goosebit 0.2.5__py3-none-any.whl → 0.2.7__py3-none-any.whl

goosebit/ui/bff/settings/users/routes.py

@@ -0,0 +1,80 @@
+from __future__ import annotations
+
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, Security
+from tortoise.expressions import Q
+
+from goosebit.api.v1.settings.users import routes
+from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
+from goosebit.db.models import User
+from goosebit.ui.bff.common.columns import SettingsUsersColumns
+from goosebit.ui.bff.common.requests import DataTableRequest
+from goosebit.ui.bff.common.responses import DTColumns
+from goosebit.ui.bff.common.util import parse_datatables_query
+from goosebit.ui.bff.settings.users.responses import BFFSettingsUsersResponse
+
+router = APIRouter(prefix="/users")
+
+
+@router.get(
+    "",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+)
+async def settings_users_get(
+    dt_query: Annotated[DataTableRequest, Depends(parse_datatables_query)],
+) -> BFFSettingsUsersResponse:
+    filters: list[Q] = []
+
+    def search_filter(search_value):
+        base_filter = Q(Q(username__icontains=search_value), join_type="OR")
+        return Q(base_filter, *filters, join_type="AND")
+
+    query = User.all()
+
+    return await BFFSettingsUsersResponse.convert(dt_query, query, search_filter)
+
+
+router.add_api_route(
+    "",
+    routes.settings_users_put,
+    methods=["POST"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["write"]()])],
+    name="bff_settings_users_put",
+)
+
+router.add_api_route(
+    "",
+    routes.settings_users_delete,
+    methods=["DELETE"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["delete"]()])],
+    name="bff_settings_users_delete",
+)
+
+router.add_api_route(
+    "",
+    routes.settings_users_patch,
+    methods=["PATCH"],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["write"]()])],
+    name="bff_settings_users_patch",
+)
+
+
+@router.get(
+    "/columns",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["settings"]["users"]["read"]()])],
+    response_model_exclude_none=True,
+)
+async def settings_users_get_columns() -> DTColumns:
+    columns = list(
+        filter(
+            None,
+            [
+                SettingsUsersColumns.username,
+                SettingsUsersColumns.enabled,
+                SettingsUsersColumns.permissions,
+            ],
+        )
+    )
+    return DTColumns(columns=columns)

goosebit/ui/bff/software/routes.py

@@ -9,12 +9,16 @@ from tortoise.expressions import Q
 
 from goosebit.api.v1.software import routes
 from goosebit.auth import validate_user_permissions
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.db.models import Hardware, Rollout, Software
-from goosebit.settings import config
+from goosebit.storage import storage
 from goosebit.ui.bff.common.requests import DataTableRequest
 from goosebit.ui.bff.common.util import parse_datatables_query
 from goosebit.updates import create_software_update
+from goosebit.util.path import validate_filename
 
+from ..common.columns import SoftwareColumns
+from ..common.responses import DTColumns
 from .responses import BFFSoftwareResponse
 
 router = APIRouter(prefix="/software")
@@ -22,11 +26,11 @@ router = APIRouter(prefix="/software")
 
 @router.get(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.read"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()])],
 )
 async def software_get(
     dt_query: Annotated[DataTableRequest, Depends(parse_datatables_query)],
-    uuids: list[str] = Query(default=None),
+    ids: list[str] = Query(default=None),
 ) -> BFFSoftwareResponse:
     filters: list[Q] = []
 
@@ -36,8 +40,8 @@ async def software_get(
 
     query = Software.all().prefetch_related("compatibility")
 
-    if uuids:
-        hardware = await Hardware.filter(devices__uuid__in=uuids).distinct()
+    if ids:
+        hardware = await Hardware.filter(devices__id__in=ids).distinct()
         filters.append(Q(*[Q(compatibility__id=c.id) for c in hardware], join_type="AND"))
 
     return await BFFSoftwareResponse.convert(dt_query, query, search_filter, Q(*filters))
@@ -47,14 +51,14 @@ router.add_api_route(
     "",
     routes.software_delete,
     methods=["DELETE"],
-    dependencies=[Security(validate_user_permissions, scopes=["software.delete"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["delete"]()])],
     name="bff_software_delete",
 )
 
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=["software.write"])],
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["write"]()])],
 )
 async def post_update(
     request: Request,
@@ -77,11 +81,14 @@ async def post_update(
         await create_software_update(url, None)
     else:
         # local file
-        artifacts_dir = Path(config.artifacts_dir)
-        file = artifacts_dir.joinpath(filename)
-        await artifacts_dir.mkdir(parents=True, exist_ok=True)
+        temp_dir = Path(storage.get_temp_dir())
 
-        temp_file = file.with_suffix(".tmp")
+        try:
+            file_path = await validate_filename(filename, temp_dir)
+        except ValueError as e:
+            raise HTTPException(400, f"Invalid filename: {e}")
+
+        temp_file = file_path.with_suffix(".tmp")
         if init:
             await temp_file.unlink(missing_ok=True)
 
@@ -90,7 +97,28 @@ async def post_update(
 
         if done:
             try:
-                absolute = await file.absolute()
+                absolute = await file_path.absolute()
                 await create_software_update(absolute.as_uri(), temp_file)
             finally:
                 await temp_file.unlink(missing_ok=True)
+
+
+@router.get(
+    "/columns",
+    dependencies=[Security(validate_user_permissions, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()])],
+    response_model_exclude_none=True,
+)
+async def devices_get_columns() -> DTColumns:
+    columns = list(
+        filter(
+            None,
+            [
+                SoftwareColumns.id,
+                SoftwareColumns.name,
+                SoftwareColumns.version,
+                SoftwareColumns.compatibility,
+                SoftwareColumns.size,
+            ],
+        )
+    )
+    return DTColumns(columns=columns)

goosebit/ui/nav.py

@@ -1,10 +1,20 @@
+from pydantic import BaseModel
+
+
+class NavigationItem(BaseModel):
+    function: str
+    text: str
+    permissions: list[str]
+    show: bool
+
+
 class Navigation:
     def __init__(self):
         self.items = []
 
-    def route(self, text: str, permissions: str | None = None):
+    def route(self, text: str, permissions: list[str] | None = None, show: bool = True):
         def decorator(func):
-            self.items.append({"function": func.__name__, "text": text, "permissions": permissions})
+            self.items.append(NavigationItem(function=func.__name__, text=text, permissions=permissions, show=show))
             return func
 
         return decorator

goosebit/ui/routes.py

@@ -1,19 +1,48 @@
-from fastapi import APIRouter, Depends, Security
-from fastapi.requests import Request
+import logging
+
+from fastapi import APIRouter, Depends, HTTPException, Security
+from fastapi.requests import HTTPConnection, Request
 from fastapi.responses import RedirectResponse
-from fastapi.security import OAuth2PasswordBearer
+from fastapi.security import SecurityScopes
 
-from goosebit.auth import redirect_if_unauthenticated, validate_user_permissions
+from goosebit.auth import (
+    check_permissions,
+    get_current_user,
+    redirect_if_unauthenticated,
+)
+from goosebit.auth.permissions import GOOSEBIT_PERMISSIONS
 from goosebit.ui.nav import nav
 
+from ..db.models import User
 from . import bff
 from .templates import templates
 
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="login")
-
 router = APIRouter(prefix="/ui", include_in_schema=False)
 router.include_router(bff.router)
 
+logger = logging.getLogger(__name__)
+
+
+def validate_user_permissions_with_nav_redirect(
+    connection: HTTPConnection,
+    security: SecurityScopes,
+    user: User = Depends(get_current_user),
+):
+    if not check_permissions(security.scopes, user.permissions):
+        logger.warning(f"{user.username} does not have sufficient permissions")
+        for item in nav.items:
+            if check_permissions(item.permissions, user.permissions):
+                raise HTTPException(
+                    status_code=302,
+                    headers={"location": str(connection.url_for(item.function))},
+                )
+        raise HTTPException(
+            status_code=403,
+            detail="Not enough permissions",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    return connection
+
 
 @router.get("", dependencies=[Depends(redirect_if_unauthenticated)])
 async def ui_root(request: Request):
@@ -22,34 +51,58 @@ async def ui_root(request: Request):
 
 @router.get(
     "/devices",
-    dependencies=[Depends(redirect_if_unauthenticated), Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()]),
+    ],
 )
-@nav.route("Devices", permissions="device.read")
+@nav.route("Devices", permissions=[GOOSEBIT_PERMISSIONS["device"]["read"]()])
 async def devices_ui(request: Request):
     return templates.TemplateResponse(request, "devices.html.jinja", context={"title": "Devices"})
 
 
 @router.get(
     "/software",
-    dependencies=[Depends(redirect_if_unauthenticated), Security(validate_user_permissions, scopes=["software.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["software"]["read"]()]),
+    ],
 )
-@nav.route("Software", permissions="software.read")
+@nav.route("Software", permissions=[GOOSEBIT_PERMISSIONS["software"]["read"]()])
 async def software_ui(request: Request):
     return templates.TemplateResponse(request, "software.html.jinja", context={"title": "Software"})
 
 
 @router.get(
     "/rollouts",
-    dependencies=[Depends(redirect_if_unauthenticated), Security(validate_user_permissions, scopes=["rollout.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["rollout"]["read"]()]),
+    ],
 )
-@nav.route("Rollouts", permissions="rollout.read")
+@nav.route("Rollouts", permissions=[GOOSEBIT_PERMISSIONS["rollout"]["read"]()])
 async def rollouts_ui(request: Request):
     return templates.TemplateResponse(request, "rollouts.html.jinja", context={"title": "Rollouts"})
 
 
 @router.get(
     "/logs/{dev_id}",
-    dependencies=[Depends(redirect_if_unauthenticated), Security(validate_user_permissions, scopes=["device.read"])],
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["device"]["read"]()]),
+    ],
 )
 async def logs_ui(request: Request, dev_id: str):
     return templates.TemplateResponse(request, "logs.html.jinja", context={"title": "Log", "device": dev_id})
+
+
+@router.get(
+    "/settings",
+    dependencies=[
+        Depends(redirect_if_unauthenticated),
+        Security(validate_user_permissions_with_nav_redirect, scopes=[GOOSEBIT_PERMISSIONS["settings"]()]),
+    ],
+)
+@nav.route("Settings", permissions=[GOOSEBIT_PERMISSIONS["settings"]()], show=False)
+async def settings_ui(request: Request):
+    return templates.TemplateResponse(request, "settings.html.jinja", context={"title": "Settings"})

goosebit/ui/static/js/devices.js

@@ -1,19 +1,8 @@
 let dataTable;
 
 const renderFunctions = {
-    online: (data, type) => {
-        if (type === "display" || type === "filter") {
-            const color = data ? "success" : "danger";
-            return `
-            <div class="text-${color}">
-                ●
-            </div>
-            `;
-        }
-        return data;
-    },
     force_update: (data, type) => {
-        if (type === "display" || type === "filter") {
+        if (type === "display") {
             const color = data ? "success" : "muted";
             return `
             <div class="text-${color}">
@@ -29,6 +18,9 @@ const renderFunctions = {
         }
         return data;
     },
+    polling: (data, type) => {
+        return data ? "on time" : "overdue";
+    },
     last_seen: (data, type) => {
         if (type === "display" || type === "filter") {
             return secondsToRecentDate(data);
@@ -52,13 +44,13 @@ document.addEventListener("DOMContentLoaded", async () => {
         paging: true,
         processing: false,
         serverSide: true,
-        order: { name: "uuid", dir: "asc" },
+        order: { name: "id", dir: "asc" },
         scrollCollapse: true,
         scroller: true,
         scrollY: "65vh",
         stateSave: true,
         select: true,
-        rowId: "uuid",
+        rowId: "id",
         ajax: {
             url: "/ui/bff/devices",
             data: (data) => {
@@ -96,7 +88,7 @@ document.addEventListener("DOMContentLoaded", async () => {
                         text: '<i class="bi bi-file-text"></i>',
                         action: () => {
                             const selectedDevice = dataTable.rows({ selected: true }).data().toArray()[0];
-                            window.location.href = `/ui/logs/${selectedDevice.uuid}`;
+                            window.location.href = `/ui/logs/${selectedDevice.id}`;
                         },
                         className: "buttons-logs",
                         titleAttr: "View Log",
@@ -125,7 +117,7 @@ document.addEventListener("DOMContentLoaded", async () => {
                                 .rows({ selected: true })
                                 .data()
                                 .toArray()
-                                .map((d) => d.uuid);
+                                .map((d) => d.id);
                             await deleteDevices(selectedDevices);
                         },
                         className: "buttons-delete",
@@ -138,7 +130,7 @@ document.addEventListener("DOMContentLoaded", async () => {
                                 .rows({ selected: true })
                                 .data()
                                 .toArray()
-                                .map((d) => d.uuid);
+                                .map((d) => d.id);
                             await forceUpdateDevices(selectedDevices);
                         },
                         className: "buttons-force-update",
@@ -151,7 +143,7 @@ document.addEventListener("DOMContentLoaded", async () => {
                                 .rows({ selected: true })
                                 .data()
                                 .toArray()
-                                .map((d) => d.uuid);
+                                .map((d) => d.id);
                             await pinDevices(selectedDevices);
                         },
                         className: "buttons-pin",
@@ -171,7 +163,7 @@ document.addEventListener("DOMContentLoaded", async () => {
         });
 
     setInterval(() => {
-        dataTable.ajax.reload(null, false);
+        updateDeviceList();
     }, TABLE_UPDATE_TIME);
 
     await updateSoftwareSelection();
@@ -291,7 +283,7 @@ async function updateDeviceName() {
         .rows({ selected: true })
         .data()
         .toArray()
-        .map((d) => d.uuid);
+        .map((d) => d.id);
     const name = document.getElementById("device-name").value;
 
     try {
@@ -308,7 +300,7 @@ async function updateDeviceRollout() {
         .rows({ selected: true })
         .data()
         .toArray()
-        .map((d) => d.uuid);
+        .map((d) => d.id);
     const feed = document.getElementById("device-selected-feed").value;
     const software = "rollout";
 
@@ -326,7 +318,7 @@ async function updateDeviceManualSoftware() {
         .rows({ selected: true })
         .data()
         .toArray()
-        .map((d) => d.uuid);
+        .map((d) => d.id);
     const feed = null;
     const software = document.getElementById("selected-sw").value;
 
@@ -344,7 +336,7 @@ async function updateDeviceLatest() {
         .rows({ selected: true })
         .data()
         .toArray()
-        .map((d) => d.uuid);
+        .map((d) => d.id);
     const feed = null;
     const software = "latest";
 
@@ -388,5 +380,21 @@ async function pinDevices(devices) {
 }
 
 function updateDeviceList() {
-    dataTable.ajax.reload();
+    const scrollPosition = $("#device-table").parent().scrollTop(); // Get current scroll position
+
+    const selectedRows = dataTable
+        .rows({ selected: true })
+        .data()
+        .toArray()
+        .map((d) => d.id);
+
+    dataTable.ajax.reload(() => {
+        dataTable.rows().every(function () {
+            const rowData = this.data();
+            if (selectedRows.includes(rowData.id)) {
+                this.select();
+            }
+        });
+        $("#device-table").parent().scrollTop(scrollPosition); // Restore scroll position after reload
+    }, false);
 }

goosebit/ui/static/js/login.js

@@ -1,4 +1,5 @@
-loginForm = document.getElementById("login_form");
+const loginForm = document.getElementById("login_form");
+const errorContainer = document.getElementById("login_error");
 
 async function login() {
     const formData = new FormData(loginForm);
@@ -8,16 +9,31 @@ async function login() {
             method: "POST",
             body: formData,
         });
-        tokenData = await response.json();
+
+        if (response.status === 401) {
+            const result = await response.json();
+            errorContainer.textContent = result.detail || "Failed to login.";
+            errorContainer.classList.remove("d-none");
+            return;
+        }
+
+        if (!response.ok) {
+            errorContainer.textContent = "Something went wrong. Please try again.";
+            errorContainer.classList.remove("d-none");
+            return;
+        }
+
+        const tokenData = await response.json();
         document.cookie = `session_id=${tokenData.access_token}; path=/`;
         location.reload();
-    } catch (e) {
-        // handle form errors later
-        console.error(e);
+    } catch (error) {
+        errorContainer.textContent = "Network error. Please try again.";
+        errorContainer.classList.remove("d-none");
     }
 }
 
 loginForm.addEventListener("submit", (event) => {
     event.preventDefault();
+    errorContainer.classList.add("d-none"); // Hide error before new attempt
     login();
 });

goosebit/ui/static/js/logs.js

@@ -1,25 +1,10 @@
-document.addEventListener("DOMContentLoaded", () => {
-    const logs_ws = create_ws(`/realtime/logs/${device}`);
+document.addEventListener("DOMContentLoaded", async () => {
+    const res = await get_request(`/ui/bff/devices/${device}/log`);
 
-    logs_ws.addEventListener("message", (event) => {
-        const res = JSON.parse(event.data);
+    const logElem = document.getElementById("device-log");
+    logElem.textContent = res.log;
 
-        const logElem = document.getElementById("device-log");
-        if (res.clear) {
-            logElem.textContent = "";
-        }
-        logElem.textContent += res.log;
-
-        const progressElem = document.getElementById("install-progress");
-        progressElem.style.width = `${res.progress}%`;
-        progressElem.innerHTML = `${res.progress}%`;
-    });
+    const progressElem = document.getElementById("install-progress");
+    progressElem.style.width = `${res.progress}%`;
+    progressElem.innerHTML = `${res.progress}%`;
 });
-
-function create_ws(s) {
-    const l = window.location;
-    const protocol = l.protocol === "https:" ? "wss://" : "ws://";
-    const port = l.port !== "80" || l.port !== "443" ? l.port : "";
-    const url = `${protocol}${l.hostname}:${port}${s}`;
-    return new WebSocket(url);
-}

goosebit/ui/static/js/rollouts.js

@@ -1,6 +1,30 @@
 let dataTable;
 
+const renderFunctions = {
+    paused: (data, type) => {
+        if (type === "display") {
+            const color = data ? "danger" : "muted";
+            return `
+            <div class="text-${color}">
+                ●
+            </div>
+            `;
+        }
+        return data;
+    },
+    created_at: (data, type) => new Date(data).toLocaleString(),
+};
+
 document.addEventListener("DOMContentLoaded", async () => {
+    const columnConfig = await get_request("/ui/bff/rollouts/columns");
+    for (const col in columnConfig.columns) {
+        const colDesc = columnConfig.columns[col];
+        const colName = colDesc.data;
+        if (renderFunctions[colName]) {
+            columnConfig.columns[col].render = renderFunctions[colName];
+        }
+    }
+
     dataTable = new DataTable("#rollout-table", {
         responsive: true,
         paging: true,
@@ -32,37 +56,10 @@ document.addEventListener("DOMContentLoaded", async () => {
                 targets: "_all",
                 searchable: false,
                 orderable: false,
+                render: (data) => data || "-",
             },
         ],
-        columns: [
-            { data: "id", visible: false },
-            {
-                data: "created_at",
-                name: "created_at",
-                orderable: true,
-                render: (data) => new Date(data).toLocaleString(),
-            },
-            { data: "name", name: "name", searchable: true, orderable: true },
-            { data: "feed", name: "feed", searchable: true, orderable: true },
-            { data: "sw_file" },
-            { data: "sw_version" },
-            {
-                data: "paused",
-                render: (data, type) => {
-                    if (type === "display" || type === "filter") {
-                        const color = data ? "danger" : "muted";
-                        return `
-                        <div class="text-${color}">
-                            ●
-                        </div>
-                        `;
-                    }
-                    return data;
-                },
-            },
-            { data: "success_count" },
-            { data: "failure_count" },
-        ],
+        columns: columnConfig.columns,
         layout: {
             top1Start: {
                 buttons: [],
@@ -194,7 +191,11 @@ async function createRollout() {
 }
 
 function updateRolloutList() {
-    dataTable.ajax.reload();
+    const scrollPosition = $("#rollout-table").parent().scrollTop(); // Get current scroll position
+
+    dataTable.ajax.reload(() => {
+        $("#rollout-table").parent().scrollTop(scrollPosition); // Restore scroll position after reload
+    }, false);
 }
 
 async function deleteRollouts(ids) {