goosebit 0.2.5__py3-none-any.whl → 0.2.6__py3-none-any.whl

goosebit/__init__.py

@@ -13,13 +13,14 @@ from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor as Instrum
 from starlette.exceptions import HTTPException as StarletteHTTPException
 from tortoise.exceptions import ValidationError
 
-from goosebit import api, db, realtime, ui, updater
-from goosebit.api.telemetry import metrics
+from goosebit import api, db, plugins, ui, updater
 from goosebit.auth import get_user_from_request, login_user, redirect_if_authenticated
-from goosebit.settings import config
+from goosebit.device_manager import DeviceManager
+from goosebit.settings import PWD_CXT, config
 from goosebit.ui.nav import nav
 from goosebit.ui.static import static
 from goosebit.ui.templates import templates
+from goosebit.users import create_initial_user
 
 logger = getLogger(__name__)
 
@@ -29,7 +30,9 @@ async def lifespan(_: FastAPI):
     db_ready = await db.init()
     if not db_ready:
         logger.exception("DB does not exist, try running `poetry run aerich upgrade`.")
-    await metrics.init()
+
+    logger.debug(f"Initialized storage backend: {config.storage.backend}")
+
     if db_ready:
         yield
     await db.close()
@@ -57,10 +60,30 @@ app = FastAPI(
 app.include_router(updater.router)
 app.include_router(ui.router)
 app.include_router(api.router)
-app.include_router(realtime.router)
 app.mount("/static", static, name="static")
 Instrumentor.instrument_app(app)
 
+for plugin in plugins.load():
+    if plugin.middleware is not None:
+        logger.info(f"Adding middleware for plugin: {plugin.name}")
+        app.add_middleware(plugin.middleware)
+    if plugin.router is not None:
+        logger.info(f"Adding routing handler for plugin: {plugin.name}")
+        app.include_router(router=plugin.router, prefix=plugin.url_prefix)
+    if plugin.db_model_path is not None:
+        logger.info(f"Adding db handler for plugin: {plugin.name}")
+        db.config.add_models(plugin.db_model_path)
+    if plugin.static_files is not None:
+        logger.info(f"Adding static files handler for plugin: {plugin.name}")
+        app.mount(f"{plugin.url_prefix}/static", plugin.static_files, name=plugin.static_files_name)
+    if plugin.templates is not None:
+        logger.info(f"Adding template handler for plugin: {plugin.name}")
+        templates.add_template_handler(plugin.templates)
+    if plugin.update_source_hook is not None:
+        DeviceManager.add_update_source(plugin.update_source_hook)
+    if plugin.config_data_hook is not None:
+        DeviceManager.add_config_callback(plugin.config_data_hook)
+
 
 # Custom exception handler for Tortoise ValidationError
 @app.exception_handler(ValidationError)
@@ -105,7 +128,18 @@ async def login_get(request: Request):
 
 @app.post("/login", tags=["login"])
 async def login_post(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
-    return {"access_token": login_user(form_data.username, form_data.password), "token_type": "bearer"}
+    return {"access_token": await login_user(form_data.username, form_data.password), "token_type": "bearer"}
+
+
+@app.get("/setup", include_in_schema=False)
+async def setup_get(request: Request):
+    return templates.TemplateResponse(request, "setup.html.jinja")
+
+
+@app.post("/setup", include_in_schema=False)
+async def setup_post(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
+    await create_initial_user(form_data.username, PWD_CXT.hash(form_data.password))
+    return {"access_token": await login_user(form_data.username, form_data.password), "token_type": "bearer"}
 
 
 @app.get("/logout", include_in_schema=False)
@@ -115,7 +149,7 @@ async def logout(request: Request):
     return resp
 
 
-@app.get("/docs")
+@app.get("/docs", include_in_schema=False)
 async def swagger_docs(request: Request):
     return get_swagger_ui_html(
         title="gooseBit docs",

goosebit/api/telemetry/metrics.py

@@ -2,7 +2,7 @@ from opentelemetry import metrics
 from opentelemetry.sdk.metrics import MeterProvider
 from opentelemetry.sdk.resources import SERVICE_NAME, Resource
 
-from goosebit.settings import USERS, config
+from goosebit.settings import config
 
 from . import prometheus
 
@@ -28,7 +28,3 @@ users_count = meter.create_gauge(
     "users.count",
     description="The number of registered users",
 )
-
-
-async def init():
-    users_count.set(len(USERS))

goosebit/api/v1/devices/device/responses.py

@@ -7,6 +7,7 @@ from goosebit.schema.devices import DeviceSchema
 
 class DeviceLogResponse(BaseModel):
     log: str | None
+    progress: int | None
 
 
 class DeviceResponse(DeviceSchema):

goosebit/api/v1/devices/device/routes.py

@@ -5,17 +5,18 @@ from fastapi.requests import Request
 
 from goosebit.api.v1.devices.device.responses import DeviceLogResponse, DeviceResponse
 from goosebit.auth import validate_user_permissions
-from goosebit.updater.manager import UpdateManager, get_update_manager
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+from goosebit.db import Device
+from goosebit.device_manager import get_device
 
 router = APIRouter(prefix="/{dev_id}")
 
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()])],
 )
-async def device_get(_: Request, updater: UpdateManager = Depends(get_update_manager)) -> DeviceResponse:
-    device = await updater.get_device()
+async def device_get(_: Request, device: Device = Depends(get_device)) -> DeviceResponse:
     if device is None:
         raise HTTPException(404)
     await device.fetch_related("assigned_software", "hardware")
@@ -24,10 +25,9 @@ async def device_get(_: Request, updater: UpdateManager = Depends(get_update_man
 
 @router.get(
     "/log",
-    dependencies=[Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()])],
 )
-async def device_logs(_: Request, updater: UpdateManager = Depends(get_update_manager)) -> DeviceLogResponse:
-    device = await updater.get_device()
+async def device_logs(_: Request, device: Device = Depends(get_device)) -> DeviceLogResponse:
     if device is None:
         raise HTTPException(404)
-    return DeviceLogResponse(log=device.last_log)
+    return DeviceLogResponse(log=device.last_log, progress=device.progress)

goosebit/api/v1/devices/requests.py

@@ -5,3 +5,23 @@ from pydantic import BaseModel
 
 class DevicesDeleteRequest(BaseModel):
     devices: list[str]
+
+
+class DevicesPatchRequest(BaseModel):
+    devices: list[str]
+    software: str | None = None
+    name: str | None = None
+    pinned: bool | None = None
+    feed: str | None = None
+    force_update: bool | None = None
+    auth_token: str | None = None
+
+
+class DevicesPutRequest(BaseModel):
+    devices: list[str]
+    software: str | None = None
+    name: str | None = None
+    pinned: bool | None = None
+    feed: str | None = None
+    force_update: bool | None = None
+    auth_token: str | None = None

goosebit/api/v1/devices/routes.py

@@ -1,19 +1,21 @@
 from __future__ import annotations
 
 import asyncio
+from http.client import HTTPException
 
 from fastapi import APIRouter, Security
 from fastapi.requests import Request
 
 from goosebit.api.responses import StatusResponse
 from goosebit.auth import validate_user_permissions
-from goosebit.db.models import Device
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+from goosebit.db.models import Device, Software, UpdateModeEnum
+from goosebit.device_manager import DeviceManager, get_device
 from goosebit.schema.devices import DeviceSchema
 from goosebit.schema.software import SoftwareSchema
-from goosebit.updater.manager import delete_devices, get_update_manager
 
 from . import device
-from .requests import DevicesDeleteRequest
+from .requests import DevicesDeleteRequest, DevicesPatchRequest, DevicesPutRequest
 from .responses import DevicesResponse
 
 router = APIRouter(prefix="/devices", tags=["devices"])
@@ -21,15 +23,15 @@ router = APIRouter(prefix="/devices", tags=["devices"])
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()])],
 )
 async def devices_get(_: Request) -> DevicesResponse:
     devices = await Device.all().prefetch_related("hardware", "assigned_software", "assigned_software__compatibility")
     response = DevicesResponse(devices=devices)
 
     async def set_assigned_sw(d: DeviceSchema):
-        updater = await get_update_manager(d.uuid)
-        _, target = await updater.get_update()
+        device = await get_device(d.id)
+        _, target = await DeviceManager.get_update(device)
         if target is not None:
             await target.fetch_related("compatibility")
             d.assigned_software = SoftwareSchema.model_validate(target)
@@ -41,10 +43,68 @@ async def devices_get(_: Request) -> DevicesResponse:
 
