diff --git a/burrito/__init__.py b/burrito/__init__.py index dd0a01e4..ec9883ac 100644 --- a/burrito/__init__.py +++ b/burrito/__init__.py @@ -1 +1 @@ -__version__ = "0.7.1 indev" +__version__ = "0.7.2 indev" diff --git a/burrito/apps/profile/router.py b/burrito/apps/profile/router.py index af1cf50a..a0a46861 100644 --- a/burrito/apps/profile/router.py +++ b/burrito/apps/profile/router.py @@ -3,7 +3,6 @@ from burrito.schemas.profile_schema import ResponseProfileSchema from .views import ( - profile__check_my_profile, profile__check_by_id, profile__update_my_profile ) @@ -11,12 +10,6 @@ profile_router = APIRouter() -profile_router.add_api_route( - "/", - profile__check_my_profile, - methods=["GET"], - response_model=ResponseProfileSchema -) profile_router.add_api_route( "/{user_id}", profile__check_by_id, diff --git a/burrito/apps/profile/views.py b/burrito/apps/profile/views.py index ca132c40..4b942d10 100644 --- a/burrito/apps/profile/views.py +++ b/burrito/apps/profile/views.py @@ -22,17 +22,6 @@ ) -async def profile__check_my_profile( - __auth_obj: BurritoJWT = Depends(get_auth_core()) -) -> ResponseProfileSchema: - """Return some data to check user profile""" - - token_payload: AuthTokenPayload = await __auth_obj.verify_access_token() - check_permission(token_payload) - - return await view_profile_by_user_id(token_payload.user_id) - - async def profile__check_by_id( user_id: int, ) -> ResponseProfileSchema: diff --git a/burrito/utils/auth.py b/burrito/utils/auth.py index b676c86b..caf75ac1 100644 --- a/burrito/utils/auth.py +++ b/burrito/utils/auth.py @@ -1,16 +1,18 @@ from typing import Any +from datetime import datetime import jwt import uuid from fastapi import HTTPException, Request, status from pydantic import BaseModel +from burrito.utils.logger import get_logger from burrito.utils.config_reader import get_config from burrito.utils.redis_utils import get_redis_connector _JWT_SECRET = get_config().BURRITO_JWT_SECRET -_TOKEN_TTL = get_config().BURRITO_JWT_TTL +_TOKEN_TTL = int(get_config().BURRITO_JWT_TTL) _KEY_TEMPLATE = "{}_{}_{}" @@ -23,7 +25,7 @@ class AuthTokenPayload(BaseModel): token_type: str = "" user_id: int role: str - exp: int = _TOKEN_TTL + exp: int = datetime.now().timestamp() + _TOKEN_TTL def _make_redis_key(data: AuthTokenPayload) -> str: @@ -95,8 +97,9 @@ async def verify_access_token(self) -> AuthTokenPayload: if get_redis_connector().get(token_key): return token_payload + get_logger().error(f"Authorization: something went wrong with token payload {token_payload.dict()}") raise AuthTokenError( - detail="Something went wrong", + detail="Authorization error: something went wrong", status_code=status.HTTP_401_UNAUTHORIZED ) @@ -113,19 +116,27 @@ async def verify_refresh_token(self) -> AuthTokenPayload: if get_redis_connector().get(token_key): return token_payload + get_logger().error(f"Authorization: something went wrong with token payload {token_payload.dict()}") raise AuthTokenError( - detail="Something went wrong", + detail="Authorization error: something went wrong", status_code=status.HTTP_401_UNAUTHORIZED ) async def _read_token_payload(self, token: str) -> AuthTokenPayload | None: try: return AuthTokenPayload(**jwt.decode(token, _JWT_SECRET)) - except: + + except jwt.exceptions.ExpiredSignatureError as exc: raise AuthTokenError( - detail="Authorization token is invalid or expired", + detail="Authorization token is expired", status_code=status.HTTP_401_UNAUTHORIZED - ) + ) from exc + + except Exception as exc: + raise AuthTokenError( + detail="Authorization token payload is invalid", + status_code=status.HTTP_401_UNAUTHORIZED + ) from exc def get_auth_core() -> BurritoJWT: diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml deleted file mode 100644 index 79bc621a..00000000 --- a/docker-compose-redis.yml +++ /dev/null @@ -1,124 +0,0 @@ -version: "3.0" - - -volumes: - redis_1_volume: {} - redis_2_volume: {} - redis_3_volume: {} - redis_4_volume: {} - redis_5_volume: {} - redis_6_volume: {} - - -networks: - redis_cluster_net: - driver: bridge - ipam: - driver: default - config: - - subnet: 173.18.0.0/24 - - -services: -# REDIS CLUSTER - - redis_cluster: - image: 'redis' - container_name: redis_cluster_init - command: redis-cli --cluster create \ - 173.18.0.11:11001 \ - 173.18.0.12:11002 \ - 173.18.0.13:11003 \ - 173.18.0.14:11004 \ - 173.18.0.15:11005 \ - 173.18.0.16:11006 \ - --cluster-replicas 1 --cluster-yes - tty: true - networks: - redis_cluster_net: - ipv4_address: 173.18.0.30 - depends_on: - - redis_1 - - redis_2 - - redis_3 - - redis_4 - - redis_5 - - redis_6 - - redis_1: - image: 'redis' - container_name: burrito_redis_1 - ports: - - "11001" - volumes: - - redis_1_volume:/data - - ./redis/redis_1/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11001" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.11 - - redis_2: - image: 'redis' - container_name: burrito_redis_2 - ports: - - "11002" - volumes: - - redis_2_volume:/data - - ./redis/redis_2/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11002" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.12 - - redis_3: - image: 'redis' - container_name: burrito_redis_3 - ports: - - "11003" - volumes: - - redis_3_volume:/data - - ./redis/redis_3/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11003" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.13 - - redis_4: - image: 'redis' - container_name: burrito_redis_4 - ports: - - "11004" - volumes: - - redis_4_volume:/data - - ./redis/redis_4/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11004" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.14 - - redis_5: - image: 'redis' - container_name: burrito_redis_5 - ports: - - "11005" - volumes: - - redis_5_volume:/data - - ./redis/redis_5/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11005" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.15 - - redis_6: - image: 'redis' - container_name: burrito_redis_6 - ports: - - "11006" - volumes: - - redis_6_volume:/data - - ./redis/redis_6/redis.conf:/usr/local/etc/redis/redis.conf - command: [ "redis-server", "/usr/local/etc/redis/redis.conf", "--port 11006" ] - networks: - redis_cluster_net: - ipv4_address: 173.18.0.16 diff --git a/preprocessor_config.json b/preprocessor_config.json index 192e80a3..6e1599e1 100644 --- a/preprocessor_config.json +++ b/preprocessor_config.json @@ -42,7 +42,8 @@ {"permission_id": 2, "name": "CREATE_TICKET"}, {"permission_id": 3, "name": "READ_TICKET"}, {"permission_id": 4, "name": "SEND_MESSAGE"}, - {"permission_id": 5, "name": "ADMIN"} + {"permission_id": 5, "name": "ADMIN"}, + {"permission_id": 6, "name": "GOD_MODE"} ], "roles": [ {"role_id": 1, "name": "ALL"}, @@ -53,7 +54,8 @@ {"role_id": 6, "name": "NO_CTM"}, {"role_id": 7, "name": "NO_PM"}, {"role_id": 8, "name": "NO_PCTM"}, - {"role_id": 9, "name": "ADMIN"} + {"role_id": 9, "name": "ADMIN"}, + {"role_id": 10, "name": "CHIEF_ADMIN"} ], "role_permissions": [ {"id": 1, "role_id": 1, "permission_id": 1}, @@ -84,6 +86,9 @@ {"id": 20, "role_id": 8, "permission_id": 3}, - {"id": 20, "role_id": 9, "permission_id": 5} + {"id": 21, "role_id": 9, "permission_id": 5}, + + {"id": 22, "role_id": 10, "permission_id": 5}, + {"id": 23, "role_id": 10, "permission_id": 6} ] } \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 9dd22a68..e311b25a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "Burrito" -version = "0.7.1.dev2" +version = "0.7.2.dev2" description = "API for the issue tracker" authors = ["DimonBor", "m-o-d-e-r"] readme = "README.md" diff --git a/redis/redis_1/redis.conf b/redis/redis_1/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_1/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/redis/redis_2/redis.conf b/redis/redis_2/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_2/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/redis/redis_3/redis.conf b/redis/redis_3/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_3/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/redis/redis_4/redis.conf b/redis/redis_4/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_4/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/redis/redis_5/redis.conf b/redis/redis_5/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_5/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/redis/redis_6/redis.conf b/redis/redis_6/redis.conf deleted file mode 100644 index e289d5c7..00000000 --- a/redis/redis_6/redis.conf +++ /dev/null @@ -1,5 +0,0 @@ -cluster-enabled yes -cluster-config-file nodes.conf -cluster-node-timeout 5000 -appendonly no -bind 0.0.0.0 diff --git a/storage/file1.txt b/storage/file1.txt deleted file mode 100644 index 110181eb..00000000 --- a/storage/file1.txt +++ /dev/null @@ -1,9 +0,0 @@ -123456789 -qwqw -sad -allowed_filesas -defdsf -sdf - -sdfsd -f \ No newline at end of file diff --git a/storage/file2.txt b/storage/file2.txt deleted file mode 100644 index 110181eb..00000000 --- a/storage/file2.txt +++ /dev/null @@ -1,9 +0,0 @@ -123456789 -qwqw -sad -allowed_filesas -defdsf -sdf - -sdfsd -f \ No newline at end of file diff --git a/tests/profile_test.py b/tests/profile_test.py index e021f9ca..91751c24 100644 --- a/tests/profile_test.py +++ b/tests/profile_test.py @@ -46,19 +46,6 @@ def test_view_profile_without_auth_with_id(self): response ) - def test_view_profile_without_auth_without_id(self): - """Recv profile data in JSON format""" - - response = requests.get( - f"http://{get_config().BURRITO_HOST}:{get_config().BURRITO_PORT}/profile/", - timeout=0.5 - ) - - self.assertEqual( - response.status_code, - 401 - ) - def test_view_profile_with_auth_with_id(self): """Recv profile data in JSON format""" @@ -79,26 +66,6 @@ def test_view_profile_with_auth_with_id(self): response ) - def test_view_profile_with_auth_without_id(self): - """Recv profile data in JSON format""" - - response = requests.get( - f"http://{get_config().BURRITO_HOST}:{get_config().BURRITO_PORT}/profile/", - headers={ - "Authorization": f"Bearer {AuthTestCase.access_token}" - }, - timeout=0.5 - ) - - check_error( - self.assertEqual, - { - "first": response.status_code, - "second": 200 - }, - response - ) - def test_update_profile_without_auth(self): """Update profile data""" diff --git a/tests/run_tests.py b/tests/run_tests.py index 787e1e56..5b12f380 100644 --- a/tests/run_tests.py +++ b/tests/run_tests.py @@ -25,10 +25,10 @@ unittest.TestLoader().loadTestsFromTestCase(ProfileTestCase), unittest.TestLoader().loadTestsFromTestCase(TicketsTestCase), unittest.TestLoader().loadTestsFromTestCase(AboutTestCase), - unittest.TestLoader().loadTestsFromTestCase(AdminTestCase), +# unittest.TestLoader().loadTestsFromTestCase(AdminTestCase), unittest.TestLoader().loadTestsFromTestCase(AnonTestCase), unittest.TestLoader().loadTestsFromTestCase(MetaTestCase), -# #unittest.TestLoader().loadTestsFromTestCase(IOFilesTestCase) + #unittest.TestLoader().loadTestsFromTestCase(IOFilesTestCase) unittest.TestLoader().loadTestsFromTestCase(CommentsTestCase), unittest.TestLoader().loadTestsFromTestCase(NotificationsTestCase) ]