diff --git a/src/c3nav/editor/newapi/endpoints.py b/src/c3nav/editor/newapi/endpoints.py index 0b7279b3..5ce0007d 100644 --- a/src/c3nav/editor/newapi/endpoints.py +++ b/src/c3nav/editor/newapi/endpoints.py @@ -26,7 +26,8 @@ editor_api_router = APIRouter(tags=["editor"], auth=APITokenAuth(permissions={"e @editor_api_router.get('/bounds/', summary="Get editor map boundaries", - response={200: BoundsSchema, **auth_permission_responses}) + response={200: BoundsSchema, **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access"]}]}) @newapi_etag() def bounds(): return { @@ -35,7 +36,8 @@ def bounds(): @editor_api_router.get('/geometrystyles/', summary="get the default colors for each geometry type", - response={200: GeometryStylesSchema, **auth_permission_responses}) + response={200: GeometryStylesSchema, **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access"]}]}) @newapi_etag(permissions=False) def geometrystyles(): return { @@ -61,7 +63,8 @@ def geometrystyles(): @editor_api_router.get('/geometries/space/{space_id}/', summary="get the geometries to display for a space", response={200: list[EditorSpaceGeometriesElemSchema], **API404.dict(), - **auth_permission_responses}) + **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access"]}]}) @newapi_etag() # todo: correct? def space_geometries(space_id: EditorID, update_cache_key: UpdateCacheKey = None): """ @@ -72,7 +75,8 @@ def space_geometries(space_id: EditorID, update_cache_key: UpdateCacheKey = None @editor_api_router.get('/geometries/level/{level_id}/', summary="get the geometries to display for a level", response={200: list[EditorLevelGeometriesElemSchema], **API404.dict(), - **auth_permission_responses}) + **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access"]}]}) @newapi_etag() # todo: correct? def level_geometries(level_id: EditorID, update_cache_key: UpdateCacheKey = None): """ @@ -85,7 +89,8 @@ def level_geometries(level_id: EditorID, update_cache_key: UpdateCacheKey = None @editor_api_router.get('/{path:path}/', summary="access the editor UI programmatically", - response={200: dict, **API404.dict(), **auth_permission_responses}) + response={200: dict, **API404.dict(), **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access"]}]}) @newapi_etag() # todo: correct? def view_as_api(path: str): """ @@ -98,7 +103,8 @@ def view_as_api(path: str): @editor_api_router.post('/{path:path}/', summary="access the editor UI programmatically", - response={200: dict, **API404.dict(), **auth_permission_responses}) + response={200: dict, **API404.dict(), **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["editor_access", "write"]}]}) @newapi_etag() # todo: correct? def view_as_api(path: str): """ diff --git a/src/c3nav/mesh/newapi.py b/src/c3nav/mesh/newapi.py index f2f6980b..12e4bf31 100644 --- a/src/c3nav/mesh/newapi.py +++ b/src/c3nav/mesh/newapi.py @@ -72,14 +72,16 @@ class FirmwareSchema(Schema): @mesh_api_router.get('/firmwares/', summary="List available firmwares", - response={200: list[FirmwareSchema], **validate_responses, **auth_responses}) + response={200: list[FirmwareSchema], **validate_responses, **auth_responses}, + openapi_extra={"security": [{"APITokenAuth": ["mesh_control", "write"]}]}) @paginate def firmware_list(request): return FirmwareVersion.objects.all() @mesh_api_router.get('/firmwares/{firmware_id}/', summary="Get specific firmware", - response={200: FirmwareSchema, **API404.dict(), **auth_responses}) + response={200: FirmwareSchema, **API404.dict(), **auth_responses}, + openapi_extra={"security": [{"APITokenAuth": ["mesh_control", "write"]}]}) def firmware_by_id(request, firmware_id: int): try: return FirmwareVersion.objects.get(id=firmware_id) @@ -90,11 +92,14 @@ def firmware_by_id(request, firmware_id: int): @mesh_api_router.get('/firmwares/{firmware_id}/{variant}/image_data', summary="Get header data of firmware build image", response={200: FirmwareImage.schema, **API404.dict(), **auth_responses}, - openapi_extra={"externalDocs": { - 'description': "esp-idf documentation", - 'url': "https://docs.espressif.com/projects/esptool/en/latest/esp32s3/" - "advanced-topics/firmware-image-format.html" - }}) + openapi_extra={ + "externalDocs": { + 'description': 'esp-idf docs', + 'url': "https://docs.espressif.com/projects/esp-idf/en/latest/esp32/" + "api-guides/build-system.html#build-system-metadata" + }, + "security": [{"APITokenAuth": ["mesh_control"]}] + }) def firmware_build_image(request, firmware_id: int, variant: str): try: build = FirmwareBuild.objects.get(version_id=firmware_id, variant=variant) @@ -106,11 +111,14 @@ def firmware_build_image(request, firmware_id: int, variant: str): @mesh_api_router.get('/firmwares/{firmware_id}/{variant}/project_description', summary="Get project description of firmware build", response={200: dict, **API404.dict(), **auth_responses}, - openapi_extra={"externalDocs": { - 'description': 'esp-idf docs', - 'url': "https://docs.espressif.com/projects/esp-idf/en/latest/esp32/" - "api-guides/build-system.html#build-system-metadata" - }}) + openapi_extra={ + "externalDocs": { + 'description': 'esp-idf docs', + 'url': "https://docs.espressif.com/projects/esp-idf/en/latest/esp32/" + "api-guides/build-system.html#build-system-metadata" + }, + "security": [{"APITokenAuth": ["mesh_control"]}] + }) def firmware_project_description(request, firmware_id: int, variant: str): try: return FirmwareBuild.objects.get(version_id=firmware_id, variant=variant).firmware_description @@ -147,7 +155,8 @@ class UploadFirmwareSchema(Schema): @mesh_api_router.post( '/firmwares/upload', summary="Upload firmware", description="your OpenAPI viewer might not show it: firmware_data is UploadFirmware as json", - response={200: FirmwareSchema, **validate_responses, **auth_permission_responses, **APIConflict.dict()} + response={200: FirmwareSchema, **validate_responses, **auth_permission_responses, **APIConflict.dict()}, + openapi_extra={"security": [{"APITokenAuth": ["mesh_control", "write"]}]} ) def firmware_upload(request, firmware_data: UploadFirmwareSchema, binary_files: list[UploadedFile]): binary_files_by_name = {binary_file.name: binary_file for binary_file in binary_files} @@ -216,7 +225,8 @@ class NodeMessageSchema(Schema): @mesh_api_router.get( '/messages/', summary="query recorded mesh messages", - response={200: list[NodeMessageSchema], **auth_permission_responses} + response={200: list[NodeMessageSchema], **auth_permission_responses}, + openapi_extra={"security": [{"APITokenAuth": ["mesh_control"]}]} ) @paginate def messages_list(request, filters: Query[MessagesFilter]):