Skip to content
Snippets Groups Projects
Commit 7b400dc7 authored by Robert Goldmann's avatar Robert Goldmann
Browse files

added authorization:

- create/delete device
parent a28bddd9
No related branches found
No related tags found
No related merge requests found
from fastapi import Security, HTTPException
from fastapi.security import APIKeyHeader
from starlette.status import HTTP_403_FORBIDDEN
from logic.databaseNew.Database import SessionLocal from logic.databaseNew.Database import SessionLocal
...@@ -7,3 +11,12 @@ def get_database(): ...@@ -7,3 +11,12 @@ def get_database():
yield db yield db
finally: finally:
db.close() db.close()
API_KEY_HEADER = APIKeyHeader(name='apiKey')
async def check_api_key(apiKey: str = Security(API_KEY_HEADER)):
from main import API_KEY
if apiKey != API_KEY:
raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail='apiKey invalid')
...@@ -14,13 +14,15 @@ Models.Base.metadata.create_all(bind=engine) ...@@ -14,13 +14,15 @@ Models.Base.metadata.create_all(bind=engine)
with open('version.json', 'r', encoding='UTF-8') as f: with open('version.json', 'r', encoding='UTF-8') as f:
version = json.load(f)['version'] version = json.load(f)['version']
with open('../settings.json', 'r', encoding='UTF-8') as f:
settings = json.load(f)
API_KEY = settings['api']['key']
app = FastAPI(title=Constants.APP_NAME, app = FastAPI(title=Constants.APP_NAME,
version=version['name'], version=version['name'],
description='The StorageLeaf API') description='The StorageLeaf API')
app.include_router(DeviceRouter.router) app.include_router(DeviceRouter.router)
with open('../settings.json', 'r', encoding='UTF-8') as f:
settings = json.load(f)
if __name__ == '__main__': if __name__ == '__main__':
uvicorn.run(app, host=settings['server']['listen'], port=settings['server']['port']) uvicorn.run(app, host=settings['server']['listen'], port=settings['server']['port'])
...@@ -3,7 +3,7 @@ from typing import List ...@@ -3,7 +3,7 @@ from typing import List
from fastapi import APIRouter, HTTPException, Depends from fastapi import APIRouter, HTTPException, Depends
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from Dependencies import get_database from Dependencies import get_database, check_api_key
from logic.databaseNew import Schemas, Crud from logic.databaseNew import Schemas, Crud
from logic.databaseNew.Schemas import Status from logic.databaseNew.Schemas import Status
...@@ -32,8 +32,9 @@ async def read_device(deviceId: int, db: Session = Depends(get_database)): ...@@ -32,8 +32,9 @@ async def read_device(deviceId: int, db: Session = Depends(get_database)):
@router.post('/', response_model=Schemas.Device, @router.post('/', response_model=Schemas.Device,
summary='Adds a new device', summary='Adds a new device',
responses={400: {'description': 'Device with this name already exists'}}) responses={400: {'description': 'Device with this name already exists'}},
async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_database)): dependencies=[Depends(check_api_key)])
async def create_device(device: Schemas.DeviceCreate, db: Session = Depends(get_database)):
createdDevice = Crud.get_device_by_name(db, device.name) createdDevice = Crud.get_device_by_name(db, device.name)
if createdDevice: if createdDevice:
raise HTTPException(status_code=400, detail='Device with this name already exists') raise HTTPException(status_code=400, detail='Device with this name already exists')
...@@ -42,8 +43,9 @@ async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_da ...@@ -42,8 +43,9 @@ async def create_user(device: Schemas.DeviceCreate, db: Session = Depends(get_da
@router.delete('/{deviceId}', response_model=Status, @router.delete('/{deviceId}', response_model=Status,
summary='Gets a specific device', summary='Gets a specific device',
responses={404: {'description': 'Device not found'}}) responses={404: {'description': 'Device not found'}},
async def read_device(deviceId: int, db: Session = Depends(get_database)): dependencies=[Depends(check_api_key)])
async def delete_device(deviceId: int, db: Session = Depends(get_database)):
device = Crud.get_device(db, deviceId=deviceId) device = Crud.get_device(db, deviceId=deviceId)
if device is None: if device is None:
raise HTTPException(status_code=404, detail='Device not found') raise HTTPException(status_code=404, detail='Device not found')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment