selfprivacy-rest-api/selfprivacy_api/app.py

#!/usr/bin/env python3
"""SelfPrivacy server management API"""
import os
from gevent import monkey


from flask import Flask, request, jsonify
from flask_restful import Api
from flask_swagger import swagger
from flask_swagger_ui import get_swaggerui_blueprint

from selfprivacy_api.resources.users import User, Users
from selfprivacy_api.resources.common import ApiVersion
from selfprivacy_api.resources.system import api_system
from selfprivacy_api.resources.services import services as api_services
from selfprivacy_api.resources.api_auth import auth as api_auth

from selfprivacy_api.restic_controller.tasks import huey, init_restic

from selfprivacy_api.migrations import run_migrations

from selfprivacy_api.utils.auth import is_token_valid

swagger_blueprint = get_swaggerui_blueprint(
    "/api/docs", "/api/swagger.json", config={"app_name": "SelfPrivacy API"}
)


def create_app(test_config=None):
    """Initiate Flask app and bind routes"""
    app = Flask(__name__)
    api = Api(app)

    if test_config is None:
        app.config["ENABLE_SWAGGER"] = os.environ.get("ENABLE_SWAGGER", "0")
        app.config["B2_BUCKET"] = os.environ.get("B2_BUCKET")
    else:
        app.config.update(test_config)

    # Check bearer token
    @app.before_request
    def check_auth():
        # Exclude swagger-ui, /auth/new_device/authorize, /auth/recovery_token/use
        if request.path.startswith("/api"):
            pass
        elif request.path.startswith("/auth/new_device/authorize"):
            pass
        elif request.path.startswith("/auth/recovery_token/use"):
            pass
        else:
            auth = request.headers.get("Authorization")
            if auth is None:
                return jsonify({"error": "Missing Authorization header"}), 401
            # Strip Bearer from auth header
            auth = auth.replace("Bearer ", "")
            if not is_token_valid(auth):
                return jsonify({"error": "Invalid token"}), 401

    api.add_resource(ApiVersion, "/api/version")
    api.add_resource(Users, "/users")
    api.add_resource(User, "/users/<string:username>")

    app.register_blueprint(api_system)
    app.register_blueprint(api_services)
    app.register_blueprint(api_auth)

    @app.route("/api/swagger.json")
    def spec():
        if app.config["ENABLE_SWAGGER"] == "1":
            swag = swagger(app)
            swag["info"]["version"] = "1.2.3"
            swag["info"]["title"] = "SelfPrivacy API"
            swag["info"]["description"] = "SelfPrivacy API"
            swag["securityDefinitions"] = {
                "bearerAuth": {
                    "type": "apiKey",
                    "name": "Authorization",
                    "in": "header",
                }
            }
            swag["security"] = [{"bearerAuth": []}]

            return jsonify(swag)
        return jsonify({}), 404

    if app.config["ENABLE_SWAGGER"] == "1":
        app.register_blueprint(swagger_blueprint, url_prefix="/api/docs")

    return app


if __name__ == "__main__":
    monkey.patch_all()
    created_app = create_app()
    run_migrations()
    huey.start()
    init_restic()
    created_app.run(port=5050, debug=False)
Decomposition 2021-11-11 20:31:28 +02:00			`#!/usr/bin/env python3`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`"""SelfPrivacy server management API"""`
			`import os`
Restic controller 2021-12-06 08:48:29 +02:00			`from gevent import monkey`


Add basic API auth 2021-11-16 12:32:10 +02:00			`from flask import Flask, request, jsonify`
Decomposition 2021-11-11 20:31:28 +02:00			`from flask_restful import Api`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`from flask_swagger import swagger`
			`from flask_swagger_ui import get_swaggerui_blueprint`
Decomposition 2021-11-11 20:31:28 +02:00
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`from selfprivacy_api.resources.users import User, Users`
More unit tests and bugfixes (#7) Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/7 Co-authored-by: Inex Code <inex.code@selfprivacy.org> Co-committed-by: Inex Code <inex.code@selfprivacy.org> 2022-01-10 22:35:00 +02:00			`from selfprivacy_api.resources.common import ApiVersion`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`from selfprivacy_api.resources.system import api_system`
			`from selfprivacy_api.resources.services import services as api_services`
Inital auth work, untested 2022-01-14 07:38:53 +02:00			`from selfprivacy_api.resources.api_auth import auth as api_auth`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00
Restic controller 2021-12-06 08:48:29 +02:00			`from selfprivacy_api.restic_controller.tasks import huey, init_restic`

Migrations mechanism and fix to the nixos-config branch 2022-01-11 07:36:11 +02:00			`from selfprivacy_api.migrations import run_migrations`

Inital auth work, untested 2022-01-14 07:38:53 +02:00			`from selfprivacy_api.utils.auth import is_token_valid`

Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`swagger_blueprint = get_swaggerui_blueprint(`
			`"/api/docs", "/api/swagger.json", config={"app_name": "SelfPrivacy API"}`
			`)`
Decomposition 2021-11-11 20:31:28 +02:00

First wave of unit tests, and bugfixes caused by them 2021-11-29 21:16:08 +02:00			`def create_app(test_config=None):`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`"""Initiate Flask app and bind routes"""`
Decomposition 2021-11-11 20:31:28 +02:00			`app = Flask(__name__)`
			`api = Api(app)`

First wave of unit tests, and bugfixes caused by them 2021-11-29 21:16:08 +02:00			`if test_config is None:`
			`app.config["ENABLE_SWAGGER"] = os.environ.get("ENABLE_SWAGGER", "0")`
Update backup endpoints 2021-12-02 17:06:23 +02:00			`app.config["B2_BUCKET"] = os.environ.get("B2_BUCKET")`
First wave of unit tests, and bugfixes caused by them 2021-11-29 21:16:08 +02:00			`else:`
			`app.config.update(test_config)`
Add basic API auth 2021-11-16 12:32:10 +02:00
			`# Check bearer token`
			`@app.before_request`
			`def check_auth():`
Inital auth work, untested 2022-01-14 07:38:53 +02:00			`# Exclude swagger-ui, /auth/new_device/authorize, /auth/recovery_token/use`
			`if request.path.startswith("/api"):`
			`pass`
			`elif request.path.startswith("/auth/new_device/authorize"):`
			`pass`
			`elif request.path.startswith("/auth/recovery_token/use"):`
			`pass`
			`else:`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`auth = request.headers.get("Authorization")`
			`if auth is None:`
			`return jsonify({"error": "Missing Authorization header"}), 401`
Inital auth work, untested 2022-01-14 07:38:53 +02:00			`# Strip Bearer from auth header`
			`auth = auth.replace("Bearer ", "")`
			`if not is_token_valid(auth):`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`return jsonify({"error": "Invalid token"}), 401`

API version endpoint 2021-11-18 09:35:50 +02:00			`api.add_resource(ApiVersion, "/api/version")`
Decomposition 2021-11-11 20:31:28 +02:00			`api.add_resource(Users, "/users")`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`api.add_resource(User, "/users/<string:username>")`
Decomposition 2021-11-11 20:31:28 +02:00
			`app.register_blueprint(api_system)`
			`app.register_blueprint(api_services)`
Inital auth work, untested 2022-01-14 07:38:53 +02:00			`app.register_blueprint(api_auth)`
Decomposition 2021-11-11 20:31:28 +02:00
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`@app.route("/api/swagger.json")`
			`def spec():`
			`if app.config["ENABLE_SWAGGER"] == "1":`
			`swag = swagger(app)`
Add migration to selfprivacy nix channel 2022-04-28 16:22:13 +03:00			`swag["info"]["version"] = "1.2.3"`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`swag["info"]["title"] = "SelfPrivacy API"`
			`swag["info"]["description"] = "SelfPrivacy API"`
			`swag["securityDefinitions"] = {`
			`"bearerAuth": {`
			`"type": "apiKey",`
			`"name": "Authorization",`
			`"in": "header",`
			`}`
			`}`
			`swag["security"] = [{"bearerAuth": []}]`

			`return jsonify(swag)`
			`return jsonify({}), 404`

			`if app.config["ENABLE_SWAGGER"] == "1":`
			`app.register_blueprint(swagger_blueprint, url_prefix="/api/docs")`

Decomposition 2021-11-11 20:31:28 +02:00			`return app`


			`if __name__ == "__main__":`
Restic controller 2021-12-06 08:48:29 +02:00			`monkey.patch_all()`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`created_app = create_app()`
Migrations mechanism and fix to the nixos-config branch 2022-01-11 07:36:11 +02:00			`run_migrations()`
Restic controller 2021-12-06 08:48:29 +02:00			`huey.start()`
			`init_restic()`
Input sanitization, added swagger 2021-11-16 18:14:01 +02:00			`created_app.run(port=5050, debug=False)`