crafty-4/app/classes/web/api_handler.py

import logging
import re

from app.classes.web.base_handler import BaseHandler

logger = logging.getLogger(__name__)
bearer_pattern = re.compile(r"^Bearer", flags=re.IGNORECASE)


class ApiHandler(BaseHandler):
    def return_response(self, status: int, data: dict):
        # Define a standardized response
        self.set_status(status)
        self.write(data)

    def access_denied(self, user, reason=""):
        if reason:
            reason = " because " + reason
        logger.info(
            "User %s from IP %s was denied access to the API route "
            + self.request.path
            + reason,
            user,
            self.get_remote_ip(),
        )
        self.finish(
            self.return_response(
                403,
                {
                    "error": "ACCESS_DENIED",
                    "info": "You were denied access to the requested resource",
                },
            )
        )

    def authenticate_user(self) -> bool:
        try:
            logger.debug("Searching for specified token")

            api_token = self.get_argument("token", "")
            if api_token is None and self.request.headers.get("Authorization"):
                api_token = bearer_pattern.sub(
                    "", self.request.headers.get("Authorization")
                )
            elif api_token is None:
                api_token = self.get_cookie("token")
            user_data = self.controller.users.get_user_by_api_token(api_token)

            logger.debug("Checking results")
            if user_data:
                # Login successful! Check perms
                logger.info(f"User {user_data['username']} has authenticated to API")
                # TODO: Role check

                return True  # This is to set the "authenticated"
            else:
                logging.debug("Auth unsuccessful")
                self.access_denied("unknown", "the user provided an invalid token")
                return False
        except Exception as e:
            logger.warning("An error occured while authenticating an API user: %s", e)
            self.finish(
                self.return_response(
                    403,
                    {
                        "error": "ACCESS_DENIED",
                        "info": "An error occured while authenticating the user",
                    },
                )
            )
            return False


class ServersStats(ApiHandler):
    def get(self):
        """Get details about all servers"""
        authenticated = self.authenticate_user()
        if not authenticated:
            return

        # Get server stats
        # TODO Check perms
        self.finish(self.write({"servers": self.controller.stats.get_servers_stats()}))


class NodeStats(ApiHandler):
    def get(self):
        """Get stats for particular node"""
        authenticated = self.authenticate_user()
        if not authenticated:
            return

        # Get node stats
        node_stats = self.controller.stats.get_node_stats()
        node_stats.pop("servers")
        self.finish(self.write(node_stats))
add api base handler 2020-09-06 04:13:42 +00:00			`import logging`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`import re`
add api base handler 2020-09-06 04:13:42 +00:00
One monster truck commit for rework and backups 2021-03-22 04:02:18 +00:00			`from app.classes.web.base_handler import BaseHandler`
add api base handler 2020-09-06 04:13:42 +00:00
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger = logging.getLogger(__name__)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`bearer_pattern = re.compile(r"^Bearer", flags=re.IGNORECASE)`
add api base handler 2020-09-06 04:13:42 +00:00
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`class ApiHandler(BaseHandler):`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`def return_response(self, status: int, data: dict):`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`# Define a standardized response`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`self.set_status(status)`
add api base handler 2020-09-06 04:13:42 +00:00			`self.write(data)`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`def access_denied(self, user, reason=""):`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`if reason:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`reason = " because " + reason`
			`logger.info(`
			`"User %s from IP %s was denied access to the API route "`
			`+ self.request.path`
			`+ reason,`
			`user,`
			`self.get_remote_ip(),`
			`)`
			`self.finish(`
			`self.return_response(`
			`403,`
			`{`
			`"error": "ACCESS_DENIED",`
			`"info": "You were denied access to the requested resource",`
			`},`
			`)`
			`)`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`def authenticate_user(self) -> bool:`
add api base handler 2020-09-06 04:13:42 +00:00			`try:`
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger.debug("Searching for specified token")`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`api_token = self.get_argument("token", "")`
			`if api_token is None and self.request.headers.get("Authorization"):`
			`api_token = bearer_pattern.sub(`
			`"", self.request.headers.get("Authorization")`
			`)`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`elif api_token is None:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`api_token = self.get_cookie("token")`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`user_data = self.controller.users.get_user_by_api_token(api_token)`

Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger.debug("Checking results")`
add api base handler 2020-09-06 04:13:42 +00:00			`if user_data:`
working statistics api route 2020-09-06 04:58:17 +00:00			`# Login successful! Check perms`
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger.info(f"User {user_data['username']} has authenticated to API")`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`# TODO: Role check`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`return True # This is to set the "authenticated"`
add api base handler 2020-09-06 04:13:42 +00:00			`else:`
			`logging.debug("Auth unsuccessful")`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`self.access_denied("unknown", "the user provided an invalid token")`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`return False`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`except Exception as e:`
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger.warning("An error occured while authenticating an API user: %s", e)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.finish(`
			`self.return_response(`
			`403,`
			`{`
			`"error": "ACCESS_DENIED",`
			`"info": "An error occured while authenticating the user",`
			`},`
			`)`
			`)`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`return False`
add api base handler 2020-09-06 04:13:42 +00:00
working statistics api route 2020-09-06 04:58:17 +00:00
One monster truck commit for rework and backups 2021-03-22 04:02:18 +00:00			`class ServersStats(ApiHandler):`
working statistics api route 2020-09-06 04:58:17 +00:00			`def get(self):`
			`"""Get details about all servers"""`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`authenticated = self.authenticate_user()`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`if not authenticated:`
			`return`

working statistics api route 2020-09-06 04:58:17 +00:00			`# Get server stats`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`# TODO Check perms`
One monster truck commit for rework and backups 2021-03-22 04:02:18 +00:00			`self.finish(self.write({"servers": self.controller.stats.get_servers_stats()}))`
working statistics api route 2020-09-06 04:58:17 +00:00

One monster truck commit for rework and backups 2021-03-22 04:02:18 +00:00			`class NodeStats(ApiHandler):`
working statistics api route 2020-09-06 04:58:17 +00:00			`def get(self):`
			`"""Get stats for particular node"""`
Fix a bunch of errors in API base handler and add some verbosity to logging in it 2021-04-17 15:19:19 +00:00			`authenticated = self.authenticate_user()`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`if not authenticated:`
			`return`

working statistics api route 2020-09-06 04:58:17 +00:00			`# Get node stats`
One monster truck commit for rework and backups 2021-03-22 04:02:18 +00:00			`node_stats = self.controller.stats.get_node_stats()`
working statistics api route 2020-09-06 04:58:17 +00:00			`node_stats.pop("servers")`
			`self.finish(self.write(node_stats))`