 @router.delete(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["device.delete"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["delete"]()])],
 )
 async def devices_delete(_: Request, config: DevicesDeleteRequest) -> StatusResponse:
-    await delete_devices(config.devices)
+    await DeviceManager.delete_devices(config.devices)
+    return StatusResponse(success=True)
+
+
+@router.patch(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["write"]()])],
+)
+async def devices_patch(_: Request, config: DevicesPatchRequest) -> StatusResponse:
+    for dev_id in config.devices:
+        if await Device.get_or_none(id=dev_id) is None:
+            raise HTTPException(404, f"Device with ID {dev_id} not found")
+        device = await DeviceManager.get_device(dev_id)
+        if config.feed is not None:
+            await DeviceManager.update_feed(device, config.feed)
+        if config.software is not None:
+            if config.software == "rollout":
+                await DeviceManager.update_update(device, UpdateModeEnum.ROLLOUT, None)
+            elif config.software == "latest":
+                await DeviceManager.update_update(device, UpdateModeEnum.LATEST, None)
+            else:
+                software = await Software.get_or_none(id=config.software)
+                await DeviceManager.update_update(device, UpdateModeEnum.ASSIGNED, software)
+        if config.pinned is not None:
+            await DeviceManager.update_update(device, UpdateModeEnum.PINNED, None)
+        if config.name is not None:
+            await DeviceManager.update_name(device, config.name)
+        if config.force_update is not None:
+            await DeviceManager.update_force_update(device, config.force_update)
+        if config.auth_token is not None:
+            await DeviceManager.update_auth_token(device, config.auth_token)
+    return StatusResponse(success=True)
+
+
+@router.put(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["device"]["write"]()])],
+)
+async def devices_put(_: Request, config: DevicesPutRequest) -> StatusResponse:
+    for dev_id in config.devices:
+        device = await DeviceManager.get_device(dev_id)
+        if config.feed is not None:
+            await DeviceManager.update_feed(device, config.feed)
+        if config.software is not None:
+            if config.software == "rollout":
+                await DeviceManager.update_update(device, UpdateModeEnum.ROLLOUT, None)
+            elif config.software == "latest":
+                await DeviceManager.update_update(device, UpdateModeEnum.LATEST, None)
+            else:
+                software = await Software.get_or_none(id=config.software)
+                await DeviceManager.update_update(device, UpdateModeEnum.ASSIGNED, software)
+        if config.pinned is not None:
+            await DeviceManager.update_update(device, UpdateModeEnum.PINNED, None)
+        if config.name is not None:
+            await DeviceManager.update_name(device, config.name)
+        if config.force_update is not None:
+            await DeviceManager.update_force_update(device, config.force_update)
+        if config.auth_token is not None:
+            await DeviceManager.update_auth_token(device, config.auth_token)
     return StatusResponse(success=True)
 
 

goosebit/api/v1/download/routes.py

@@ -1,8 +1,9 @@
 from fastapi import APIRouter, HTTPException
 from fastapi.requests import Request
-from fastapi.responses import FileResponse, RedirectResponse
+from fastapi.responses import FileResponse, RedirectResponse, StreamingResponse
 
 from goosebit.db.models import Software
+from goosebit.storage import storage
 
 router = APIRouter(prefix="/download", tags=["download"])
 
