feat: init public endpoints

src/routers/courses/courses.py

@@ -14,7 +14,7 @@ async def api_create_course(request: Request, org_id: str, name: str = Form(), m
     Create new Course
     """
     course = Course(name=name, mini_description=mini_description, description=description,
-                    org_id=org_id, public=public, thumbnail="", chapters=[], learnings=[])
+                    org_id=org_id, public=public, thumbnail="", chapters=[], chapters_content=[], learnings=[])
     return await create_course(request, course, org_id,  current_user, thumbnail)
 
 

src/security/auth.py

@@ -4,6 +4,7 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from passlib.context import CryptContext
 from jose import JWTError, jwt
 from datetime import datetime, timedelta
+from src.services.users.schemas.users import AnonymousUser
 from src.services.users.users import *
 from fastapi import Cookie, FastAPI
 from src.security.security import *
@@ -76,14 +77,17 @@ async def get_current_user(request: Request, Authorize: AuthJWT = Depends()):
     )
     
     try:
-        Authorize.jwt_required()
-        username = Authorize.get_jwt_subject()
+        Authorize.jwt_optional()
+        username = Authorize.get_jwt_subject() or None
         token_data = TokenData(username=username)  # type: ignore
     except JWTError:
         raise credentials_exception
-    user = await security_get_user(request, email=token_data.username) # type: ignore # treated as an email 
-    if user is None:
-        raise credentials_exception
-    return PublicUser(**user.dict())
+    if username: 
+        user = await security_get_user(request, email=token_data.username) # type: ignore # treated as an email 
+        if user is None:
+            raise credentials_exception
+        return PublicUser(**user.dict())
+    else:
+        return AnonymousUser()
     
     

src/security/security.py

@@ -38,6 +38,18 @@ async def verify_user_rights_with_roles(request: Request, action: str, user_id:
     roles = request.app.db["roles"]
     users = request.app.db["users"]
 
+    user = await users.find_one({"user_id": user_id})
+
+    # Check if user is available
+    if not user and user_id != "anonymous":
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
+    
+    # Check if user is anonymous
+    if user_id == "anonymous":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, detail="The ressource you are trying to access is not publicly available")
+
     # Check if the user is an admin
     user: UserInDB = UserInDB(**await users.find_one({"user_id": user_id}))
 

src/services/courses/courses.py

@@ -4,6 +4,7 @@ from uuid import uuid4
 from pydantic import BaseModel
 from src.services.courses.activities.activities import ActivityInDB
 from src.services.courses.thumbnails import upload_thumbnail
+from src.services.users.schemas.users import AnonymousUser
 from src.services.users.users import PublicUser
 from src.security.security import *
 from fastapi import HTTPException, status, UploadFile
@@ -282,11 +283,14 @@ async def get_courses_orgslug(request: Request, page: int = 1, limit: int = 10,
 #### Security ####################################################
 
 
-async def verify_rights(request: Request, course_id: str, current_user: PublicUser, action: str):
+async def verify_rights(request: Request, course_id: str, current_user: PublicUser | AnonymousUser, action: str):
     courses = request.app.db["courses"]
 
     course = await courses.find_one({"course_id": course_id})
 
+    if current_user.user_id == "anonymous" and course["public"] == True:
+        return True
+
     if not course:
         raise HTTPException(
             status_code=status.HTTP_409_CONFLICT, detail=f"Course/CourseChapter does not exist")

src/services/users/schemas/users.py

@@ -43,6 +43,11 @@ class PublicUser(User):
     creation_date: str
     update_date: str
 
+class AnonymousUser(BaseModel):
+    user_id: str = "anonymous"
+    username: str = "anonymous"
+    
+
 
 # Forms ####################################################