diff --git a/misc/index.yaml b/misc/index.yaml index e66cf85..accd984 100644 --- a/misc/index.yaml +++ b/misc/index.yaml @@ -18,26 +18,7 @@ servers: description: "Test server self-hosted by yours truly" paths: - # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html - /verify: - get: - summary: Returns a session key if successful - responses: - 200: - description: Successful response - content: - application/json: - schema: - title: Session key - type: string - 400: - $ref: '#/components/responses/400' - 403: - $ref: '#/components/responses/403' - 500: - $ref: '#/components/responses/500' - 503: - $ref: '#/components/responses/503' + # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html /shipcalls: get: @@ -127,8 +108,8 @@ paths: parameters: - name: user_id in: query - required: true - description: "**Id of user**. *Example: 2*. User id returned by verify call." + required: false + description: "**Id of user**. *Example: 2*. User id returned by login call. No parameter returns all participants." schema: type: integer responses: diff --git a/src/server/BreCal/__init__.py b/src/server/BreCal/__init__.py index bdc004b..db96eb3 100644 --- a/src/server/BreCal/__init__.py +++ b/src/server/BreCal/__init__.py @@ -5,7 +5,6 @@ import logging from . import local_db from .api import shipcalls -from .api import verify from .api import participant from .api import times from .api import notifications @@ -34,7 +33,6 @@ def create_app(test_config=None): # Add blueprints app.register_blueprint(shipcalls.bp) - app.register_blueprint(verify.bp) app.register_blueprint(participant.bp) app.register_blueprint(times.bp) app.register_blueprint(notifications.bp) diff --git a/src/server/BreCal/api/berths.py b/src/server/BreCal/api/berths.py index 6272af9..ba8f4ff 100644 --- a/src/server/BreCal/api/berths.py +++ b/src/server/BreCal/api/berths.py @@ -4,7 +4,6 @@ from .. import impl from ..services.auth_guard import auth_guard import json - bp = Blueprint('berths', __name__) @@ -13,8 +12,7 @@ bp = Blueprint('berths', __name__) def GetBerths(): if 'Authorization' in request.headers: - token = request.headers.get('Authorization') - # TODO: verify token + token = request.headers.get('Authorization') return impl.berths.GetBerths(token) else: return json.dumps("not authenticated"), 403 diff --git a/src/server/BreCal/api/notifications.py b/src/server/BreCal/api/notifications.py index a8a08ee..00dcf8d 100644 --- a/src/server/BreCal/api/notifications.py +++ b/src/server/BreCal/api/notifications.py @@ -11,8 +11,6 @@ bp = Blueprint('notifications', __name__) @auth_guard() # no restriction by role def GetNotifications(): - # TODO: verify token - if 'participant_id' in request.args: options = {} options["participant_id"] = request.args.get("participant_id") diff --git a/src/server/BreCal/api/participant.py b/src/server/BreCal/api/participant.py index 2d6b0f2..31fff73 100644 --- a/src/server/BreCal/api/participant.py +++ b/src/server/BreCal/api/participant.py @@ -10,8 +10,7 @@ bp = Blueprint('participant', __name__) def GetParticipant(): if 'Authorization' in request.headers: - token = request.headers.get('Authorization') - # TODO: verify token + token = request.headers.get('Authorization') options = {} options["user_id"] = request.args.get("user_id") return impl.participant.GetParticipant(options) diff --git a/src/server/BreCal/api/shipcalls.py b/src/server/BreCal/api/shipcalls.py index 59f806d..51c79d6 100644 --- a/src/server/BreCal/api/shipcalls.py +++ b/src/server/BreCal/api/shipcalls.py @@ -10,8 +10,6 @@ import json bp = Blueprint('shipcalls', __name__) -# TODO: verify token - @bp.route('/shipcalls', methods=['get']) @auth_guard() # no restriction by role def GetShipcalls(): diff --git a/src/server/BreCal/api/ships.py