Skip to content
Snippets Groups Projects
Commit 7b400dc7 authored by Robert Goldmann's avatar Robert Goldmann
Browse files

added authorization:

- create/delete device
parent a28bddd9
No related branches found
No related tags found
No related merge requests found
from fastapi import Security, HTTPException
from fastapi.security import APIKeyHeader
from starlette.status import HTTP_403_FORBIDDEN
from logic.databaseNew.Database import SessionLocal
......@@ -7,3 +11,12 @@ def get_database():
yield db
finally:
db.close()
API_KEY_HEADER = APIKeyHeader(name='apiKey')
async def check_api_key(apiKey: str = Security(API_KEY_HEADER)):
from main import API_KEY
if apiKey != API_KEY:
raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail='apiKey invalid')
......@@ -14,13 +14,15 @@ Models.Base.metadata.create_all(bind=engine)
with open('version.json', 'r', encoding='UTF-8') as f:
version = json.load(f)['version']
with open('../settings.json', 'r', encoding='UTF-8') as f:
settings = json.load(f)
API_KEY = settings['api']['key']
app = FastAPI(title=Constants.APP_NAME,
version=version['name'],
description='The StorageLeaf API')
app.include_router(DeviceRouter.router)
with open('../settings.json', 'r', encoding='UTF-8') as f:
settings = json.load(f)
if __name__ == '__main__':
uvicorn.run(app, host=settings['server']['listen'], port=settings['server']['port'])
......@@ -3,7 +3,7 @@ from typing import List
from fastapi import APIRouter, HTTPException, Depends
from sqlalchemy.orm import Session
from Dependencies import get_database
from Dependencies import get_database, check_api_key
from logic.databaseNew import Schemas, Crud
from logic.databaseNew.Schemas import Status
......@@ -32,8 +32,9 @@ async def read_device(deviceId: int, db: Session = Depends(get_database)):
@router.post('/', response_model=Schemas.Device,
summary='Adds a new device',
responses={400: {'description': 'Device with this name already exists'}})
async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
responses={400: {'description': 'Device with this name already exists'}},
dependencies=[Depends(check_api_key)])
async def create_device(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
createdDevice = Crud.get_device_by_name(db, device.name)
if createdDevice:
raise HTTPException(status_code=400, detail='Device with this name already exists')
......@@ -42,8 +43,9 @@ async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_da
@router.delete('/{deviceId}', response_model=Status,
summary='Gets a specific device',
responses={404: {'description': 'Device not found'}})
async def read_device(deviceId: int, db: Session = Depends(get_database)):
responses={404: {'description': 'Device not found'}},
dependencies=[Depends(check_api_key)])
async def delete_device(deviceId: int, db: Session = Depends(get_database)):
device = Crud.get_device(db, deviceId=deviceId)
if device is None:
raise HTTPException(status_code=404, detail='Device not found')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment