squirrels 0.4.1__py3-none-any.whl → 0.5.0__py3-none-any.whl

squirrels/_api_routes/auth.py

@@ -0,0 +1,271 @@
+"""
+Authentication and user management routes
+"""
+from typing import Annotated, Literal
+from fastapi import FastAPI, Depends, Request, Response, status, Form, APIRouter
+from fastapi.responses import RedirectResponse
+from fastapi.security import HTTPBearer
+from pydantic import BaseModel, Field
+from authlib.integrations.starlette_client import OAuth
+
+from .._schemas import response_models as rm
+from .._exceptions import InvalidInputError
+from .._schemas.auth_models import AbstractUser, RegisteredUser, GuestUser
+from .base import RouteBase
+
+
+class AuthRoutes(RouteBase):
+    """Authentication and user management routes"""
+    
+    def __init__(self, get_bearer_token: HTTPBearer, project, no_cache: bool = False):
+        super().__init__(get_bearer_token, project, no_cache)
+        
+    def setup_routes(self, app: FastAPI, squirrels_version_path: str) -> None:
+        """Setup all authentication routes"""
+
+        auth_path = squirrels_version_path + "/auth"
+        auth_router = APIRouter(prefix=auth_path)
+        user_management_router = APIRouter(prefix=auth_path + "/user-management")
+        
+        # Get expiry configuration
+        expiry_mins = self._get_access_token_expiry_minutes()
+        
+        # Create user models
+        class UpdateUserModel(self.authenticator.CustomUserFields):
+            access_level: Literal["admin", "member"]
+
+        class UserInfoModel(UpdateUserModel):
+            username: str
+
+        class AddUserModel(UserInfoModel):
+            password: str
+        
+        # Setup OAuth2 login providers
+        oauth = OAuth()
+
+        for provider in self.authenticator.auth_providers:
+            oauth.register(
+                name=provider.name,
+                server_metadata_url=provider.provider_configs.server_metadata_url,
+                client_id=provider.provider_configs.client_id,
+                client_secret=provider.provider_configs.client_secret,
+                client_kwargs=provider.provider_configs.client_kwargs
+            )
+
+        # User info endpoint
+        @auth_router.get("/userinfo", description="Get the authenticated user's fields", tags=["Authentication"])
+        async def get_userinfo(user: RegisteredUser | GuestUser = Depends(self.get_current_user)) -> UserInfoModel:
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token, no user info found")
+            custom_fields = user.custom_fields.model_dump(mode='json')
+            return UserInfoModel(username=user.username, access_level=user.access_level, **custom_fields)
+
+        # Login helper
+        def login_helper(
+            request: Request, user: RegisteredUser, redirect_url: str | None, *, 
+            redirect_status_code: int = status.HTTP_307_TEMPORARY_REDIRECT
+        ):
+            access_token, expiry = self.authenticator.create_access_token(user, expiry_minutes=expiry_mins)
+            request.session["access_token"] = access_token
+            request.session["access_token_expiry"] = expiry.timestamp()
+            return RedirectResponse(url=redirect_url, status_code=redirect_status_code) if redirect_url else user
+
+        # Login endpoints
+        @auth_router.post("/login", tags=["Authentication"], description="Authenticate with username and password. Returns user information if no redirect_url is provided, otherwise redirects to the specified URL.", responses={
+            200: {"model": UserInfoModel, "description": "Login successful, returns user information"},
+            302: {"description": "Redirect if redirect URL parameter is specified"},
+        })
+        async def login(request: Request, username: Annotated[str, Form()], password: Annotated[str, Form()], redirect_url: str | None = None):
+            if self.manifest_cfg.authentication.type.value == "external":
+                raise InvalidInputError(403, "forbidden_login", "Username/password login is disabled when authentication.type is 'external'")
+            user = self.authenticator.get_user(username, password)
+            return login_helper(request, user, redirect_url, redirect_status_code=status.HTTP_302_FOUND)
+        
+        @auth_router.get("/login", tags=["Authentication"], description="Authenticate with an existing API key or session token. Returns user information if no redirect_url is provided, otherwise redirects to the specified URL.", responses={
+            200: {"model": UserInfoModel, "description": "Login successful, returns user information"},
+            307: {"description": "Redirect if redirect URL parameter is specified"},
+        })
+        async def login_with_api_key(
+            request: Request, redirect_url: str | None = None, user: RegisteredUser | GuestUser = Depends(self.get_current_user)
+        ):
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token, no user info found")
+            return login_helper(request, user, redirect_url)
+        
+        # Provider authentication endpoints
+        providers_path = '/providers'
+        provider_login_path = '/providers/{provider_name}/login'
+        provider_callback_path = '/providers/{provider_name}/callback'
+
+        @auth_router.get(providers_path, tags=["Authentication"])
+        async def get_providers(request: Request) -> list[rm.ProviderResponse]:
+            """Get list of available authentication providers"""
+            return [
+                rm.ProviderResponse(
+                    name=provider.name,
+                    label=provider.label,
+                    icon=provider.icon,
+                    login_url=str(request.url_for('provider_login', provider_name=provider.name))
+                )
+                for provider in self.authenticator.auth_providers
+            ]
+
+        @auth_router.get(provider_login_path, tags=["Authentication"])
+        async def provider_login(request: Request, provider_name: str, redirect_url: str | None = None) -> RedirectResponse:
+            """Redirect to the login URL for the OAuth provider"""
+            client = oauth.create_client(provider_name)
+            if client is None:
+                raise InvalidInputError(status_code=404, error="provider_not_found", error_description=f"Provider {provider_name} not found or configured.")
+
+            callback_uri = str(request.url_for('provider_callback', provider_name=provider_name))
+            request.session["redirect_url"] = redirect_url
+
+            return await client.authorize_redirect(request, callback_uri)
+
+        @auth_router.get(provider_callback_path, tags=["Authentication"], responses={
+            200: {"model": UserInfoModel, "description": "Login successful, returns user information"},
+            302: {"description": "Redirect if redirect_url is in session"},
+        })
+        async def provider_callback(request: Request, provider_name: str):
+            """Handle OAuth callback from provider"""
+            client = oauth.create_client(provider_name)
+            if client is None:
+                raise InvalidInputError(status_code=404, error="provider_not_found", error_description=f"Provider {provider_name} not found or configured.")
+
+            try:
+                token = await client.authorize_access_token(request)
+            except Exception as e:
+                raise InvalidInputError(status_code=400, error="provider_authorization_failed", error_description=f"Could not authorize with provider for access token: {str(e)}")
+            
+            user_info: dict = {}
+            if token:
+                if 'userinfo' in token:
+                    user_info = token['userinfo']
+                elif 'id_token' in token and isinstance(token['id_token'], dict) and 'sub' in token['id_token']:
+                    user_info = token['id_token']
+                else:
+                    raise InvalidInputError(status_code=400, error="invalid_provider_user_info", error_description=f"User information not found in token for {provider_name}")
+
+            user = self.authenticator.create_or_get_user_from_provider(provider_name, user_info)
+            access_token, expiry = self.authenticator.create_access_token(user, expiry_minutes=expiry_mins)
+            request.session["access_token"] = access_token
+            request.session["access_token_expiry"] = expiry.timestamp()
+
+            redirect_url = request.session.pop("redirect_url", None)
+            return RedirectResponse(url=redirect_url) if redirect_url else user
+
+        # Logout endpoint
+        logout_path = '/logout'
+        
+        @auth_router.get(logout_path, tags=["Authentication"], responses={
+            200: {"description": "Logout successful"},
+            302: {"description": "Redirect if redirect URL parameter is specified"},
+        })
+        async def logout(request: Request, redirect_url: str | None = None):
+            """Logout the current user, and redirect to the specified URL if provided"""
+            request.session.pop("access_token", None)
+            request.session.pop("access_token_expiry", None)
+            if redirect_url:
+                return RedirectResponse(url=redirect_url)
+        
+        # Change password endpoint
+        change_password_path = '/password'
+
+        class ChangePasswordRequest(BaseModel):
+            old_password: str
+            new_password: str
+
+        @auth_router.put(change_password_path, description="Change the password for the current user", tags=["Authentication"])
+        async def change_password(request: ChangePasswordRequest, user: RegisteredUser | GuestUser = Depends(self.get_current_user)) -> None:
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token")
+            self.authenticator.change_password(user.username, request.old_password, request.new_password)
+
+        # API Key endpoints
+        api_key_path = '/api-key'
+
+        class ApiKeyRequestBody(BaseModel):
+            title: str = Field(description=f"The title of the API key")
+            expiry_minutes: int | None = Field(
+                default=None, 
+                description=f"The number of minutes the API key is valid for (or valid indefinitely if not provided)."
+            )
+
+        @auth_router.post(api_key_path, description="Create a new API key for the user", tags=["Authentication"])
+        async def create_api_key(body: ApiKeyRequestBody, user: RegisteredUser | GuestUser = Depends(self.get_current_user)) -> rm.ApiKeyResponse:
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token, cannot create API key")
+            
+            api_key, _ = self.authenticator.create_access_token(user, expiry_minutes=body.expiry_minutes, title=body.title)
+            return rm.ApiKeyResponse(api_key=api_key)
+        
+        @auth_router.get(api_key_path, description="Get all API keys with title for the current user", tags=["Authentication"])
+        async def get_all_api_keys(user: RegisteredUser | GuestUser = Depends(self.get_current_user)):
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token, cannot get API keys")
+            return self.authenticator.get_all_api_keys(user.username)
+        
+        revoke_api_key_path = '/api-key/{api_key_id}'
+
+        @auth_router.delete(revoke_api_key_path, description="Revoke an API key", tags=["Authentication"], responses={
+            204: { "description": "API key revoked successfully" }
+        })
+        async def revoke_api_key(api_key_id: str, user: RegisteredUser | GuestUser = Depends(self.get_current_user)) -> Response:
+            if isinstance(user, GuestUser):
+                raise InvalidInputError(401, "invalid_authorization_token", "Invalid authorization token, cannot revoke API key")
+            self.authenticator.revoke_api_key(user.username, api_key_id)
+            return Response(status_code=204)
+
+        # User management endpoints (disabled if external auth only)
+        if self.manifest_cfg.authentication.type.value == "managed":
+            user_fields_path = '/user-fields'
+
+            @user_management_router.get(user_fields_path, description="Get details of the user fields", tags=["User Management"])
+            async def get_user_fields():
+                return self.authenticator.user_fields
+            
+            add_user_path = '/users'
+
+            @user_management_router.post(add_user_path, description="Add a new user by providing details for username, password, and user fields", tags=["User Management"])
+            async def add_user(
+                new_user: AddUserModel, user: AbstractUser = Depends(self.get_current_user)
+            ) -> None:
+                if user.access_level != "admin":
+                    raise InvalidInputError(403, "unauthorized_to_add_user", "Current user cannot add new users")
+                self.authenticator.add_user(new_user.username, new_user.model_dump(mode='json', exclude={"username"}))
+
+            update_user_path = '/users/{username}'
+
+            @user_management_router.put(update_user_path, description="Update the user of the given username given the new user details", tags=["User Management"])
+            async def update_user(
+                username: str, updated_user: UpdateUserModel, user: AbstractUser = Depends(self.get_current_user)
+            ) -> None:
+                if user.access_level != "admin":
+                    raise InvalidInputError(403, "unauthorized_to_update_user", "Current user cannot update users")
+                self.authenticator.add_user(username, updated_user.model_dump(mode='json'), update_user=True)
+
+            list_users_path = '/users'
+
+            @user_management_router.get(list_users_path, tags=["User Management"])
+            async def list_all_users() -> list[UserInfoModel]:
+                registered_users = self.authenticator.get_all_users()
+                return [
+                    UserInfoModel(username=user.username, access_level=user.access_level, **user.custom_fields.model_dump(mode='json')) 
+                    for user in registered_users
+                ]
+            
+            delete_user_path = '/users/{username}'
+
+            @user_management_router.delete(delete_user_path, tags=["User Management"], responses={
+                204: { "description": "User deleted successfully" }
+            })
+            async def delete_user(username: str, user: AbstractUser = Depends(self.get_current_user)) -> Response:
+                if user.access_level != "admin":
+                    raise InvalidInputError(403, "unauthorized_to_delete_user", "Current user cannot delete users")
+                if username == user.username:
+                    raise InvalidInputError(403, "cannot_delete_own_user", "Cannot delete your own user")
+                self.authenticator.delete_user(username)
+                return Response(status_code=204)
+
+        app.include_router(auth_router)
+        app.include_router(user_management_router)

squirrels/_api_routes/base.py

@@ -0,0 +1,165 @@
+"""
+Base utilities and dependencies for API routes
+"""
+from typing import Any, Mapping, TypeVar, Callable, Coroutine, Literal
+from fastapi import Request, Response, Depends
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from fastapi.templating import Jinja2Templates
+from cachetools import TTLCache
+from pydantic import BaseModel, create_model, Field
+from mcp.server.fastmcp import Context
+from pathlib import Path
+from datetime import datetime, timezone
+
+from .. import _utils as u, _constants as c
+from .._exceptions import InvalidInputError, ConfigurationError
+from .._project import SquirrelsProject
+from .._schemas.auth_models import GuestUser, RegisteredUser
+
+T = TypeVar('T')
+
+
+class RouteBase:
+    """Base class for route modules providing common functionality"""
+    
+    def __init__(self, get_bearer_token: HTTPBearer, project: SquirrelsProject, no_cache: bool = False):
+        self.project = project
+        self.no_cache = no_cache
+        self.logger = project._logger
+        self.env_vars = project._env_vars
+        self.manifest_cfg = project._manifest_cfg
+        self.authenticator = project._auth
+        self.param_cfg_set = project._param_cfg_set
+        
+        # Setup templates
+        template_dir = Path(__file__).parent.parent / "_package_data" / "templates"
+        self.templates = Jinja2Templates(directory=str(template_dir))
+    
+        # Authorization dependency for current user
+        def get_token_from_session(request: Request) -> str | None:
+            expiry = request.session.get("access_token_expiry")
+            datetime_now = datetime.now(timezone.utc).timestamp()
+            if expiry and expiry > datetime_now:
+                return request.session.get("access_token")
+            else:
+                request.session.pop("access_token", None)
+                request.session.pop("access_token_expiry", None)
+                return None
+        
+        async def get_current_user(
+            request: Request, response: Response, auth: HTTPAuthorizationCredentials = Depends(get_bearer_token)
+        ) -> GuestUser | RegisteredUser:
+            token = auth.credentials if auth and auth.scheme == "Bearer" else None
+            access_token = token if token else get_token_from_session(request)
+            api_key = request.headers.get("x-api-key")
+            final_token = api_key if api_key else access_token
+
+            user = self.authenticator.get_user_from_token(final_token)
+            if user is None:
+                user = self.project._guest_user
+            
+            response.headers["Applied-Username"] = user.username
+            return user
+
+        self.get_current_user = get_current_user
+        
+    @property
+    def _parameters_description(self) -> str:
+        """Get the standard parameters description"""
+        return "Selections of one parameter may cascade the available options in another parameter. " \
+                "For example, if the dataset has parameters for 'country' and 'city', available options for 'city' would " \
+                "depend on the selected option 'country'. If a parameter has 'trigger_refresh' as true, provide the parameter " \
+                "selection to this endpoint whenever it changes to refresh the parameter options of children parameters."
+        
+    def _validate_request_params(self, all_request_params: Mapping, params: Mapping, headers: Mapping[str, str]) -> None:
+        """Validate request parameters
+        
+        When header 'x-verify-params' is set to a truthy value, ensure that all provided
+        query/body parameters are part of the parsed params model. Falls back to legacy
+        query param 'x_verify_params' for backward compatibility.
+        """
+        header_val = headers.get("x-verify-params")
+        verify_params = u.to_bool(header_val) or u.to_bool(params.get("x_verify_params", False))
+        if verify_params:
+            invalid_params = [param for param in all_request_params if param not in params]
+            if invalid_params:
+                raise InvalidInputError(400, "invalid_query_parameters", f"Invalid query parameters: {', '.join(invalid_params)}")
+    
+    def get_selections_as_immutable(self, params: Mapping, uncached_keys: set[str]) -> tuple[tuple[str, Any], ...]:
+        """Convert selections into a cachable tuple of pairs"""
+        selections = list()
+        for key, val in params.items():
+            if key in uncached_keys or val is None:
+                continue
+            if isinstance(val, (list, tuple)):
+                if len(val) == 1:  # for backward compatibility
+                    val = val[0]
+                else:
+                    val = tuple(val)
+            selections.append((u.normalize_name(key), val))
+        return tuple(selections)
+
+    async def do_cachable_action(self, cache: TTLCache, action: Callable[..., Coroutine[Any, Any, T]], *args) -> T:
+        """Execute a cachable action"""
+        cache_key = tuple(args)
+        result = cache.get(cache_key)
+        if result is None:
+            result = await action(*args)
+            cache[cache_key] = result
+        return result
+    
+    def _get_request_id(self, request: Request) -> str:
+        """Get request ID from headers"""
+        return request.headers.get("x-request-id", "")
+    
+    def log_activity_time(self, activity: str, start_time: float, request: Request) -> None:
+        """Log activity time"""
+        self.logger.log_activity_time(activity, start_time, request_id=self._get_request_id(request))
+
+    def get_name_from_path_section(self, request: Request, section: int) -> str:
+        """Extract name from request path section"""
+        url_path: str = request.scope['route'].path
+        name_raw = url_path.split('/')[section]
+        return u.normalize_name(name_raw)
+
+    def _get_access_token_expiry_minutes(self) -> int:
+        """Get access token expiry minutes"""
+        expiry_mins = self.env_vars.get(c.SQRL_AUTH_TOKEN_EXPIRE_MINUTES, 30)
+        try:
+            expiry_mins = int(expiry_mins)
+        except ValueError:
+            raise ConfigurationError(f"Value for environment variable {c.SQRL_AUTH_TOKEN_EXPIRE_MINUTES} is not an integer, got: {expiry_mins}")
+        return expiry_mins
+    
+    def get_headers_from_tool_ctx(self, tool_ctx: Context) -> dict[str, str]:
+        request = tool_ctx.request_context.request
+        assert request is not None and hasattr(request, "headers")
+        return dict(request.headers)
+
+    def get_configurables_from_headers(self, headers: Mapping[str, str]) -> tuple[tuple[str, str], ...]:
+        """Extract configurables from request headers with prefix 'x-config-'."""
+        prefix = "x-config-"
+        cfg_pairs: list[tuple[str, str]] = []
+        for key, value in headers.items():
+            key_lower = str(key).lower()
+            if key_lower.startswith(prefix):
+                cfg_name = key_lower[len(prefix):]
+                cfg_pairs.append((u.normalize_name(cfg_name), str(value)))
+        
+        self.logger.info(f"Configurables specified: {[k for k, _ in cfg_pairs]}")
+        return tuple(cfg_pairs)
+    
+    def get_user_from_tool_headers(self, headers: dict[str, str]):
+        authorization_header = headers.get('Authorization')
+        if authorization_header:
+            parts = authorization_header.split()
+            if len(parts) == 2 and parts[0] == 'Bearer':
+                access_token = parts[1]
+                user = self.authenticator.get_user_from_token(access_token)
+                if user is None:
+                    return self.project._guest_user
+                return user
+            else:
+                raise ValueError("Invalid Authorization header format")
+        else:
+            return self.project._guest_user

squirrels/_api_routes/dashboards.py

@@ -0,0 +1,150 @@
+"""
+Dashboard routes for parameters and results
+"""
+from typing import Callable, Coroutine, Any
+from fastapi import FastAPI, Depends, Request, Response
+from fastapi.responses import JSONResponse, HTMLResponse
+from fastapi.security import HTTPBearer
+from dataclasses import asdict
+from cachetools import TTLCache
+import time
+
+from .. import _constants as c, _utils as u
+from .._schemas import response_models as rm
+from .._exceptions import ConfigurationError
+from .._dashboards import Dashboard
+from .._schemas.query_param_models import get_query_models_for_parameters, get_query_models_for_dashboard
+from .._schemas.auth_models import AbstractUser
+from .base import RouteBase
+
+
+class DashboardRoutes(RouteBase):
+    """Dashboard parameter and result routes"""
+    
+    def __init__(self, get_bearer_token: HTTPBearer, project, no_cache: bool = False):
+        super().__init__(get_bearer_token, project, no_cache)
+        
+        # Setup caches
+        dashboard_results_cache_size = int(self.env_vars.get(c.SQRL_DASHBOARDS_CACHE_SIZE, 128))
+        dashboard_results_cache_ttl = int(self.env_vars.get(c.SQRL_DASHBOARDS_CACHE_TTL_MINUTES, 60))
+        self.dashboard_results_cache = TTLCache(maxsize=dashboard_results_cache_size, ttl=dashboard_results_cache_ttl*60)
+        
+    async def _get_dashboard_results_helper(
+        self, dashboard: str, user: AbstractUser, selections: tuple[tuple[str, Any], ...], configurables: tuple[tuple[str, str], ...]
+    ) -> Dashboard:
+        """Helper to get dashboard results"""
+        cfg_filtered = {k: v for k, v in dict(configurables).items() if k in self.manifest_cfg.configurables}
+        return await self.project.dashboard(dashboard, user, selections=dict(selections), configurables=cfg_filtered)
+    
+    async def _get_dashboard_results_cachable(
+        self, dashboard: str, user: AbstractUser, selections: tuple[tuple[str, Any], ...], configurables: tuple[tuple[str, str], ...]
+    ) -> Dashboard:
+        """Cachable version of dashboard results helper"""
+        return await self.do_cachable_action(self.dashboard_results_cache, self._get_dashboard_results_helper, dashboard, user, selections, configurables)
+    
+    async def _get_dashboard_results_definition(
+        self, dashboard_name: str, user: AbstractUser, all_request_params: dict, params: dict, headers: dict[str, str]
+    ) -> Response:
+        """Get dashboard results definition"""
+        self._validate_request_params(all_request_params, params, headers)
+        
+        get_dashboard_function = self._get_dashboard_results_helper if self.no_cache else self._get_dashboard_results_cachable
+        selections = self.get_selections_as_immutable(params, uncached_keys={"x_verify_params"})
+        
+        user_has_elevated_privileges = u.user_has_elevated_privileges(user.access_level, self.project._elevated_access_level)
+        configurables = self.get_configurables_from_headers(headers) if user_has_elevated_privileges else tuple()
+        dashboard_obj = await get_dashboard_function(dashboard_name, user, selections, configurables)
+        
+        if dashboard_obj._format == c.PNG:
+            assert isinstance(dashboard_obj._content, bytes)
+            result = Response(dashboard_obj._content, media_type="image/png")
+        elif dashboard_obj._format == c.HTML:
+            result = HTMLResponse(dashboard_obj._content)
+        else:
+            raise NotImplementedError()
+        return result 
+    
+    def setup_routes(
+        self, app: FastAPI, project_metadata_path: str, param_fields: dict, get_parameters_definition: Callable[..., Coroutine[Any, Any, rm.ParametersModel]]
+    ) -> None:
+        """Setup dashboard routes"""
+        
+        dashboard_results_path = project_metadata_path + '/dashboard/{dashboard}'
+        dashboard_parameters_path = dashboard_results_path + '/parameters'
+        
+        def validate_parameters_list(parameters: list[str] | None, entity_type: str, dashboard_name: str) -> None:
+            if parameters is None:
+                return
+            for param in parameters:
+                if param not in param_fields:
+                    all_params = list(param_fields.keys())
+                    raise ConfigurationError(
+                        f"{entity_type} '{dashboard_name}' use parameter '{param}' which doesn't exist. Available parameters are:"
+                        f"\n  {all_params}"
+                    )
+        
+        # Dashboard parameters and results APIs
+        for dashboard_name, dashboard in self.project._dashboards.items():
+            dashboard_name_for_api = u.normalize_name_for_api(dashboard_name)
+            curr_parameters_path = dashboard_parameters_path.format(dashboard=dashboard_name_for_api)
+            curr_results_path = dashboard_results_path.format(dashboard=dashboard_name_for_api)
+
+            validate_parameters_list(dashboard.config.parameters, "Dashboard", dashboard_name)
+            
+            QueryModelForGetParams, QueryModelForPostParams = get_query_models_for_parameters(dashboard.config.parameters, param_fields)
+            QueryModelForGetDash, QueryModelForPostDash = get_query_models_for_dashboard(dashboard.config.parameters, param_fields)
+
+            @app.get(curr_parameters_path, tags=[f"Dashboard '{dashboard_name}'"], description=self._parameters_description, response_class=JSONResponse)
+            async def get_dashboard_parameters(
+                request: Request, params: QueryModelForGetParams, user=Depends(self.get_current_user) # type: ignore
+            ) -> rm.ParametersModel:
+                start = time.time()
+                curr_dashboard_name = self.get_name_from_path_section(request, -2)
+                parameters_list = self.project._dashboards[curr_dashboard_name].config.parameters    
+                scope = self.project._dashboards[curr_dashboard_name].config.scope
+                result = await get_parameters_definition(
+                    parameters_list, "dashboard", curr_dashboard_name, scope, user, dict(request.query_params), asdict(params), headers=dict(request.headers)
+                )
+                self.log_activity_time("GET REQUEST for PARAMETERS", start, request)
+                return result
+
+            @app.post(curr_parameters_path, tags=[f"Dashboard '{dashboard_name}'"], description=self._parameters_description, response_class=JSONResponse)
+            async def get_dashboard_parameters_with_post(
+                request: Request, params: QueryModelForPostParams, user=Depends(self.get_current_user) # type: ignore
+            ) -> rm.ParametersModel:
+                start = time.time()
+                curr_dashboard_name = self.get_name_from_path_section(request, -2)
+                parameters_list = self.project._dashboards[curr_dashboard_name].config.parameters
+                scope = self.project._dashboards[curr_dashboard_name].config.scope
+                payload: dict = await request.json()
+                result = await get_parameters_definition(
+                    parameters_list, "dashboard", curr_dashboard_name, scope, user, payload, params.model_dump(), headers=dict(request.headers)
+                )
+                self.log_activity_time("POST REQUEST for PARAMETERS", start, request)
+                return result
+            
+            @app.get(curr_results_path, tags=[f"Dashboard '{dashboard_name}'"], description=dashboard.config.description, response_class=Response)
+            async def get_dashboard_results(
+                request: Request, params: QueryModelForGetDash, user=Depends(self.get_current_user) # type: ignore
+            ) -> Response:
+                start = time.time()
+                curr_dashboard_name = self.get_name_from_path_section(request, -1)
+                result = await self._get_dashboard_results_definition(
+                    curr_dashboard_name, user, dict(request.query_params), asdict(params), headers=dict(request.headers)
+                )
+                self.log_activity_time("GET REQUEST for DASHBOARD RESULTS", start, request)
+                return result
+
+            @app.post(curr_results_path, tags=[f"Dashboard '{dashboard_name}'"], description=dashboard.config.description, response_class=Response)
+            async def get_dashboard_results_with_post(
+                request: Request, params: QueryModelForPostDash, user=Depends(self.get_current_user) # type: ignore
+            ) -> Response:
+                start = time.time()
+                curr_dashboard_name = self.get_name_from_path_section(request, -1)
+                payload: dict = await request.json()
+                result = await self._get_dashboard_results_definition(
+                    curr_dashboard_name, user, payload, params.model_dump(), headers=dict(request.headers)
+                )
+                self.log_activity_time("POST REQUEST for DASHBOARD RESULTS", start, request)
+                return result
+