advent22/api/advent22_api/routers/_security.py

import secrets
from datetime import date

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials

from ..core.config import Config, get_config
from ..core.depends import get_all_event_dates
from ..core.helpers import EventDates

security = HTTPBasic()


async def user_is_admin(
    credentials: HTTPBasicCredentials = Depends(security),
    cfg: Config = Depends(get_config),
) -> bool:
    """
    True iff der user "admin" ist
    """

    username_correct = secrets.compare_digest(
        credentials.username.lower(),
        cfg.admin.name.lower(),
    )
    password_correct = secrets.compare_digest(
        credentials.password,
        cfg.admin.password,
    )

    return username_correct and password_correct


async def require_admin(
    is_admin: bool = Depends(user_is_admin),
) -> None:
    """
    HTTP 401 iff der user nicht "admin" ist
    """

    if not is_admin:
        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Wie unhöflich!!!")


async def user_visible_days(
    event_dates: EventDates = Depends(get_all_event_dates),
) -> list[int]:
    """
    User-sichtbare Türchen
    """

    today = date.today()

    return [event for event, date in event_dates.dates.items() if date <= today]


async def user_can_view_day(
    day: int,
    visible_days: list[int] = Depends(user_visible_days),
) -> bool:
    """
    True iff das Türchen von Tag `day` user-sichtbar ist
    """

    return day in visible_days