Skip to content
Snippets Groups Projects
Commit e4477a47 authored by Antoine Gaudron-Desjardins's avatar Antoine Gaudron-Desjardins
Browse files

protect OpenAPI interface

parent 5ded1cae
No related branches found
No related tags found
1 merge request!53Interface admin
......@@ -382,6 +382,7 @@ def update_user(user: schemas.User, user_info: dict, db: Session):
if existing_user:
existing_user.cookie = user.cookie
existing_user.expiration_date = expiration_date
existing_user.admin = "admin eatfast" in user_info["roles"]
db.delete(user)
db.add(existing_user)
db.commit()
......@@ -390,6 +391,7 @@ def update_user(user: schemas.User, user_info: dict, db: Session):
else:
user.username = full_name
user.expiration_date = expiration_date
user.admin = "admin eatfast" in user_info["roles"]
db.add(user)
db.commit()
db.refresh(user)
......
"""
Models of the database for magasin app
"""
from sqlalchemy import Column, ForeignKey, Integer, DateTime, Float, Interval, String, Text, Time
from sqlalchemy import Boolean, Column, ForeignKey, Integer, DateTime, Float, Interval, String, Text, Time
from sqlalchemy.orm import relationship
from db.database import Base
......@@ -82,5 +82,6 @@ class Users(Base):
username = Column(String(50))
cookie = Column(String(50))
expiration_date = Column(DateTime)
admin = Column(Boolean)
comments = relationship("Comments")
comments = relationship("CollaborativeRecords")
......@@ -138,3 +138,4 @@ class User(BaseModel):
username: str
cookie: str
expiration_date: datetime
admin: Optional[bool] = Field(default=False, title="Set to true to allow access to the admin interface")
from fastapi import FastAPI
from fastapi import Cookie, Depends, FastAPI
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import JSONResponse
from fastapi.openapi.docs import get_swagger_ui_html
from fastapi.openapi.utils import get_openapi
from sqlalchemy.orm import Session
from dotenv import load_dotenv
from threading import Thread
from asyncio import run
import os
from db import database, models
from db import database, models, crud
from db.database import get_db
from routers import *
from video_capture import handle_cameras
app = FastAPI(docs_url="/api/docs", openapi_url="/api/openapi.json")
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None)
# load environment variables
load_dotenv()
......@@ -35,6 +40,21 @@ async def on_startup():
t.start()
# Docs OpenAPI
@app.get("/api/openapi.json")
async def get_open_api_endpoint(connect_id: str = Cookie(...), db: Session = Depends(get_db)):
user = crud.get_user(connect_id, db)
if user.admin:
return JSONResponse(get_openapi(title="FastAPI", version=1, routes=app.routes))
@app.get("/api/docs")
async def get_documentation(connect_id: str = Cookie(...), db: Session = Depends(get_db)):
user = crud.get_user(connect_id, db)
if user.admin:
return get_swagger_ui_html(openapi_url="/openapi.json", title="docs")
# Integration of routers
app.include_router(infos.router)
app.include_router(records.router)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment