add firmware upload API

2023-11-17 16:42:27 +01:00 · 2023-11-17 16:42:27 +01:00 · 2d97f9bb87
commit 2d97f9bb87
parent 44b6cc61e6
3 changed files with 85 additions and 52 deletions
--- a/src/c3nav/api/exceptions.py
+++ b/src/c3nav/api/exceptions.py
@ -1,3 +1,6 @@
+from c3nav.api.schema import APIErrorSchema
+
+
 class CustomAPIException(Exception):
    status_code = 400
    detail = ""
@ -9,10 +12,9 @@ class CustomAPIException(Exception):
    def get_response(self, api, request):
        return api.create_response(request, {"detail": self.detail}, status=self.status_code)

-
-class API404(CustomAPIException):
-    status_code = 404
-    detail = "Object not found."
+    @classmethod
+    def dict(cls):
+        return {cls.status_code: APIErrorSchema}


 class APIUnauthorized(CustomAPIException):
@ -29,3 +31,17 @@ class APIPermissionDenied(CustomAPIException):
    status_code = 403
    detail = "Permission denied."

+
+class API404(CustomAPIException):
+    status_code = 404
+    detail = "Object not found."
+
+
+class APIConflict(CustomAPIException):
+    status_code = 409
+    detail = "Conflict"
+
+
+class APIRequestValidationFailed(CustomAPIException):
+    status_code = 422
+    detail = "Bad request body."
--- a/src/c3nav/api/newauth.py
+++ b/src/c3nav/api/newauth.py
@ -1,5 +1,7 @@
+from collections import namedtuple
 from importlib import import_module

+from django.contrib.auth import get_user as auth_get_user
 from django.contrib.auth.models import AnonymousUser
 from django.db.models import Q
 from ninja.security import HttpBearer
@ -9,9 +11,7 @@ from c3nav.api.exceptions import APIPermissionDenied, APITokenInvalid
 from c3nav.api.schema import APIErrorSchema
 from c3nav.control.models import UserPermissions

-
-class InvalidToken(Exception):
-    pass
+FakeRequest = namedtuple('FakeRequest', ('session', ))


 class BearerAuth(HttpBearer):
@ -28,7 +28,8 @@ class BearerAuth(HttpBearer):
        elif token.startswith("session:"):
            session = self.SessionStore(token.removeprefix("session:"))
            # todo: ApiTokenInvalid?
-            return session.user
+            user = auth_get_user(FakeRequest(session=session))
+            return user
        elif token.startswith("secret:"):
            try:
                user_perms = UserPermissions.objects.filter(
@ -51,6 +52,5 @@ class BearerAuth(HttpBearer):
        return user


-auth_responses = {401: APIErrorSchema}
-auth_permission_responses = {401: APIErrorSchema, 403: APIErrorSchema}
-
+auth_responses = {400: APIErrorSchema, 401: APIErrorSchema}
+auth_permission_responses = {400: APIErrorSchema, 401: APIErrorSchema, 403: APIErrorSchema}