meerschaum 2.9.4__py3-none-any.whl → 3.0.0__py3-none-any.whl

meerschaum/api/routes/_plugins.py

@@ -12,6 +12,8 @@ import shutil
 import pathlib
 import os
 
+import meerschaum as mrsm
+from meerschaum.core import User
 from meerschaum.utils.typing import Optional, List, SuccessTuple, Any, Dict
 
 from meerschaum.api import (
@@ -24,11 +26,14 @@ from meerschaum.api import (
     private,
     no_auth,
     default_instance_keys,
+    ScopedAuth,
 )
+from meerschaum.api.models import SuccessTupleResponseModel
 from meerschaum.api.tables import get_tables
 from fastapi import File, UploadFile
 from meerschaum.utils.packages import attempt_import
 from meerschaum.core import Plugin
+from meerschaum.utils.misc import filter_arguments
 starlette_responses = attempt_import('starlette.responses', warn=False, lazy=False)
 FileResponse = starlette_responses.FileResponse
 
@@ -38,22 +43,24 @@ plugins_endpoint = endpoints['plugins']
 PLUGINS_INSTANCE_KEYS = default_instance_keys
 
 
-@app.post(plugins_endpoint + '/{name}', tags=['Plugins'])
+@app.post(
+    plugins_endpoint + '/{name}',
+    tags=['Plugins'],
+    response_model=SuccessTupleResponseModel,
+)
 def register_plugin(
     name: str,
     version: str = None,
     attributes: str = None,
     archive: UploadFile = File(...),
-    curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
-    ),
+    curr_user = fastapi.Depends(manager),
 ) -> SuccessTuple:
     """
     Register a plugin and save its archive file.
 
     Parameters
     ----------
-    name: str :
+    name: str
         The name of the plugin.
         
     version: str, default None
@@ -65,7 +72,7 @@ def register_plugin(
     archive: UploadFile :
         The archive file of the plugin.
 
-    curr_user: 'meerschaum.core.User'
+    curr_user: User
         The logged-in user.
 
     Returns
@@ -102,16 +109,15 @@ def register_plugin(
         )
 
     if curr_user is not None:
-        plugin_user_id = get_api_connector(PLUGINS_INSTANCE_KEYS).get_plugin_user_id(plugin)
-        curr_user_id = get_api_connector(PLUGINS_INSTANCE_KEYS).get_user_id(curr_user) if curr_user is not None else -1
+        plugin_user_id = get_api_connector(PLUGINS_INSTANCE_KEYS).get_plugin_user_id(plugin, debug=debug)
+        curr_user_id = get_api_connector(PLUGINS_INSTANCE_KEYS).get_user_id(curr_user, debug=debug) if curr_user is not None else -1
         if plugin_user_id is not None and plugin_user_id != curr_user_id:
             return False, f"User '{curr_user.username}' cannot edit plugin '{plugin}'."
         plugin.user_id = curr_user_id
 
-    success, msg = get_api_connector(
-        PLUGINS_INSTANCE_KEYS
-    ).register_plugin(plugin, make_archive=False, debug=debug)
-
+    register_plugin = get_api_connector(PLUGINS_INSTANCE_KEYS).register_plugin
+    args, kwargs = filter_arguments(register_plugin, plugin, make_archive=False, debug=debug)
+    success, msg = register_plugin(*args, **kwargs)
     if success:
         archive_path = plugin.archive_path
         temp_archive_path = pathlib.Path(str(archive_path) + '.tmp')
@@ -122,12 +128,14 @@ def register_plugin(
 
     return success, msg
 
-@app.get(plugins_endpoint + '/{name}', tags=['Plugins'])
+
+@app.get(
+    plugins_endpoint + '/{name}',
+    tags=['Plugins'],
+)
 def get_plugin(
     name: str,
-    curr_user = (
-        fastapi.Depends(manager) if private else None
-    ),
+    curr_user = fastapi.Depends(ScopedAuth(['plugins:read'])) if private else None,
 ) -> Any:
     """
     Download a plugin's archive file.
@@ -141,9 +149,7 @@ def get_plugin(
 @app.get(plugins_endpoint + '/{name}/attributes', tags=['Plugins'])
 def get_plugin_attributes(
     name: str,
-    curr_user = (
-        fastapi.Depends(manager) if private else None
-    ),
+    curr_user = fastapi.Depends(ScopedAuth(['plugins:read'])) if private else None,
 ) -> Dict[str, Any]:
     """
     Get a plugin's attributes.
@@ -155,9 +161,7 @@ def get_plugin_attributes(
 def get_plugins(
     user_id: Optional[int] = None,
     search_term: Optional[str] = None,
-    curr_user = (
-        fastapi.Depends(manager) if private else None
-    ),
+    curr_user = fastapi.Depends(ScopedAuth(['plugins:read'])) if private else None,
 ) -> List[str]:
     """
     Get a list of plugins.
@@ -179,13 +183,15 @@ def get_plugins(
     ).get_plugins(user_id=user_id, search_term=search_term)
 
 
-@app.delete(plugins_endpoint + '/{name}', tags=['Plugins'])
+@app.delete(
+    plugins_endpoint + '/{name}',
+    tags=['Plugins'],
+    response_model=SuccessTupleResponseModel,
+)
 def delete_plugin(
     name: str,
-    curr_user = (
-        fastapi.Depends(manager) if private else None
-    ),
-) -> SuccessTuple:
+    curr_user = fastapi.Depends(manager),
+) -> SuccessTupleResponseModel:
     """
     Delete a plugin and its archive file from the repository.
     """
@@ -196,7 +202,11 @@ def delete_plugin(
         return False, f"Plugin '{plugin}' is not registered."
 
     if curr_user is not None:
-        curr_user_id = get_api_connector(PLUGINS_INSTANCE_KEYS).get_user_id(curr_user)
+        curr_user_id = (
+            get_api_connector(PLUGINS_INSTANCE_KEYS).get_user_id(curr_user)
+            if isinstance(curr_user, User)
+            else get_api_connector(PLUGINS_INSTANCE_KEYS).get_token_user_id(curr_user)
+        )
         if plugin_user_id != curr_user_id:
             return False, f"User '{curr_user.username}' cannot delete plugin '{plugin}'."
     else:

meerschaum/api/routes/_tokens.py

@@ -0,0 +1,236 @@
+#! /usr/bin/env python3
+# vim:fenc=utf-8
+
+"""
+Define the API token routes.
+"""
+
+import json
+import uuid
+
+import meerschaum as mrsm
+from meerschaum.core import Token
+from meerschaum.api import (
+    app,
+    fastapi,
+    debug,
+    no_auth,
+    manager,
+    get_api_connector,
+    endpoints,
+)
+from meerschaum.api.models import (
+    RegisterTokenResponseModel,
+    RegisterTokenRequestModel,
+    SuccessTupleResponseModel,
+    GetTokenResponseModel,
+    GetTokensResponseModel,
+)
+from meerschaum.api._tokens import get_current_token
+from meerschaum.utils.dtypes import json_serialize_value, value_is_null
+from meerschaum.utils.misc import is_uuid
+
+tokens_endpoint = endpoints['tokens']
+
+
+@app.get(
+    tokens_endpoint,
+    tags=['Tokens'],
+    response_model=GetTokensResponseModel,
+)
+def get_tokens(
+    labels: str = '',
+    curr_user=(fastapi.Depends(manager) if not no_auth else None),
+):
+    """
+    Return the tokens registered to the current user.
+    """
+    _labels = None if not labels else labels.split(',')
+    tokens = get_api_connector().get_tokens(user=curr_user, labels=_labels, debug=debug)
+    return [
+        {
+            key: (None if value_is_null(val) else val)
+            for key, val in dict(token.to_model()).items()
+            if key != 'secret_hash'
+        }
+        for token in tokens
+    ]
+
+
+@app.post(
+    tokens_endpoint + '/register',
+    tags=['Tokens'],
+    response_model=RegisterTokenResponseModel,
+)
+def register_token(
+    request_model: RegisterTokenRequestModel,
+    curr_user=(fastapi.Depends(manager) if not no_auth else None),
+) -> RegisterTokenResponseModel:
+    """
+    Register a new Token, returning its secret (unable to be retrieved later).
+    """
+    token = Token(
+        user=curr_user,
+        label=request_model.label,
+        expiration=request_model.expiration,
+        scopes=request_model.scopes,
+        instance=get_api_connector(),
+    )
+    token_id, token_secret = token.generate_credentials()
+    register_success, register_msg = token.register(debug=debug)
+    if not register_success:
+        raise fastapi.HTTPException(
+            status_code=409,
+            detail=f"Could not register new token:\n{register_msg}",
+        )
+    api_key = token.get_api_key()
+
+    return RegisterTokenResponseModel(
+        label=token.label,
+        secret=token_secret,
+        id=token_id,
+        api_key=api_key,
+        expiration=token.expiration,
+    )
+
+
+@app.post(
+    tokens_endpoint + '/validate',
+    tags=['Tokens'],
+    response_model=SuccessTupleResponseModel,
+)
+def validate_api_key(
+    curr_token=(fastapi.Depends(get_current_token) if not no_auth else None),
+) -> mrsm.SuccessTuple:
+    """
+    Return a 200 if the given Authorization token (API key) is valid.
+    """
+    return True, "Success"
+
+
+@app.get(
+    tokens_endpoint + '/{token_id}',
+    tags=['Tokens'],
+    response_model=GetTokenResponseModel,
+)
+def get_token_model(
+    token_id: str,
+    curr_user=(fastapi.Depends(manager) if not no_auth else None)
+):
+    """
+    Return the token model's fields.
+    """
+    if not is_uuid(token_id):
+        raise fastapi.HTTPException(
+            status_code=400,
+            detail="Invalid token ID.",
+        )
+    real_token_id = uuid.UUID(token_id)
+    conn = get_api_connector()
+    token_model = conn.get_token_model(real_token_id)
+    if token_model is None:
+        raise fastapi.HTTPException(
+            status_code=404,
+            detail="Token does not exist.",
+        )
+
+    curr_user_id = get_api_connector().get_user_id(curr_user, debug=debug) if curr_user is not None else None
+    if token_model.user_id and token_model.user_id != curr_user_id:
+        curr_user_type = get_api_connector().get_user_type(curr_user, debug=debug)
+        if curr_user_type != 'admin':
+            raise fastapi.HTTPException(
+                status_code=403,
+                detail="Cannot edit another user's token.",
+            )
+
+    payload = {
+        key: (None if value_is_null(val) else val)
+        for key, val in dict(token_model).items()
+        if key != 'secret_hash'
+    }
+    return fastapi.Response(
+        json.dumps(payload, default=json_serialize_value),
+        media_type='application/json',
+    )
+
+
+@app.post(
+    tokens_endpoint + '/{token_id}/edit',
+    tags=['Tokens'],
+    response_model=SuccessTupleResponseModel,
+)
+def edit_token(
+    token_id: str,
+    token_model: GetTokenResponseModel,
+    curr_user=(fastapi.Depends(manager) if not no_auth else None),
+) -> mrsm.SuccessTuple:
+    """
+    Edit the token's scope, expiration,, etc.
+    """
+    if not is_uuid(token_id):
+        raise fastapi.HTTPException(
+            status_code=400,
+            detail="Token ID must be a UUID.",
+        )
+
+    token = Token(
+        id=uuid.UUID(token_id),
+        user=curr_user,
+        is_valid=token_model.is_valid,
+        creation=token_model.creation,
+        expiration=token_model.expiration,
+        scopes=token_model.scopes,
+        label=token_model.label,
+        instance=get_api_connector(),
+    )
+    return token.edit(debug=debug)
+
+
+@app.post(
+    tokens_endpoint + '/{token_id}/invalidate',
+    tags=['Tokens'],
+    response_model=SuccessTupleResponseModel,
+)
+def invalidate_token(
+    token_id: str,
+    curr_user=(fastapi.Depends(manager) if not no_auth else None),
+) -> mrsm.SuccessTuple:
+    """
+    Invalidate the token, disabling it for future requests.
+    """
+    if not is_uuid(token_id):
+        raise fastapi.HTTPException(
+            status_code=400,
+            detail="Token ID must be a UUID.",
+        )
+
+    _token_id = uuid.UUID(token_id)
+    return get_api_connector().invalidate_token(
+        Token(id=_token_id, instance=get_api_connector()),
+        debug=debug,
+    )
+
+
+@app.delete(
+    tokens_endpoint + '/{token_id}',
+    tags=['Tokens'],
+    response_model=SuccessTupleResponseModel,
+)
+def delete_token(
+    token_id: str,
+    curr_user=(fastapi.Depends(manager) if not no_auth else None),
+) -> mrsm.SuccessTuple:
+    """
+    Delete the token from the instance.
+    """
+    if not is_uuid(token_id):
+        raise fastapi.HTTPException(
+            status_code=400,
+            detail="Token ID must be a UUID.",
+        )
+
+    _token_id = uuid.UUID(token_id)
+    return get_api_connector().delete_token(
+        Token(id=_token_id, instance=get_api_connector()),
+        debug=debug,
+    )

meerschaum/api/routes/_users.py

@@ -3,26 +3,34 @@
 # vim:fenc=utf-8
 
 """
-Routes for managing users
+Routes for managing users.
 """
 
 from __future__ import annotations
 
+from uuid import UUID
 from meerschaum.utils.typing import (
     Union, SuccessTuple, Any, Dict, List
 )
 
-from meerschaum.utils.packages import attempt_import
 from meerschaum.api import (
-    fastapi, app, endpoints, get_api_connector, manager,
-    debug, check_allow_chaining, DISALLOW_CHAINING_MESSAGE,
-    no_auth, private, default_instance_keys,
+    fastapi,
+    app,
+    endpoints,
+    get_api_connector,
+    manager,
+    debug,
+    check_allow_chaining,
+    DISALLOW_CHAINING_MESSAGE,
+    no_auth,
+    private,
+    default_instance_keys,
+    ScopedAuth,
 )
-from meerschaum.utils.misc import string_to_dict
+from meerschaum.utils.misc import string_to_dict, is_uuid
 from meerschaum.config import get_config
 from meerschaum.core import User
 
-sqlalchemy = attempt_import('sqlalchemy', lazy=False)
 users_endpoint = endpoints['users']
 
 import fastapi
@@ -34,23 +42,27 @@ USERS_INSTANCE_KEYS = default_instance_keys
 @app.get(users_endpoint + "/me", tags=['Users'])
 def read_current_user(
     curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
+        fastapi.Depends(ScopedAuth(['users:read'])) if not no_auth else None
     ),
 ) -> Dict[str, Union[str, int, None, Dict[str, Any]]]:
     """
     Get information about the currently logged-in user.
     """
+    user_id = (
+        get_api_connector(USERS_INSTANCE_KEYS).get_user_id(curr_user)
+        if curr_user is not None
+        else None
+    )
+    if is_uuid(str(user_id)):
+        user_id = str(user_id)
+
     return {
         'username': (
             curr_user.username
             if curr_user is not None
             else 'no_auth'
         ),
-        'user_id': (
-            get_api_connector(USERS_INSTANCE_KEYS).get_user_id(curr_user)
-            if curr_user is not None
-            else -1
-        ),
+        'user_id': user_id,
         'user_type': (
             get_api_connector(USERS_INSTANCE_KEYS).get_user_type(curr_user)
             if curr_user is not None
@@ -66,9 +78,7 @@ def read_current_user(
 
 @app.get(users_endpoint, tags=['Users'])
 def get_users(
-    curr_user = (
-        fastapi.Depends(manager) if private else None
-    ),
+    curr_user = (fastapi.Depends(ScopedAuth(['users:read'])) if private else None),
 ) -> List[str]:
     """
     Get a list of the registered users.
@@ -84,7 +94,7 @@ def register_user(
     type: str = Form(None),
     email: str = Form(None),
     curr_user = (
-        fastapi.Depends(manager) if private else None
+        fastapi.Depends(ScopedAuth(['users:register', 'users:write'])) if private else None
     ),
 ) -> SuccessTuple:
     """
@@ -114,7 +124,7 @@ def register_user(
             "Register a normal user first, then edit the user from an authorized account, "
             "or use a SQL connector instead."
         )
-    user = User(username, password, type=type, email=email, attributes=attributes)
+    user = User(username, password, type=type, email=email, attributes=attributes, instance=get_api_connector(USERS_INSTANCE_KEYS))
     return get_api_connector(USERS_INSTANCE_KEYS).register_user(user, debug=debug)
 
 
@@ -125,9 +135,7 @@ def edit_user(
     type: str = Form(None),
     email: str = Form(None),
     attributes: str = Form(None),
-    curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
-    ),
+    curr_user = fastapi.Depends(ScopedAuth(['users:write'])),
 ) -> SuccessTuple:
     """
     Edit an existing user.
@@ -138,47 +146,51 @@ def edit_user(
         except Exception:
             return False, "Invalid dictionary string received for attributes."
 
-    user = User(username, password, email=email, attributes=attributes)
+    user = User(username, password, email=email, attributes=attributes, instance=get_api_connector(USERS_INSTANCE_KEYS))
     user_type = get_api_connector(USERS_INSTANCE_KEYS).get_user_type(curr_user) if curr_user is not None else 'admin'
     if user_type == 'admin' and type is not None:
         user.type = type
     if user_type == 'admin' or curr_user.username == user.username:
         return get_api_connector(USERS_INSTANCE_KEYS).edit_user(user, debug=debug)
 
-    return False, f"Cannot edit user '{user}': Permission denied"
+    raise fastapi.HTTPException(
+        status=403,
+        detail="Permission denied.",
+    )
 
 
 @app.get(users_endpoint + "/{username}/id", tags=['Users'])
 def get_user_id(
     username: str,
-    curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
-    ),
-) -> Union[int, None]:
+    curr_user = fastapi.Depends(ScopedAuth(['users:read'])),
+) -> Union[int, str, None]:
     """
     Get a user's ID.
     """
-    return get_api_connector(USERS_INSTANCE_KEYS).get_user_id(User(username), debug=debug)
+    user_id = get_api_connector(USERS_INSTANCE_KEYS).get_user_id(User(username, instance=get_api_connector(USERS_INSTANCE_KEYS)), debug=debug)
+    if is_uuid(user_id):
+        return str(user_id)
+    return user_id
 
 
 @app.get(users_endpoint + "/{username}/attributes", tags=['Users'])
 def get_user_attributes(
     username: str,
     curr_user = (
-        fastapi.Depends(manager) if private else None
+        fastapi.Depends(ScopedAuth(['users:read'])) if private else None
     ),
 ) -> Union[Dict[str, Any], None]:
     """
     Get a user's attributes.
     """
-    return get_api_connector(USERS_INSTANCE_KEYS).get_user_attributes(User(username), debug=debug)
+    return User(username, instance=get_api_connector(USERS_INSTANCE_KEYS)).get_attributes(refresh=True, debug=debug)
 
 
 @app.delete(users_endpoint + "/{username}", tags=['Users'])
 def delete_user(
     username: str,
     curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
+        fastapi.Depends(ScopedAuth(['users:delete'])) if not no_auth else None
     ),
 ) -> SuccessTuple:
     """
@@ -203,7 +215,7 @@ def delete_user(
 def get_user_password_hash(
     username: str,
     curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
+        fastapi.Depends(ScopedAuth(['users:read', 'instance:chain']))
     ),
 ) -> str:
     """
@@ -211,14 +223,14 @@ def get_user_password_hash(
     """
     if not check_allow_chaining():
         raise HTTPException(status_code=403, detail=DISALLOW_CHAINING_MESSAGE)
-    return get_api_connector(USERS_INSTANCE_KEYS).get_user_password_hash(User(username), debug=debug)
+    return get_api_connector(USERS_INSTANCE_KEYS).get_user_password_hash(User(username, instance=get_api_connector(USERS_INSTANCE_KEYS)), debug=debug)
 
 
 @app.get(users_endpoint + '/{username}/type', tags=['Users'])
 def get_user_type(
     username: str,
     curr_user = (
-        fastapi.Depends(manager) if not no_auth else None
+        fastapi.Depends(ScopedAuth(['users:read', 'instance:chain']))
     ),
 ) -> str:
     """
@@ -226,4 +238,4 @@ def get_user_type(
     """
     if not check_allow_chaining():
         raise HTTPException(status_code=403, detail=DISALLOW_CHAINING_MESSAGE)
-    return get_api_connector(USERS_INSTANCE_KEYS).get_user_type(User(username))
+    return get_api_connector(USERS_INSTANCE_KEYS).get_user_type(User(username, instance=get_api_connector(USERS_INSTANCE_KEYS)))

meerschaum/api/routes/_version.py

@@ -7,12 +7,12 @@ Return version information
 """
 
 import fastapi
-from meerschaum.api import app, endpoints, private, manager
+from meerschaum.api import app, endpoints, private, ScopedAuth
 
 @app.get(endpoints['version'], tags=['Version'])
 def get_api_version(
     curr_user = (
-        fastapi.Depends(manager) if private else None
+        fastapi.Depends(ScopedAuth(['instance:read'])) if private else None
     ),
 ):
     """
@@ -24,7 +24,7 @@ def get_api_version(
 @app.get(endpoints['version'] + "/mrsm", tags=['Version'])
 def get_meerschaum_version(
     curr_user = (
-        fastapi.Depends(manager) if private else None
+        fastapi.Depends(ScopedAuth(['instance:read'])) if private else None
     ),
 ):
     """

meerschaum/api/routes/_webterm.py

@@ -8,7 +8,7 @@ Routes to the Webterm proxy.
 
 import asyncio
 from meerschaum.utils.typing import Optional
-from meerschaum.api import app, endpoints
+from meerschaum.api import app, endpoints, webterm_port
 from meerschaum.utils.packages import attempt_import
 from meerschaum.api.dash.sessions import is_session_authenticated, get_username_from_session
 fastapi, fastapi_responses = attempt_import('fastapi', 'fastapi.responses')
@@ -71,7 +71,7 @@ async def get_webterm(
 
     username = get_username_from_session(session_id)
     async with httpx.AsyncClient() as client:
-        webterm_url = f"http://localhost:8765/webterm/{username or session_id}"
+        webterm_url = f"http://localhost:{webterm_port}/webterm/{username or session_id}"
         response = await client.get(webterm_url)
         text = response.text
         if request.url.scheme == 'https':
@@ -100,7 +100,7 @@ async def webterm_websocket(websocket: WebSocket, session_id: str):
 
     username = get_username_from_session(session_id)
 
-    ws_url = f"ws://localhost:8765/websocket/{username or session_id}"
+    ws_url = f"ws://localhost:{webterm_port}/websocket/{username or session_id}"
     async with websockets.connect(ws_url) as ws:
         async def forward_messages():
             try: