rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: init public endpoints

Browse source
This commit is contained in:
swve 2023-04-08 23:23:07 +02:00
parent 88b064410f
commit 46f13fac87
5 changed files with 33 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/routers/courses/courses.py
View file

@ -14,7 +14,7 @@ async def api_create_course(request: Request, org_id: str, name: str = Form(), m
Create new Course Create new Course
""" """
course = Course(name=name, mini_description=mini_description, description=description, course = Course(name=name, mini_description=mini_description, description=description,
org_id=org_id, public=public, thumbnail="", chapters=[], learnings=[]) org_id=org_id, public=public, thumbnail="", chapters=[], chapters_content=[], learnings=[])
return await create_course(request, course, org_id, current_user, thumbnail) return await create_course(request, course, org_id, current_user, thumbnail)

16
src/security/auth.py
View file

@ -4,6 +4,7 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from passlib.context import CryptContext from passlib.context import CryptContext
from jose import JWTError, jwt from jose import JWTError, jwt
from datetime import datetime, timedelta from datetime import datetime, timedelta
from src.services.users.schemas.users import AnonymousUser
from src.services.users.users import * from src.services.users.users import *
from fastapi import Cookie, FastAPI from fastapi import Cookie, FastAPI
from src.security.security import * from src.security.security import *
@ -76,14 +77,17 @@ async def get_current_user(request: Request, Authorize: AuthJWT = Depends()):
) )
try: try:
Authorize.jwt_required() Authorize.jwt_optional()
username = Authorize.get_jwt_subject() username = Authorize.get_jwt_subject() or None
token_data = TokenData(username=username) # type: ignore token_data = TokenData(username=username) # type: ignore
except JWTError: except JWTError:
raise credentials_exception raise credentials_exception
user = await security_get_user(request, email=token_data.username) # type: ignore # treated as an email if username:
if user is None: user = await security_get_user(request, email=token_data.username) # type: ignore # treated as an email
raise credentials_exception if user is None:
return PublicUser(**user.dict()) raise credentials_exception
return PublicUser(**user.dict())
else:
return AnonymousUser()

12
src/security/security.py
View file

@ -38,6 +38,18 @@ async def verify_user_rights_with_roles(request: Request, action: str, user_id:
roles = request.app.db["roles"] roles = request.app.db["roles"]
users = request.app.db["users"] users = request.app.db["users"]
user = await users.find_one({"user_id": user_id})
# Check if user is available
if not user and user_id != "anonymous":
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
# Check if user is anonymous
if user_id == "anonymous":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, detail="The ressource you are trying to access is not publicly available")
# Check if the user is an admin # Check if the user is an admin
user: UserInDB = UserInDB(**await users.find_one({"user_id": user_id})) user: UserInDB = UserInDB(**await users.find_one({"user_id": user_id}))

6
src/services/courses/courses.py
View file

@ -4,6 +4,7 @@ from uuid import uuid4
from pydantic import BaseModel from pydantic import BaseModel
from src.services.courses.activities.activities import ActivityInDB from src.services.courses.activities.activities import ActivityInDB
from src.services.courses.thumbnails import upload_thumbnail from src.services.courses.thumbnails import upload_thumbnail
from src.services.users.schemas.users import AnonymousUser
from src.services.users.users import PublicUser from src.services.users.users import PublicUser
from src.security.security import * from src.security.security import *
from fastapi import HTTPException, status, UploadFile from fastapi import HTTPException, status, UploadFile
@ -282,11 +283,14 @@ async def get_courses_orgslug(request: Request, page: int = 1, limit: int = 10,
#### Security #################################################### #### Security ####################################################
async def verify_rights(request: Request, course_id: str, current_user: PublicUser, action: str): async def verify_rights(request: Request, course_id: str, current_user: PublicUser | AnonymousUser, action: str):
courses = request.app.db["courses"] courses = request.app.db["courses"]
course = await courses.find_one({"course_id": course_id}) course = await courses.find_one({"course_id": course_id})
if current_user.user_id == "anonymous" and course["public"] == True:
return True
if not course: if not course:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail=f"Course/CourseChapter does not exist") status_code=status.HTTP_409_CONFLICT, detail=f"Course/CourseChapter does not exist")

5
src/services/users/schemas/users.py
View file

@ -43,6 +43,11 @@ class PublicUser(User):
creation_date: str creation_date: str
update_date: str update_date: str
class AnonymousUser(BaseModel):
user_id: str = "anonymous"
username: str = "anonymous"
# Forms #################################################### # Forms ####################################################