azpsen/tailfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate to FastAPI JWT auth

Browse Source
This commit is contained in:
april
2023-12-20 16:11:02 -06:00
parent f8ecc028c7
commit d791e6f062
14 changed files with 369 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
api/routes/flights.py
View File

@@ -1,69 +1,57 @@
import logging
from fastapi import APIRouter, HTTPException
from fastapi import APIRouter, HTTPException, Depends
from models import FlightModel
from app.deps import get_current_user, admin_required
from schemas import FlightModel, GetSystemUserSchema
from mongoengine import DoesNotExist, ValidationError
from mongoengine import ValidationError
from flask_jwt_extended import get_jwt_identity, jwt_required
from database.models import User, Flight, AuthLevel
from database.models import Flight, AuthLevel
from database.utils import get_flight_list
from routes.utils import auth_level_required
router = APIRouter()
logger = logging.getLogger("flights")
@router.get('/flights')
@jwt_required()
def get_flights():
@router.get('/flights', summary="Get flights logged by the currently logged-in user", status_code=200)
async def get_flights(user: GetSystemUserSchema = Depends(get_current_user)) -> list[FlightModel]:
"""
Get a list of the flights logged by the currently logged-in user
:return: List of flights
"""
try:
user = User.objects.get(username=get_jwt_identity())
except DoesNotExist:
logger.warning("User %s not found", get_jwt_identity())
return {"msg": "user not found"}, 401
flights = get_flight_list(filters=[[{"field": "user", "operator": "eq", "value": user.id}]]).to_json()
return flights, 200
# l = get_flight_list(filters=[[{"field": "user", "operator": "eq", "value": user.id}]])
l = get_flight_list(user=str(user.id))
flights = []
for f in l:
flights.append(FlightModel(**f.to_mongo()))
return [f.to_mongo() for f in flights]
@router.get('/flights/all')
@jwt_required()
@auth_level_required(AuthLevel.ADMIN)
def get_all_flights():
@router.get('/flights/all', summary="Get all flights logged by all users", status_code=200,
dependencies=[Depends(admin_required)])
def get_all_flights() -> list[FlightModel]:
"""
Get a list of all flights logged by any user
:return: List of flights
"""
logger.debug("Get all flights - user: %s", get_jwt_identity())
flights = get_flight_list().to_json()
return flights, 200
flights = [FlightModel(**f.to_mongo()) for f in get_flight_list()]
return flights
@router.get('/flights/{flight_id}', response_model=FlightModel)
@jwt_required()
def get_flight(flight_id: str):
@router.get('/flights/{flight_id}', summary="Get details of a given flight", response_model=FlightModel,
status_code=200)
def get_flight(flight_id: str, user: GetSystemUserSchema = Depends(get_current_user)):
"""
Get all details of a given flight
:param flight_id: ID of requested flight
:param user: Currently logged-in user
:return: Flight details
"""
try:
user = User.objects.get(username=get_jwt_identity())
except DoesNotExist:
logger.warning("User %s not found", get_jwt_identity())
raise HTTPException(401, "User not found")
flight = Flight.objects(id=flight_id).to_json()
if flight.user != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
logger.info("Attempted access to unauthorized flight by %s", user.username)
@@ -72,20 +60,14 @@ def get_flight(flight_id: str):
return flight
@router.post('/flights')
@jwt_required()
def add_flight(flight_body: FlightModel):
@router.post('/flights', summary="Add a flight logbook entry", status_code=200)
def add_flight(flight_body: FlightModel, user: GetSystemUserSchema = Depends(get_current_user)):
"""
Add a flight logbook entry
:param user: Currently logged-in user
:return: Error message if request invalid, else ID of newly created log
"""
try:
user = User.objects.get(username=get_jwt_identity())
except DoesNotExist:
logger.warning("User %s not found", get_jwt_identity())
raise HTTPException(401, "User not found")
try:
flight = Flight(user=user.id, **flight_body.model_dump()).save()
except ValidationError as e:
@@ -95,22 +77,17 @@ def add_flight(flight_body: FlightModel):
return {"id": flight.id}
@router.put('/flights/{flight_id}', status_code=201, response_model=FlightModel)
@jwt_required()
def update_flight(flight_id: str, flight_body: FlightModel):
@router.put('/flights/{flight_id}', summary="Update the given flight with new information", status_code=201,
response_model=FlightModel)
def update_flight(flight_id: str, flight_body: FlightModel, user: GetSystemUserSchema = Depends(get_current_user)):
"""
Update the given flight with new information
:param flight_id: ID of flight to update
:param flight_body: New flight information to update with
:param user: Currently logged-in user
:return: Updated flight
"""
try:
user = User.objects.get(username=get_jwt_identity())
except DoesNotExist:
logger.warning("User %s not found", get_jwt_identity())
raise HTTPException(status_code=401, detail="user not found")
flight = Flight.objects(id=flight_id)
if flight.user != user and AuthLevel(user.level) != AuthLevel.ADMIN:
@@ -122,20 +99,15 @@ def update_flight(flight_id: str, flight_body: FlightModel):
return flight_body
@router.delete('/flights/{flight_id}', status_code=200)
def delete_flight(flight_id: str):
@router.delete('/flights/{flight_id}', summary="Delete the given flight", status_code=200)
def delete_flight(flight_id: str, user: GetSystemUserSchema = Depends(get_current_user)):
"""
Delete the given flight
:param flight_id: ID of flight to delete
:param user: Currently logged-in user
:return: 200
"""
try:
user = User.objects.get(username=get_jwt_identity())
except DoesNotExist:
logger.warning("User %s not found", get_jwt_identity())
raise HTTPException(401, "user not found")
flight = Flight.objects(id=flight_id)
if flight.user != user and AuthLevel(user.level) != AuthLevel.ADMIN: