Refactor into multiple files

2023-12-19 13:27:07 -06:00
parent ce1d2c0918
commit 1f275ec195
5 changed files with 398 additions and 350 deletions
--- a/api/routes/utils.py
+++ b/api/routes/utils.py
@@ -0,0 +1,57 @@
+import os
+
+import bcrypt
+from flask import current_app
+
+from flask_jwt_extended import get_jwt_identity
+
+from database.models import AuthLevel, User
+
+
+def auth_level_required(level: AuthLevel):
+    """
+    Limit access to given authorization level.
+
+    :param level: Required authorization level to access this endpoint
+    :return: 403 Unauthorized upon auth failure or response of decorated function on auth success
+    """
+
+    def auth_inner(func):
+        def auth_wrapper(*args, **kwargs):
+            user = User.objects.get(username=get_jwt_identity())
+            if AuthLevel(user.level) < level:
+                current_app.logger.warning("Attempted access to unauthorized resource by %s", user.username)
+                return '', 403
+            else:
+                return func(*args, **kwargs)
+
+        auth_wrapper.__name__ = func.__name__
+        return auth_wrapper
+
+    return auth_inner
+
+
+def create_admin_user():
+    """
+    Create default admin user if no admin users are present in the database
+
+    :return: None
+    """
+    if User.objects(level=AuthLevel.ADMIN.value).count() == 0:
+        current_app.logger.info("No admin users exist. Creating default admin user...")
+        try:
+            admin_username = os.environ["TAILFIN_ADMIN_USERNAME"]
+            current_app.logger.info("Setting admin username to 'TAILFIN_ADMIN_USERNAME': %s", admin_username)
+        except KeyError:
+            admin_username = "admin"
+            current_app.logger.info("'TAILFIN_ADMIN_USERNAME' not set, using default username 'admin'")
+        try:
+            admin_password = os.environ["TAILFIN_ADMIN_PASSWORD"]
+            current_app.logger.info("Setting admin password to 'TAILFIN_ADMIN_PASSWORD'")
+        except KeyError:
+            admin_password = "admin"
+            current_app.logger.warning("'TAILFIN_ADMIN_PASSWORD' not set, using default password 'admin'\n"
+                               "Change this as soon as possible")
+        hashed_password = bcrypt.hashpw(admin_password.encode('utf-8'), bcrypt.gensalt())
+        User(username=admin_username, password=hashed_password, level=AuthLevel.ADMIN.value).save()
+        current_app.logger.info("Default admin user created with username %s", User.objects.get(level=AuthLevel.ADMIN).username)