2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

some API fixes

Browse source
This commit is contained in:
Laura Klünder 2023-11-30 22:45:36 +01:00
parent 62e97b0b2f
commit 7401c00216
2 changed files with 13 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/c3nav/api/newauth.py
View file

@ -28,8 +28,8 @@ class APIAuthMethod(StrEnum):
@dataclass @dataclass
class NewAPIAuth: class NewAPIAuth:
auth_method: APIAuthMethod method: APIAuthMethod
auth_readonly: bool readonly: bool
description = """ description = """
@ -61,8 +61,8 @@ class APITokenAuth(HttpBearer):
if token == "anonymous": if token == "anonymous":
return NewAPIAuth( return NewAPIAuth(
auth_method=APIAuthMethod.ANONYMOUS, method=APIAuthMethod.ANONYMOUS,
auth_readonly=True, readonly=True,
) )
elif token.startswith("session:"): elif token.startswith("session:"):
session = self.SessionStore(token.removeprefix("session:")) session = self.SessionStore(token.removeprefix("session:"))
@ -72,8 +72,8 @@ class APITokenAuth(HttpBearer):
raise APITokenInvalid raise APITokenInvalid
request.user = user request.user = user
return NewAPIAuth( return NewAPIAuth(
auth_method=APIAuthMethod.SESSION, method=APIAuthMethod.SESSION,
auth_readonly=True, readonly=True,
) )
elif token.startswith("secret:"): elif token.startswith("secret:"):
try: try:
@ -97,10 +97,9 @@ class APITokenAuth(HttpBearer):
request.user_permissions = user_permissions request.user_permissions = user_permissions
return NewAPIAuth( return NewAPIAuth(
auth_method=APIAuthMethod.SESSION, method=APIAuthMethod.SESSION,
auth_readonly=True readonly=secret.readonly
) )
# todo: implement token (app) auth
raise APITokenInvalid raise APITokenInvalid
def authenticate(self, request, token): def authenticate(self, request, token):
@ -114,7 +113,7 @@ class APITokenAuth(HttpBearer):
raise APIPermissionDenied('You need to have the "%s" permission for this endpoint.') raise APIPermissionDenied('You need to have the "%s" permission for this endpoint.')
if request.method == 'GET' and self.is_readonly: if request.method == 'GET' and self.is_readonly:
raise ValueError('this makes no sense for GET') raise ValueError('this makes no sense for GET')
if request.method != 'GET' and not self.is_readonly: if request.method != 'GET' and not self.is_readonly and auth_result.readonly:
raise APIPermissionDenied('You need a non-readonly API access key for this endpoint.') raise APIPermissionDenied('You need a non-readonly API access key for this endpoint.')
return auth_result return auth_result

8
src/c3nav/mesh/newapi.py
View file

@ -45,6 +45,10 @@ class FirmwareBuildSchema(Schema):
example={BoardType.C3NAV_LOCATION_PCB_REV_0_2.name, } example={BoardType.C3NAV_LOCATION_PCB_REV_0_2.name, }
) )
@staticmethod
def resolve_boards(obj):
return list(obj.boards)
class Config(Schema.Config): class Config(Schema.Config):
pass pass
@ -123,10 +127,6 @@ class UploadFirmwareBuildSchema(Schema):
project_description: dict = APIField(..., title='project_description.json contents') project_description: dict = APIField(..., title='project_description.json contents')
uploaded_filename: str = APIField(..., example="firmware.bin") uploaded_filename: str = APIField(..., example="firmware.bin")
@staticmethod
def resolve_boards(obj):
return list(obj.boards)
class UploadFirmwareSchema(Schema): class UploadFirmwareSchema(Schema):
""" """