b/src/server/BreCal/api/ships.py index 76b5496..f4cdfa8 100644 --- a/src/server/BreCal/api/ships.py +++ b/src/server/BreCal/api/ships.py @@ -5,7 +5,6 @@ import json bp = Blueprint('ships', __name__) - @bp.route('/ships', methods=['get']) @auth_guard() # no restriction by role def GetShips(): diff --git a/src/server/BreCal/api/verify.py b/src/server/BreCal/api/verify.py deleted file mode 100644 index f43371b..0000000 --- a/src/server/BreCal/api/verify.py +++ /dev/null @@ -1,18 +0,0 @@ -from flask import Blueprint, request -from webargs.flaskparser import parser -from ..schemas import model -from .. import impl -import json -import logging - -bp = Blueprint('verify', __name__) - - -@bp.route('/verify', methods=['get']) -def GetVerify(): - if 'X-Api-Key' in request.headers: - apikey = request.headers.get('X-Api-Key') - return impl.verify.GetVerify(apikey) - else: - logging.warning("call without api key") - return json.dumps("missing api key"), 403 diff --git a/src/server/BreCal/impl/__init__.py b/src/server/BreCal/impl/__init__.py index 946e70b..4052c42 100644 --- a/src/server/BreCal/impl/__init__.py +++ b/src/server/BreCal/impl/__init__.py @@ -3,6 +3,5 @@ from . import notifications from . import participant from . import shipcalls from . import times -from . import verify from . import ships from . import login diff --git a/src/server/BreCal/impl/login.py b/src/server/BreCal/impl/login.py index eaa50f1..3c6afa7 100644 --- a/src/server/BreCal/impl/login.py +++ b/src/server/BreCal/impl/login.py @@ -28,7 +28,8 @@ def GetUser(options): "user_phone": data[0].user_phone } token = jwt_handler.generate_jwt(payload=result, lifetime=60) # generate token valid 60 mins - return token, 200 + result["token"] = token # add token to user data + return json.dumps(result), 200 if len(data) > 1: return json.dumps("credential lookup mismatch"), 500 diff --git a/src/server/BreCal/impl/participant.py b/src/server/BreCal/impl/participant.py index 772b693..5dbd5dd 100644 --- a/src/server/BreCal/impl/participant.py +++ b/src/server/BreCal/impl/participant.py @@ -8,14 +8,17 @@ from .. import local_db def GetParticipant(options): """ :param options: A dictionary containing all the paramters for the Operations - options["user_id"]: **Id of user**. *Example: 2*. User id returned by verify call. + options["user_id"]: **Id of user**. *Example: 2*. User id returned by login call. """ # TODO: validate token try: commands = pydapper.using(local_db.connection_pool) - data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]}) + if "user_id" in options and options["user_id"]: + data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]}) + else: + data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p ORDER BY p.name", model=model.Participant) except Exception as ex: logging.error(ex) diff --git a/src/server/BreCal/impl/verify.py b/src/server/BreCal/impl/verify.py deleted file mode 100644 index 4ab33c7..0000000 --- a/src/server/BreCal/impl/verify.py +++ /dev/null @@ -1,33 +0,0 @@ -import json -import logging -import pydapper - -from ..schemas import model -from ..schemas import __init__ - -def GetVerify(apikey): - """ - :param apikey: the api-key registered with the user - """ - - if not apikey: - return json.dumps("missing api key"), 400 - - sentinel = object() - try: - commands = pydapper.using(__init__.connection_pool) - data = commands.query_single_or_default("SELECT id from `user` WHERE api_key=?api_key?", default=sentinel, model=model.User, param={"api_key" : apikey}) - if(data is sentinel): - return json.dumps("wrong api key", 403) - - except Exception as ex: - logging.error(ex) - return json.dumps("logon failed"), 500 - - - # TODO: user authenticated: Create,store and transmit JWT token - - return json.dumps(""), 200 - - -