goosebit 0.2.5__py3-none-any.whl → 0.2.6__py3-none-any.whl

goosebit/updater/routes.py

@@ -1,25 +1,100 @@
 import time
 
-from fastapi import APIRouter, Depends
+import httpx
+from fastapi import APIRouter, Depends, HTTPException
 from fastapi.requests import Request
 
+from goosebit.device_manager import DeviceManager, get_device_or_none
 from goosebit.settings import config
+from goosebit.settings.schema import DeviceAuthMode, ExternalAuthMode
 
+from ..db import Device
 from . import controller
-from .manager import get_update_manager
 
 
 async def log_last_connection(request: Request, dev_id: str):
-    updater = await get_update_manager(dev_id)
-    if config.track_device_ip:
-        await updater.update_last_connection(round(time.time()), request.client.host)
+    device = await get_device_or_none(dev_id)
+
+    if not device:
+        return
+
+    if request.scope["config"].track_device_ip:
+        await DeviceManager.update_last_connection(device, round(time.time()), request.client.host)
     else:
-        await updater.update_last_connection(round(time.time()))
+        await DeviceManager.update_last_connection(device, round(time.time()))
+
+
+async def validate_device_token(request: Request, dev_id: str):
+    if not request.scope["config"].device_auth.enable:
+        return
+
+    # parse device token, needs to be the `TargetToken`
+    device_token = request.headers.get("Authorization")
+    if device_token is not None:
+        if device_token.startswith("TargetToken"):
+            device_token = device_token.replace("TargetToken ", "")
+        else:
+            device_token = None
+
+    # setup mode should register devices and set up their auth token
+    if request.scope["config"].device_auth.mode == DeviceAuthMode.SETUP:
+        device = await DeviceManager.get_device(dev_id)
+        if device_token is None:
+            return
+        await DeviceManager.update_auth_token(device, device_token)
+
+    # lax mode should register devices and check their token if they have one, but not register their tokens
+    elif request.scope["config"].device_auth.mode == DeviceAuthMode.LAX:
+        device = await DeviceManager.get_device(dev_id)
+        # should not be possible
+        assert device is not None
+
+        if not device.auth_token == device_token:
+            raise HTTPException(401, "Device authentication token does not match.")
+
+    # strict mode should ensure all device are already set up and have a token, then check the token
+    elif request.scope["config"].device_auth.mode == DeviceAuthMode.STRICT:
+        if device_token is None:
+            raise HTTPException(401, "Device authentication token is required in strict mode.")
+        # do not create a device in strict mode
+        device = await Device.get_or_none(id=dev_id)
+        if device is None:
+            raise HTTPException(401, "Cannot register a new device in strict mode.")
+        if not device.auth_token == device_token:
+            raise HTTPException(401, "Device authentication token does not match.")
+
+    # external mode should check the token with an external service
+    elif request.scope["config"].device_auth.mode == DeviceAuthMode.EXTERNAL:
+        if device_token is None:
+            raise HTTPException(401, "Device authentication token is required in external mode.")
+
+        try:
+            async with httpx.AsyncClient() as client:
+                if request.scope["config"].device_auth.external_mode == ExternalAuthMode.BEARER:
+                    response = await client.post(
+                        request.scope["config"].device_auth.external_url,
+                        headers={"Authorization": f"Bearer {device_token}"},
+                    )
+                elif request.scope["config"].device_auth.external_mode == ExternalAuthMode.JSON:
+                    json = {request.scope["config"].device_auth.external_json_key: device_token}
+                    response = await client.post(
+                        request.scope["config"].device_auth.external_url,
+                        json=json,
+                    )
+
+                if response.status_code != 200:
+                    raise HTTPException(401, "Device authentication token is invalid.")
+                else:
+                    await DeviceManager.get_device(dev_id)
+        except httpx.RequestError as e:
+            raise HTTPException(401, f"Error communicating with authentication service: {str(e)}")
+        except Exception as e:
+            raise HTTPException(401, f"Error: {str(e)}")
 
 
 router = APIRouter(
-    prefix="/ddi",
-    dependencies=[Depends(log_last_connection)],
+    prefix=f"/{config.tenant}",
+    dependencies=[Depends(log_last_connection), Depends(validate_device_token)],
     tags=["ddi"],
 )
 router.include_router(controller.router)

goosebit/updates/__init__.py

@@ -8,10 +8,11 @@ from fastapi import HTTPException
 from fastapi.requests import Request
 from tortoise.expressions import Q
 
-from goosebit.db.models import Hardware, Software
-from goosebit.updater.manager import UpdateManager
+from goosebit.db.models import Device, Hardware, Software
+from goosebit.device_manager import DeviceManager
+from goosebit.schema.updates import UpdateChunk, UpdateChunkArtifact
+from goosebit.storage import storage
 
-from ..settings import config
 from . import swdesc
 
 
@@ -48,11 +49,9 @@ async def create_software_update(uri: str, temp_file: Path | None) -> Software:
         if temp_file is None:
             raise HTTPException(500, "Temporary file missing, cannot parse file information")
         filename = Path(url2pathname(unquote(parsed_uri.path))).name
-        path = Path(config.artifacts_dir).joinpath(update_info["hash"], filename)
-        await path.parent.mkdir(parents=True, exist_ok=True)
-        await temp_file.replace(path)
-        absolute = await path.absolute()
-        uri = absolute.as_uri()
+
+        dest_path = Path(update_info["hash"]).joinpath(filename)
+        uri = await storage.store_file(temp_file, dest_path)
 
     # create software
     software = await Software.create(
@@ -92,31 +91,25 @@ async def _is_software_colliding(update_info):
     return is_colliding
 
 
-async def generate_chunk(request: Request, updater: UpdateManager) -> list:
-    _, software = await updater.get_update()
+async def generate_chunk(request: Request, device: Device) -> list[UpdateChunk]:
+    _, software = await DeviceManager.get_update(device)
     if software is None:
         return []
-    if software.local:
-        href = str(
-            request.url_for(
-                "download_artifact",
-                dev_id=updater.dev_id,
-            )
-        )
-    else:
-        href = software.uri
+
+    # Always use the download endpoint for consistency, the endpoint
+    # will handle both local and remote files appropriately.
+    href = str(request.url_for("download_artifact", dev_id=device.id))
+
     return [
-        {
-            "part": "os",
-            "version": "1",
-            "name": software.path.name,
-            "artifacts": [
-                {
-                    "filename": software.path.name,
-                    "hashes": {"sha1": software.hash},
-                    "size": software.size,
-                    "_links": {"download": {"href": href}},
-                }
+        UpdateChunk(
+            name=software.path.name,
+            artifacts=[
+                UpdateChunkArtifact(
+                    filename=software.path.name,
+                    hashes={"sha1": software.hash},
+                    size=software.size,
+                    links={"download": {"href": href}},
+                )
             ],
-        }
+        )
     ]

goosebit/updates/swdesc.py

@@ -6,15 +6,17 @@ from typing import Any
 
 import httpx
 import libconf
-import semver
 from anyio import AsyncFile, Path, open_file
 
-from goosebit.settings import config
+from goosebit.storage import storage
+from goosebit.util.version import Version
 
 logger = logging.getLogger(__name__)
 
 
 def _append_compatibility(boardname, value, compatibility):
+    if not isinstance(value, dict):
+        return
     if "hardware-compatibility" in value:
         for revision in value["hardware-compatibility"]:
             compatibility.append({"hw_model": boardname, "hw_revision": revision})
@@ -23,7 +25,7 @@ def _append_compatibility(boardname, value, compatibility):
 def parse_descriptor(swdesc: libconf.AttrDict[Any, Any | None]):
     swdesc_attrs = {}
     try:
-        swdesc_attrs["version"] = semver.Version.parse(swdesc["software"]["version"], optional_minor_and_patch=True)
+        swdesc_attrs["version"] = Version.parse(swdesc["software"]["version"])
         compatibility: list[dict[str, str]] = []
         _append_compatibility("default", swdesc["software"], compatibility)
 
@@ -35,6 +37,10 @@ def parse_descriptor(swdesc: libconf.AttrDict[Any, Any | None]):
                 for key2 in element:
                     _append_compatibility(key, element[key2], compatibility)
 
+        if len(compatibility) == 0:
+            # if nothing is specified, assume compatibility with default / default boards
+            compatibility.append({"hw_model": "default", "hw_revision": "default"})
+
         swdesc_attrs["compatibility"] = compatibility
     except KeyError as e:
         logging.warning(f"Parsing swu descriptor failed, error={e}")
@@ -71,15 +77,16 @@ async def parse_file(file: Path):
 async def parse_remote(url: str):
     async with httpx.AsyncClient() as c:
         file = await c.get(url)
-        artifacts_dir = Path(config.artifacts_dir)
-        tmp_file_path = artifacts_dir.joinpath("tmp", ("".join(random.choices(string.ascii_lowercase, k=12)) + ".tmp"))
-        await tmp_file_path.parent.mkdir(parents=True, exist_ok=True)
+        temp_dir = Path(storage.get_temp_dir())
+        tmp_file_path = temp_dir.joinpath("".join(random.choices(string.ascii_lowercase, k=12)) + ".tmp")
         try:
             async with await open_file(tmp_file_path, "w+b") as f:
                 await f.write(file.content)
-            file_data = await parse_file(Path(str(f.name)))
+            file_data = await parse_file(tmp_file_path)  # Use anyio.Path for parse_file
+        except Exception:
+            raise
         finally:
-            await tmp_file_path.unlink()
+            await tmp_file_path.unlink(missing_ok=True)
         return file_data
 
 

goosebit/users/__init__.py

@@ -0,0 +1,63 @@
+from aiocache import caches
+
+from goosebit.api.telemetry.metrics import users_count
+from goosebit.db.models import User
+from goosebit.settings import PWD_CXT
+
+
+async def create_user(username: str, password: str, permissions: list[str]) -> User:
+    return await UserManager.setup_user(username=username, hashed_pwd=PWD_CXT.hash(password), permissions=permissions)
+
+
+async def create_initial_user(username: str, hashed_pwd: str) -> User:
+    return await UserManager.setup_user(username=username, hashed_pwd=hashed_pwd, permissions=["*"])
+
+
+class UserManager:
+    @staticmethod
+    async def save_user(user: User, update_fields: list[str]) -> None:
+        await user.save(update_fields=update_fields)
+
+        # only update cache after a successful database save
+        result = await caches.get("default").set(user.username, user, ttl=600)
+        assert result, "user being cached"
+
+    @staticmethod
+    async def update_enabled(user: User, enabled: bool) -> None:
+        user.enabled = enabled
+        await UserManager.save_user(user, update_fields=["enabled"])
+
+    @classmethod
+    async def setup_user(cls, username: str, hashed_pwd: str, permissions: list[str]) -> User:
+        user = (
+            await User.get_or_create(
+                username=username,
+                defaults={
+                    "hashed_pwd": hashed_pwd,
+                    "permissions": permissions,
+                },
+            )
+        )[0]
+        users_count.set(await User.all().count())
+        return user
+
+    @staticmethod
+    async def get_user(username: str) -> User:
+        cache = caches.get("default")
+        user = await cache.get(username)
+        if user:
+            return user
+
+        user = await User.get_or_none(username=username)
+        if user is not None:
+            result = await cache.set(user.username, user, ttl=600)
+            assert result, "user being cached"
+
+        return user
+
+    @staticmethod
+    async def delete_users(usernames: list[str]):
+        await User.filter(username__in=usernames).delete()
+        for username in usernames:
+            await caches.get("default").delete(username)
+        users_count.set(await User.all().count())

goosebit/util/path.py

@@ -0,0 +1,42 @@
+from anyio import Path
+
+
+async def validate_filename(filename: str, temp_dir: Path) -> Path:
+    if not filename or not isinstance(filename, str):
+        raise ValueError("Filename must be a non-empty string")
+
+    filename = filename.strip()
+    if not filename:
+        raise ValueError("Filename cannot be empty or whitespace only")
+
+    # Check for dangerous patterns that could indicate path traversal
+    # This includes both Unix (..) and Windows (..\) style traversal
+    dangerous_patterns = ["../", "..\\", "../", "..\\"]
+    if any(pattern in filename for pattern in dangerous_patterns):
+        raise ValueError("Filename contains invalid path traversal components")
+
+    # Check for Windows drive letters (C:, D:, etc.)
+    if len(filename) >= 2 and filename[1] == ":" and filename[0].isalpha():
+        raise ValueError("Filename cannot contain Windows drive letters")
+
+    # Create a path from the filename
+    filename_path = Path(filename)
+
+    # Check if it's an absolute path
+    if filename_path.is_absolute():
+        raise ValueError("Filename cannot be an absolute path")
+
+    # Construct the full path within temp directory
+    file_path = temp_dir / filename_path
+
+    # Resolve both paths to check for path traversal
+    resolved_file = await file_path.resolve()
+    resolved_temp = await temp_dir.resolve()
+
+    # Ensure the resolved file path is within the temp directory
+    try:
+        resolved_file.relative_to(resolved_temp)
+    except ValueError:
+        raise ValueError("Filename contains invalid path traversal components")
+
+    return file_path

goosebit/util/version.py

@@ -0,0 +1,92 @@
+from functools import total_ordering
+
+from semver import Version as SemVersion
+
+
+# Class that replicates version handling of swupdate. For reference see
+# * https://sbabic.github.io/swupdate/sw-description.html#versioning-schemas-in-swupdate
+# * https://github.com/sbabic/swupdate/blob/60322d5ad668e5603341c5f42b3c51d0a1c60226/core/artifacts_versions.c#L158
+# * https://github.com/sbabic/swupdate/blob/60322d5ad668e5603341c5f42b3c51d0a1c60226/core/artifacts_versions.c#L217
+@total_ordering
+class Version:
+    version_str: str
+    default_version: int | None
+    sem_version: SemVersion
+
+    def __init__(self, version_str: str, default_version: int | None = None, sem_version: SemVersion = None):
+        self.version_str = version_str
+        self.default_version = default_version
+        self.sem_version = sem_version
+
+    @staticmethod
+    def parse(version_str: str):
+        default_version = Version._default_version_to_number(version_str)
+        sem_version = None
+        try:
+            sem_version = SemVersion.parse(version_str, optional_minor_and_patch=True)
+        except (TypeError, ValueError):
+            pass
+
+        if not default_version and not sem_version:
+            raise ValueError(f"{version_str} is not valid swupdate version")
+
+        return Version(version_str, default_version, sem_version)
+
+    def __str__(self):
+        return self.version_str
+
+    def __eq__(self, other):
+        # support comparison with strings as a convenience
+        if isinstance(other, str):
+            try:
+                other = Version.parse(other)
+            except ValueError:
+                return False
+
+        if not isinstance(other, Version):
+            return NotImplemented
+
+        if self.default_version and other.default_version:
+            return self.default_version == other.default_version
+
+        if self.sem_version and other.sem_version:
+            return self.sem_version == other.sem_version
+
+        # fallback to lexical comparison of no of the same type
+        return self.version_str == other.version_str
+
+    def __lt__(self, other):
+        if not isinstance(other, Version):
+            return NotImplemented
+
+        if self.default_version and other.default_version:
+            return self.default_version < other.default_version
+
+        if self.sem_version and other.sem_version:
+            return self.sem_version < other.sem_version
+
+        # fallback to lexical comparison of no of the same type
+        return self.version_str < other.version_str
+
+    @staticmethod
+    def _default_version_to_number(version_string: str) -> int | None:
+        parts = version_string.split(".")
+        count = min(len(parts), 4)
+        version = 0
+
+        for i in range(count):
+            try:
+                fld = int(parts[i])
+            except ValueError:
+                return None
+
+            if fld > 0xFFFF:
+                print(f"Version {version_string} had an element > 65535, falling back to semver")
+                return None
+
+            version = (version << 16) | fld
+
+        if count < 4:
+            version <<= 16 * (4 - count)
+
+        return version