@@ -18,5 +19,15 @@ async def download_file(_: Request, file_id: int):
             media_type="application/octet-stream",
             filename=software.path.name,
         )
-    else:
-        return RedirectResponse(url=software.uri)
+
+    try:
+        url = await storage.get_download_url(software.uri)
+        return RedirectResponse(url=url)
+    except Exception:
+        # Fallback to streaming if redirect fails.
+        file_stream = storage.get_file_stream(software.uri)
+        return StreamingResponse(
+            file_stream,
+            media_type="application/octet-stream",
+            headers={"Content-Disposition": f"attachment; filename={software.path.name}"},
+        )

goosebit/api/v1/rollouts/routes.py

@@ -3,6 +3,7 @@ from fastapi.requests import Request
 
 from goosebit.api.responses import StatusResponse
 from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.db.models import Rollout, Software
 
 from .requests import RolloutsDeleteRequest, RolloutsPatchRequest, RolloutsPutRequest
@@ -13,7 +14,7 @@ router = APIRouter(prefix="/rollouts", tags=["rollouts"])
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["rollout.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["read"]()])],
 )
 async def rollouts_get(_: Request) -> RolloutsResponse:
     rollouts = await Rollout.all().prefetch_related("software", "software__compatibility")
@@ -22,7 +23,7 @@ async def rollouts_get(_: Request) -> RolloutsResponse:
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["rollout.write"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["write"]()])],
 )
 async def rollouts_put(_: Request, rollout: RolloutsPutRequest) -> RolloutsPutResponse:
     software = await Software.filter(id=rollout.software_id)
@@ -38,7 +39,7 @@ async def rollouts_put(_: Request, rollout: RolloutsPutRequest) -> RolloutsPutRe
 
 @router.patch(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["rollout.write"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["write"]()])],
 )
 async def rollouts_patch(_: Request, rollouts: RolloutsPatchRequest) -> StatusResponse:
     await Rollout.filter(id__in=rollouts.ids).update(paused=rollouts.paused)
@@ -47,7 +48,7 @@ async def rollouts_patch(_: Request, rollouts: RolloutsPatchRequest) -> StatusRe
 
 @router.delete(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["rollout.delete"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["delete"]()])],
 )
 async def rollouts_delete(_: Request, rollouts: RolloutsDeleteRequest) -> StatusResponse:
     await Rollout.filter(id__in=rollouts.ids).delete()

goosebit/api/v1/routes.py

@@ -1,9 +1,10 @@
 from fastapi import APIRouter
 
-from . import devices, download, rollouts, software
+from . import devices, download, rollouts, settings, software
 
 router = APIRouter(prefix="/v1")
 router.include_router(software.router)
 router.include_router(devices.router)
 router.include_router(rollouts.router)
 router.include_router(download.router)
+router.include_router(settings.router)

goosebit/api/v1/settings/routes.py

@@ -0,0 +1,14 @@
+from fastapi import APIRouter
+
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS, Permission
+
+from . import users
+
+router = APIRouter(prefix="/settings", tags=["settings"])
+
+router.include_router(users.router)
+
+
+@router.get("/permissions", response_model_exclude_none=True)
+async def settings_permissions_get() -> Permission:
+    return GOOSEBIT_PERMISSIONS

goosebit/api/v1/settings/users/__init__.py

@@ -0,0 +1 @@
+from .routes import router  # noqa: F401

goosebit/api/v1/settings/users/requests.py

@@ -0,0 +1,16 @@
+from pydantic import BaseModel
+
+
+class UsersPutRequest(BaseModel):
+    username: str
+    password: str
+    permissions: list[str]
+
+
+class UsersPatchRequest(BaseModel):
+    usernames: list[str]
+    enabled: bool
+
+
+class UsersDeleteRequest(BaseModel):
+    usernames: list[str]

goosebit/api/v1/settings/users/responses.py

@@ -0,0 +1,7 @@
+from pydantic import BaseModel
+
+from goosebit.schema.users import UserSchema
+
+
+class SettingsUsersResponse(BaseModel):
+    users: list[UserSchema]

goosebit/api/v1/settings/users/routes.py

@@ -0,0 +1,56 @@
+from __future__ import annotations
+
+from fastapi import APIRouter, HTTPException, Security
+from fastapi.requests import Request
+
+from goosebit.api.responses import StatusResponse
+from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+from goosebit.db.models import User
+from goosebit.users import UserManager, create_user
+
+from .requests import UsersDeleteRequest, UsersPatchRequest, UsersPutRequest
+from .responses import SettingsUsersResponse
+
+router = APIRouter(prefix="/users")
+
+
+@router.get(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+)
+async def settings_users_get(_: Request) -> SettingsUsersResponse:
+    users = await User.all()
+    return SettingsUsersResponse(users=users)
+
+
+@router.post(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["write"]()])],
+)
+async def settings_users_put(_: Request, user: UsersPutRequest) -> StatusResponse:
+    await create_user(username=user.username, password=user.password, permissions=user.permissions)
+    return StatusResponse(success=True)
+
+
+@router.delete(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["delete"]()])],
+)
+async def settings_users_delete(_: Request, config: UsersDeleteRequest) -> StatusResponse:
+    await UserManager.delete_users(config.usernames)
+    return StatusResponse(success=True)
+
+
+@router.patch(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["delete"]()])],
+)
+async def settings_users_patch(_: Request, config: UsersPatchRequest) -> StatusResponse:
+    for username in config.usernames:
+        if await User.get_or_none(username=username) is None:
+            raise HTTPException(404, f"User with username {username} not found")
+
+        user = await UserManager.get_user(username)
+        await UserManager.update_enabled(user, config.enabled)
+    return StatusResponse(success=True)

goosebit/api/v1/software/routes.py

@@ -9,9 +9,11 @@ from fastapi.requests import Request
 
 from goosebit.api.responses import StatusResponse
 from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.db.models import Rollout, Software
-from goosebit.settings import config
+from goosebit.storage import storage
 from goosebit.updates import create_software_update
+from goosebit.util.path import validate_filename
 
 from .requests import SoftwareDeleteRequest
 from .responses import SoftwareResponse
@@ -21,7 +23,7 @@ router = APIRouter(prefix="/software", tags=["software"])
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()])],
 )
 async def software_get(_: Request) -> SoftwareResponse:
     software = await Software.all().prefetch_related("compatibility")
@@ -30,7 +32,7 @@ async def software_get(_: Request) -> SoftwareResponse:
 
 @router.delete(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.delete"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["delete"]()])],
 )
 async def software_delete(_: Request, delete_req: SoftwareDeleteRequest) -> StatusResponse:
     success = False
@@ -44,10 +46,11 @@ async def software_delete(_: Request, delete_req: SoftwareDeleteRequest) -> Stat
         if rollout_count > 0:
             raise HTTPException(409, "Software is referenced by rollout")
 
-        if software.local:
-            path = software.path
-            if await path.exists():
-                await path.unlink()
+        if software.uri:
+            try:
+                await storage.delete_file(software.uri)
+            except ValueError:
+                pass
 
         await software.delete()
         success = True
@@ -56,7 +59,7 @@ async def software_delete(_: Request, delete_req: SoftwareDeleteRequest) -> Stat
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.write"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["write"]()])],
 )
 async def post_update(_: Request, file: UploadFile | None = File(None), url: str | None = Form(None)):
     if url is not None:
@@ -72,16 +75,17 @@ async def post_update(_: Request, file: UploadFile | None = File(None), url: str
         software = await create_software_update(url, None)
     elif file is not None:
         # local file
-        artifacts_dir = Path(config.artifacts_dir)
-        file_path = artifacts_dir.joinpath(file.filename)
-        tmp_file_path = artifacts_dir.joinpath("tmp", ("".join(random.choices(string.ascii_lowercase, k=12)) + ".tmp"))
-        await tmp_file_path.parent.mkdir(parents=True, exist_ok=True)
+        temp_dir = Path(storage.get_temp_dir())
+        try:
+            file_path = await validate_filename(file.filename, temp_dir)
+        except ValueError as e:
+            raise HTTPException(400, f"Invalid filename: {e}")
+        tmp_file_path = temp_dir.joinpath("".join(random.choices(string.ascii_lowercase, k=12)) + ".tmp")
         file_absolute_path = await file_path.absolute()
-        tmp_file_absolute_path = await tmp_file_path.absolute()
         try:
             async with await open_file(tmp_file_path, "w+b") as f:
                 await f.write(await file.read())
-            software = await create_software_update(file_absolute_path.as_uri(), tmp_file_absolute_path)
+            software = await create_software_update(file_absolute_path.as_uri(), tmp_file_path)
         finally:
             await tmp_file_path.unlink(missing_ok=True)
     else: