paskia 0.8.1__py3-none-any.whl → 0.9.0__py3-none-any.whl

paskia/fastapi/admin.py

@@ -1,14 +1,20 @@
 import logging
 from datetime import timezone
-from uuid import UUID, uuid4
+from uuid import UUID
 
-from fastapi import Body, FastAPI, HTTPException, Request, Response
+from fastapi import Body, FastAPI, HTTPException, Query, Request, Response
 from fastapi.responses import JSONResponse
 
+from paskia import aaguid as aaguid_mod
 from paskia import db
 from paskia.authsession import EXPIRES, reset_expires
+from paskia.db import Org as OrgDC
+from paskia.db import Permission as PermDC
+from paskia.db import Role as RoleDC
+from paskia.db import User as UserDC
 from paskia.fastapi import authz
 from paskia.fastapi.session import AUTH_COOKIE
+from paskia.globals import passkey
 from paskia.util import (
     hostutil,
     passphrase,
@@ -17,8 +23,9 @@ from paskia.util import (
     useragent,
     vitedev,
 )
+from paskia.util.hostutil import normalize_host
 
-app = FastAPI()
+app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None)
 
 
 def is_global_admin(ctx) -> bool:
@@ -91,7 +98,7 @@ async def admin_list_orgs(request: Request, auth=AUTH_COOKIE):
         match=permutil.has_any,
         host=request.headers.get("host"),
     )
-    orgs = db.list_organizations()
+    orgs = list(db.data().orgs.values())
     if not is_global_admin(ctx):
         # Org admins can only see their own organization
         orgs = [o for o in orgs if o.uuid == ctx.org.uuid]
@@ -99,18 +106,22 @@ async def admin_list_orgs(request: Request, auth=AUTH_COOKIE):
     def role_to_dict(r):
         return {
             "uuid": str(r.uuid),
-            "org_uuid": str(r.org_uuid),
+            "org": str(r.org),
             "display_name": r.display_name,
-            "permissions": r.permissions,
+            "permissions": list(r.permissions.keys()),
         }
 
     async def org_to_dict(o):
-        users = db.get_organization_users(str(o.uuid))
+        users = db.get_organization_users(o.uuid)
         return {
             "uuid": str(o.uuid),
             "display_name": o.display_name,
-            "permissions": o.permissions,
-            "roles": [role_to_dict(r) for r in o.roles],
+            "permissions": {
+                pid for pid, p in db.data().permissions.items() if o.uuid in p.orgs
+            },
+            "roles": [
+                role_to_dict(r) for r in db.data().roles.values() if r.org == o.uuid
+            ],
             "users": [
                 {
                     "uuid": str(u.uuid),
@@ -133,15 +144,16 @@ async def admin_create_org(
     ctx = await authz.verify(
         auth, ["auth:admin"], host=request.headers.get("host"), match=permutil.has_all
     )
-    from ..db import Org as OrgDC  # local import to avoid cycles
 
-    org_uuid = uuid4()
     display_name = payload.get("display_name") or "New Organization"
     permissions = payload.get("permissions") or []
-    org = OrgDC(uuid=org_uuid, display_name=display_name, permissions=permissions)
-    db.create_organization(org, ctx=ctx)
+    org = OrgDC.create(display_name=display_name)
+    db.create_org(org, ctx=ctx)
+    # Grant requested permissions to the new org
+    for perm in permissions:
+        db.add_permission_to_org(str(org.uuid), perm)
 
-    return {"uuid": str(org_uuid)}
+    return {"uuid": str(org.uuid)}
 
 
 @app.patch("/orgs/{org_uuid}")
@@ -166,7 +178,7 @@ async def admin_update_org_name(
     if not display_name:
         raise ValueError("display_name is required")
 
-    db.update_organization_name(org_uuid, display_name, ctx=ctx)
+    db.update_org_name(org_uuid, display_name, ctx=ctx)
     return {"status": "ok"}
 
 
@@ -188,7 +200,7 @@ async def admin_delete_org(org_uuid: UUID, request: Request, auth=AUTH_COOKIE):
 
     # Delete organization-specific permissions
     org_perm_pattern = f"org:{str(org_uuid).lower()}"
-    all_permissions = db.list_permissions()
+    all_permissions = list(db.data().permissions.values())
     for perm in all_permissions:
         perm_scope_lower = perm.scope.lower()
         # Check if permission contains "org:{uuid}" separated by colons or at boundaries
@@ -198,39 +210,43 @@ async def admin_delete_org(org_uuid: UUID, request: Request, auth=AUTH_COOKIE):
             or perm_scope_lower.endswith(f":{org_perm_pattern}")
             or perm_scope_lower == org_perm_pattern
         ):
-            db.delete_permission(str(perm.uuid), ctx=ctx)
+            db.delete_permission(perm.uuid, ctx=ctx)
 
-    db.delete_organization(org_uuid, ctx=ctx)
+    db.delete_org(org_uuid, ctx=ctx)
     return {"status": "ok"}
 
 
 @app.post("/orgs/{org_uuid}/permission")
 async def admin_add_org_permission(
     org_uuid: UUID,
-    permission_id: str,
     request: Request,
+    permission_uuid: UUID = Query(...),
     auth=AUTH_COOKIE,
 ):
     ctx = await authz.verify(
         auth, ["auth:admin"], host=request.headers.get("host"), match=permutil.has_all
     )
-    db.add_permission_to_organization(str(org_uuid), permission_id, ctx=ctx)
+
+    db.add_permission_to_org(org_uuid, permission_uuid, ctx=ctx)
     return {"status": "ok"}
 
 
 @app.delete("/orgs/{org_uuid}/permission")
 async def admin_remove_org_permission(
     org_uuid: UUID,
-    permission_id: str,
     request: Request,
+    permission_uuid: UUID = Query(...),
     auth=AUTH_COOKIE,
 ):
     ctx = await authz.verify(
         auth, ["auth:admin"], host=request.headers.get("host"), match=permutil.has_all
     )
 
+    db.remove_permission_from_org(org_uuid, permission_uuid, ctx=ctx)
+
     # Guard rail: prevent removing auth:admin from your own org if it would lock you out
-    if permission_id == "auth:admin" and ctx.org.uuid == org_uuid:
+    perm = db.data().permissions.get(permission_uuid)
+    if perm and perm.scope == "auth:admin" and ctx.org.uuid == org_uuid:
         # Check if any other org grants auth:admin that we're a member of
         # (we only know our current org, so this effectively means we can't remove it from our own org)
         raise ValueError(
@@ -238,7 +254,7 @@ async def admin_remove_org_permission(
             "This would lock you out of admin access."
         )
 
-    db.remove_permission_from_organization(str(org_uuid), permission_id, ctx=ctx)
+    db.remove_permission_from_org(org_uuid, permission_uuid, ctx=ctx)
     return {"status": "ok"}
 
 
@@ -262,33 +278,30 @@ async def admin_create_role(
         raise authz.AuthException(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
-    from ..db import Role as RoleDC
 
-    role_uuid = uuid4()
     display_name = payload.get("display_name") or "New Role"
     perms = payload.get("permissions") or []
-    org = db.get_organization(str(org_uuid))
-    grantable = set(org.permissions or [])
+    if org_uuid not in db.data().orgs:
+        raise HTTPException(status_code=404, detail="Organization not found")
+    grantable = {pid for pid, p in db.data().permissions.items() if org_uuid in p.orgs}
 
     # Normalize permission IDs to UUIDs
-    permission_uuids = []
+    permission_uuids: set[UUID] = set()
     for pid in perms:
-        perm = db.get_permission(pid)
+        perm = db.data().permissions.get(UUID(pid))
         if not perm:
             raise ValueError(f"Permission {pid} not found")
-        perm_uuid_str = str(perm.uuid)
-        if perm_uuid_str not in grantable:
+        if perm.uuid not in grantable:
             raise ValueError(f"Permission not grantable by org: {pid}")
-        permission_uuids.append(perm_uuid_str)
+        permission_uuids.add(perm.uuid)
 
-    role = RoleDC(
-        uuid=role_uuid,
-        org_uuid=org_uuid,
+    role = RoleDC.create(
+        org=org_uuid,
         display_name=display_name,
         permissions=permission_uuids,
     )
     db.create_role(role, ctx=ctx)
-    return {"uuid": str(role_uuid)}
+    return {"uuid": str(role.uuid)}
 
 
 @app.patch("/orgs/{org_uuid}/roles/{role_uuid}")
@@ -310,8 +323,8 @@ async def admin_update_role_name(
         raise authz.AuthException(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
-    role = db.get_role(role_uuid)
-    if role.org_uuid != org_uuid:
+    role = db.data().roles.get(role_uuid)
+    if not role or role.org != org_uuid:
         raise HTTPException(status_code=404, detail="Role not found in organization")
 
     display_name = payload.get("display_name")
@@ -342,16 +355,15 @@ async def admin_add_role_permission(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
 
-    role = db.get_role(role_uuid)
-    if role.org_uuid != org_uuid:
+    role = db.data().roles.get(role_uuid)
+    if not role or role.org != org_uuid:
         raise HTTPException(status_code=404, detail="Role not found in organization")
 
     # Verify permission exists and org can grant it
-    perm = db.get_permission(permission_uuid)
+    perm = db.data().permissions.get(permission_uuid)
     if not perm:
         raise HTTPException(status_code=404, detail="Permission not found")
-    org = db.get_organization(str(org_uuid))
-    if str(permission_uuid) not in org.permissions:
+    if org_uuid not in perm.orgs:
         raise ValueError("Permission not grantable by organization")
 
     db.add_permission_to_role(role_uuid, permission_uuid, ctx=ctx)
@@ -378,21 +390,19 @@ async def admin_remove_role_permission(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
 
-    role = db.get_role(role_uuid)
-    if role.org_uuid != org_uuid:
+    role = db.data().roles.get(role_uuid)
+    if not role or role.org != org_uuid:
         raise HTTPException(status_code=404, detail="Role not found in organization")
 
     # Sanity check: prevent admin from removing their own access
-    # Find auth:admin and auth:org:admin permission UUIDs
-    perm_uuid_str = str(permission_uuid)
-    perm = db.get_permission(permission_uuid)
+    perm = db.data().permissions.get(permission_uuid)
     if ctx.org.uuid == org_uuid and ctx.role.uuid == role_uuid:
         if perm and perm.scope in ["auth:admin", "auth:org:admin"]:
             # Check if removing this permission would leave no admin access
-            remaining_perms = set(role.permissions) - {perm_uuid_str}
+            remaining_perms = role.permission_set - {permission_uuid}
             has_admin = False
             for rp_uuid in remaining_perms:
-                rp = db.get_permission(rp_uuid)
+                rp = db.data().permissions.get(rp_uuid)
                 if rp and rp.scope in ["auth:admin", "auth:org:admin"]:
                     has_admin = True
                     break
@@ -421,8 +431,8 @@ async def admin_delete_role(
         raise authz.AuthException(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
-    role = db.get_role(role_uuid)
-    if role.org_uuid != org_uuid:
+    role = db.data().roles.get(role_uuid)
+    if not role or role.org != org_uuid:
         raise HTTPException(status_code=404, detail="Role not found in organization")
 
     # Sanity check: prevent admin from deleting their own role
@@ -457,22 +467,17 @@ async def admin_create_user(
     role_name = payload.get("role")
     if not display_name or not role_name:
         raise ValueError("display_name and role are required")
-    from ..db import User as UserDC
 
-    roles = db.get_roles_by_organization(str(org_uuid))
+    roles = [r for r in db.data().roles.values() if r.org == org_uuid]
     role_obj = next((r for r in roles if r.display_name == role_name), None)
     if not role_obj:
         raise ValueError("Role not found in organization")
-    user_uuid = uuid4()
-    user = UserDC(
-        uuid=user_uuid,
+    user = UserDC.create(
         display_name=display_name,
-        role_uuid=role_obj.uuid,
-        visits=0,
-        created_at=None,
+        role=role_obj.uuid,
     )
     db.create_user(user, ctx=ctx)
-    return {"uuid": str(user_uuid)}
+    return {"uuid": str(user.uuid)}
 
 
 @app.patch("/orgs/{org_uuid}/users/{user_uuid}/role")
@@ -502,7 +507,7 @@ async def admin_update_user_role(
         raise ValueError("User not found")
     if user_org.uuid != org_uuid:
         raise ValueError("User does not belong to this organization")
-    roles = db.get_roles_by_organization(str(org_uuid))
+    roles = [r for r in db.data().roles.values() if r.org == org_uuid]
     if not any(r.display_name == new_role for r in roles):
         raise ValueError("Role not found in organization")
 
@@ -513,7 +518,7 @@ async def admin_update_user_role(
             # Check if any permission in the new role is an admin permission
             has_admin_access = False
             for perm_uuid in new_role_obj.permissions:
-                perm = db.get_permission(perm_uuid)
+                perm = db.data().permissions.get(perm_uuid)
                 if perm and perm.scope in ["auth:admin", "auth:org:admin"]:
                     has_admin_access = True
                     break
@@ -552,8 +557,8 @@ async def admin_create_user_registration_link(
         )
 
     # Check if user has existing credentials
-    credentials = db.get_credentials_by_user_uuid(user_uuid)
-    token_type = "user registration" if not credentials else "account recovery"
+    has_credentials = db.get_user_credential_ids(user_uuid)
+    token_type = "user registration" if not has_credentials else "account recovery"
 
     token = passphrase.generate()
     expiry = reset_expires()
@@ -598,8 +603,8 @@ async def admin_get_user_detail(
         raise authz.AuthException(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
-    user = db.get_user_by_uuid(user_uuid)
-    user_creds = db.get_credentials_by_user_uuid(user_uuid)
+    user = db.data().users.get(user_uuid)
+    user_creds = [c for c in db.data().credentials.values() if c.user == user_uuid]
     creds: list[dict] = []
     aaguids: set[str] = set()
     for c in user_creds:
@@ -607,7 +612,7 @@ async def admin_get_user_detail(
         aaguids.add(aaguid_str)
         creds.append(
             {
-                "credential_uuid": str(c.uuid),
+                "credential": str(c.uuid),
                 "aaguid": aaguid_str,
                 "created_at": (
                     c.created_at.astimezone(timezone.utc)
@@ -649,13 +654,12 @@ async def admin_get_user_detail(
                 "sign_count": c.sign_count,
             }
         )
-    from .. import aaguid as aaguid_mod
 
     aaguid_info = aaguid_mod.filter(aaguids)
 
     # Get sessions for the user
     normalized_request_host = hostutil.normalize_host(request.headers.get("host"))
-    session_records = db.list_sessions_for_user(user_uuid)
+    session_records = [s for s in db.data().sessions.values() if s.user == user_uuid]
     current_session_key = auth
     sessions_payload: list[dict] = []
     for entry in session_records:
@@ -663,7 +667,7 @@ async def admin_get_user_detail(
         sessions_payload.append(
             {
                 "id": entry.key,
-                "credential_uuid": str(entry.credential_uuid),
+                "credential": str(entry.credential),
                 "host": entry.host,
                 "ip": entry.ip,
                 "user_agent": useragent.compact_user_agent(entry.user_agent),
@@ -803,8 +807,8 @@ async def admin_delete_user_session(
             status_code=403, detail="Insufficient permissions", mode="forbidden"
         )
 
-    target_session = db.get_session(session_id)
-    if not target_session or target_session.user_uuid != user_uuid:
+    target_session = db.data().sessions.get(session_id)
+    if not target_session or target_session.user != user_uuid:
         raise HTTPException(status_code=404, detail="Session not found")
 
     db.delete_session(session_id, ctx=ctx)
@@ -829,7 +833,6 @@ def _validate_permission_domain(domain: str | None) -> None:
     """Validate that domain is rp_id or a subdomain of it."""
     if domain is None:
         return
-    from paskia.globals import passkey
 
     rp_id = passkey.instance.rp_id
     if domain == rp_id or domain.endswith(f".{rp_id}"):
@@ -845,13 +848,12 @@ def _check_admin_lockout(
     Raises ValueError if this change would result in no auth:admin permissions
     being accessible from the current host.
     """
-    from paskia.util.hostutil import normalize_host
 
     normalized_host = normalize_host(current_host)
     host_without_port = normalized_host.rsplit(":", 1)[0] if normalized_host else None
 
     # Get all auth:admin permissions
-    all_perms = db.list_permissions()
+    all_perms = list(db.data().permissions.values())
     admin_perms = [p for p in all_perms if p.scope == "auth:admin"]
 
     # Check if at least one auth:admin would remain accessible
@@ -880,13 +882,12 @@ def _check_admin_lockout_on_delete(perm_uuid: str, current_host: str | None) ->
     Raises ValueError if this deletion would result in no auth:admin permissions
     being accessible from the current host.
     """
-    from paskia.util.hostutil import normalize_host
 
     normalized_host = normalize_host(current_host)
     host_without_port = normalized_host.rsplit(":", 1)[0] if normalized_host else None
 
     # Get all auth:admin permissions
-    all_perms = db.list_permissions()
+    all_perms = list(db.data().permissions.values())
     admin_perms = [p for p in all_perms if p.scope == "auth:admin"]
 
     # Check if at least one auth:admin would remain accessible after deletion
@@ -918,15 +919,17 @@ async def admin_list_permissions(request: Request, auth=AUTH_COOKIE):
         match=permutil.has_any,
         host=request.headers.get("host"),
     )
-    perms = db.list_permissions()
+    perms = list(db.data().permissions.values())
 
     # Global admins see all permissions
     if is_global_admin(ctx):
         return [_perm_to_dict(p) for p in perms]
 
     # Org admins only see permissions their org can grant (by UUID)
-    grantable = set(ctx.org.permissions or [])
-    filtered_perms = [p for p in perms if str(p.uuid) in grantable]
+    grantable = {
+        pid for pid, p in db.data().permissions.items() if ctx.org.uuid in p.orgs
+    }
+    filtered_perms = [p for p in perms if p.uuid in grantable]
     return [_perm_to_dict(p) for p in filtered_perms]
 
 
@@ -943,9 +946,6 @@ async def admin_create_permission(
         match=permutil.has_all,
         max_age="5m",
     )
-    import uuid7
-
-    from ..db import Permission as PermDC
 
     scope = payload.get("scope") or payload.get(
         "id"
@@ -957,9 +957,7 @@ async def admin_create_permission(
     querysafe.assert_safe(scope, field="scope")
     _validate_permission_domain(domain)
     db.create_permission(
-        PermDC(
-            uuid=uuid7.create(), scope=scope, display_name=display_name, domain=domain
-        ),
+        PermDC.create(scope=scope, display_name=display_name, domain=domain),
         ctx=ctx,
     )
     return {"status": "ok"}
@@ -969,29 +967,27 @@ async def admin_create_permission(
 async def admin_update_permission(
     request: Request,
     auth=AUTH_COOKIE,
-    permission_uuid: str | None = None,
-    permission_id: str | None = None,  # Backwards compat - treated as scope
-    display_name: str | None = None,
-    scope: str | None = None,
-    domain: str | None = None,
+    permission_uuid: UUID = Query(...),
+    display_name: str | None = Query(None),
+    scope: str | None = Query(None),
+    domain: str | None = Query(None),
 ):
     ctx = await authz.verify(
         auth, ["auth:admin"], host=request.headers.get("host"), match=permutil.has_all
     )
 
-    # permission_uuid or permission_id (scope) to identify the permission
-    perm_identifier = permission_uuid or permission_id
-    if not perm_identifier:
-        raise ValueError("permission_uuid or permission_id required")
-
     # Get existing permission
-    perm = db.get_permission(perm_identifier)
+    perm = db.data().permissions.get(permission_uuid)
 
     # Update fields that were provided
     new_scope = scope if scope is not None else perm.scope
     new_display_name = display_name if display_name is not None else perm.display_name
     domain_value = domain if domain else None
 
+    # Sanity check: prevent changing the auth:admin permission scope
+    if perm.scope == "auth:admin" and new_scope != "auth:admin":
+        raise ValueError("Cannot rename the master admin permission")
+
     if not new_display_name:
         raise ValueError("display_name is required")
     querysafe.assert_safe(new_scope, field="scope")
@@ -1001,71 +997,21 @@ async def admin_update_permission(
     if perm.scope == "auth:admin" or new_scope == "auth:admin":
         _check_admin_lockout(str(perm.uuid), domain_value, request.headers.get("host"))
 
-    from ..db import Permission as PermDC
-
     db.update_permission(
-        PermDC(
-            uuid=perm.uuid,
-            scope=new_scope,
-            display_name=new_display_name,
-            domain=domain_value,
-        ),
+        uuid=perm.uuid,
+        scope=new_scope,
+        display_name=new_display_name,
+        domain=domain_value,
         ctx=ctx,
     )
     return {"status": "ok"}
 
 
-@app.post("/permission/rename")
-async def admin_rename_permission(
-    request: Request,
-    payload: dict = Body(...),
-    auth=AUTH_COOKIE,
-):
-    ctx = await authz.verify(
-        auth, ["auth:admin"], host=request.headers.get("host"), match=permutil.has_all
-    )
-    old_scope = payload.get("old_scope") or payload.get("old_id")  # Support both
-    new_scope = payload.get("new_scope") or payload.get("new_id")  # Support both
-    display_name = payload.get("display_name")
-    domain = payload.get(
-        "domain"
-    )  # Can be None (not provided), empty string (clear), or value
-    if not old_scope or not new_scope:
-        raise ValueError("old_scope and new_scope required")
-
-    # Sanity check: prevent renaming critical permissions
-    if old_scope == "auth:admin":
-        raise ValueError("Cannot rename the master admin permission")
-
-    querysafe.assert_safe(old_scope, field="old_scope")
-    querysafe.assert_safe(new_scope, field="new_scope")
-
-    # Get existing permission to preserve values not being changed
-    perm = db.get_permission(old_scope)
-    if display_name is None:
-        display_name = perm.display_name
-    # domain=None means "not provided, keep existing", domain="" means "clear it"
-    if domain is None:
-        domain_value = perm.domain
-    else:
-        domain_value = domain if domain else None
-    _validate_permission_domain(domain_value)
-
-    # Safety check: prevent admin lockout when setting domain on auth:admin
-    if perm.scope == "auth:admin" or new_scope == "auth:admin":
-        _check_admin_lockout(str(perm.uuid), domain_value, request.headers.get("host"))
-
-    # All current backends support rename_permission
-    db.rename_permission(old_scope, new_scope, display_name, domain_value, ctx=ctx)
-    return {"status": "ok"}
-
-
 @app.delete("/permission")
 async def admin_delete_permission(
     request: Request,
+    permission_uuid: UUID = Query(...),
     auth=AUTH_COOKIE,
-    permission_uuid: str | None = None,
-    permission_id: str | None = None,  # Backwards compat - treated as scope
 ):
     ctx = await authz.verify(
         auth,
@@ -1075,17 +1021,12 @@ async def admin_delete_permission(
         max_age="5m",
     )
 
-    perm_identifier = permission_uuid or permission_id
-    if not perm_identifier:
-        raise ValueError("permission_uuid or permission_id required")
-    querysafe.assert_safe(perm_identifier, field="permission_id")
-
     # Get the permission to check its scope
-    perm = db.get_permission(perm_identifier)
+    perm = db.data().permissions.get(permission_uuid)
 
     # Sanity check: prevent deleting critical permissions if it would lock out admin
     if perm.scope == "auth:admin":
         _check_admin_lockout_on_delete(str(perm.uuid), request.headers.get("host"))
 
-    db.delete_permission(str(perm.uuid), ctx=ctx)
+    db.delete_permission(permission_uuid, ctx=ctx)
     return {"status": "ok"}