Lenaisten/advent22
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Berechtigungen

Browse source
This commit is contained in:
Jörn-Michael Miehe 2022-11-15 23:43:13 +00:00
parent 2802b04657
commit 66dbf9c9d8
2 changed files with 38 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
api/advent22_api/routers/days.py
View file

@ -1,12 +1,13 @@
# from datetime import date from datetime import date
from io import BytesIO from io import BytesIO
from fastapi import APIRouter, Depends from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.responses import StreamingResponse from fastapi.responses import StreamingResponse
from ..config import Config, get_config from ..config import Config, get_config
from ._image import AdventImage from ._image import AdventImage
from ._misc import get_image, shuffle from ._misc import get_image, shuffle
from .user import user_is_admin
router = APIRouter(prefix="/days", tags=["days"]) router = APIRouter(prefix="/days", tags=["days"])
@ -52,17 +53,36 @@ async def get_letter(
# ) # )
async def user_can_view(
index: int,
) -> bool:
today = date.today()
if today.month in (1, 2, 3):
return True
elif today.month == 12:
return index < today.day
return False
@router.get( @router.get(
"/picture/{index}", "/image/{index}",
response_class=StreamingResponse, response_class=StreamingResponse,
) )
async def get_image_for_day( async def get_image_for_day(
image: AdventImage = Depends(get_image), image: AdventImage = Depends(get_image),
can_view: bool = Depends(user_can_view),
is_admin: bool = Depends(user_is_admin),
) -> StreamingResponse: ) -> StreamingResponse:
""" """
Bild für einen Tag erstellen Bild für einen Tag erstellen
""" """
if not (can_view or is_admin):
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Wie unhöflich!!!")
# Bilddaten in Puffer laden # Bilddaten in Puffer laden
img_buffer = BytesIO() img_buffer = BytesIO()
image.img.save(img_buffer, format="JPEG", quality=85) image.img.save(img_buffer, format="JPEG", quality=85)

23
api/advent22_api/routers/user.py
View file

@ -1,3 +1,5 @@
import secrets
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials from fastapi.security import HTTPBasic, HTTPBasicCredentials
@ -7,18 +9,23 @@ router = APIRouter(prefix="/user", tags=["user"])
security = HTTPBasic() security = HTTPBasic()
async def is_admin( async def user_is_admin(
credentials: HTTPBasicCredentials = Depends(security), credentials: HTTPBasicCredentials = Depends(security),
config: Config = Depends(get_config), config: Config = Depends(get_config),
) -> bool: ) -> bool:
if config.admin.name == credentials.username: username_correct = secrets.compare_digest(
if config.admin.password == credentials.password: credentials.username, config.admin.name
return True )
return False
password_correct = secrets.compare_digest(
credentials.password, config.admin.password
)
return username_correct and password_correct
async def require_admin( async def require_admin(
is_admin: bool = Depends(is_admin), is_admin: bool = Depends(user_is_admin),
) -> None: ) -> None:
if not is_admin: if not is_admin:
raise HTTPException(status.HTTP_401_UNAUTHORIZED) raise HTTPException(status.HTTP_401_UNAUTHORIZED)
@ -27,5 +34,5 @@ async def require_admin(
@router.get("/admin") @router.get("/admin")
def check_admin( def check_admin(
_: None = Depends(require_admin), _: None = Depends(require_admin),
) -> None: ) -> bool:
return None return True