username = await current_config.jwt.decode_token(token) user = User.from_db(db, username) return user async def get_current_admin_user( current_config: Config | None = Depends(Config.load), current_user: User | None = Depends(get_current_user), ) -> User: """ Check if the currently logged-in user is an admin. """ # fail if not installed if current_config is None: raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST) # fail if not requested by an admin if (current_user is None or UserCapability.admin not in current_user.capabilities): raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)