iamBadgers/foundry-manager-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add user auth to table mods

Browse Source
This commit is contained in:
iamBadgers
2026-05-03 00:50:33 -07:00
parent ab8b3582d0
commit d94ea04c1b
5 changed files with 54 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/auth.py
View File

@@ -6,6 +6,7 @@ from random import randint
auth = Blueprint("auth_api", __name__)
@auth.route("/login", methods=["POST"])
def login():
username = request.get_json()["username"]
@@ -19,6 +20,7 @@ def login():
return jsonify({"username": "NONE", "authenticated": False}), 400
@auth.route("/logout", methods=["POST"])
@login_required
def logout():
@@ -26,6 +28,7 @@ def logout():
return jsonify({"username": "NONE", "authenticated": False}), 200
return "Log Out Failed", 400
@auth.route("/user")
def get_current_user():
if current_user.is_authenticated:
@@ -34,6 +37,7 @@ def get_current_user():
return jsonify({"username": "NONE", "authenticated": False})
return "Unauthd", 403
@auth.route("/user", methods=["POST"])
def create_user():
username = request.get_json()["username"]
@@ -46,6 +50,7 @@ def create_user():
db.session.commit()
return jsonify(user.to_dict())
@auth.route("/user/<user_id>", methods=["POST"])
@login_required
def update_user(user_id):
@@ -55,11 +60,13 @@ def update_user(user_id):
db.session.commit()
return jsonify(user.to_dict()), 200
@auth.route("/user/<user_id>", methods=["DELETE"])
@login_required
def delete_user():
return
@auth.route("/user/<user_id>")
@login_required
def get_user():

5
src/game_table_model.py
View File

@@ -11,7 +11,8 @@ class GameTable(db.Model):
active = db.Column(db.Boolean)
version = db.Column(db.Integer)
docker_id = db.Column(db.Integer)
user_id = db.Column(db.Integer)
owning_user_id = db.Column(db.Integer)
def __repr__(self):
return f"<Game Table {self.game_table_name}>"
@@ -23,5 +24,5 @@ class GameTable(db.Model):
"table_link": self.game_table_link,
"active": self.active,
"version": self.version,
"user_id": self.user_id
"user_id": self.owning_user_id,
}

4
src/main.py
View File

@@ -6,6 +6,7 @@ from flask_login import LoginManager
db = SQLAlchemy()
def create_app():
app = Flask(__name__)
@@ -24,9 +25,10 @@ def create_app():
db.close()
from user_model import User
@login_manager.user_loader
def load_user(user_id: string) -> User:
return User.query.get(int (user_id))
return User.query.get(int(user_id))
import tables
import auth

42
src/tables.py
View File

@@ -13,7 +13,7 @@ tables = Blueprint("tables_api", __name__)
@tables.route("/tables", methods=["POST"])
@login_required
def create_table():
user = current_user
allTables = GameTable.query.all()
allIds = set([table.game_table_id for table in allTables] or [0])
fullRange = set(range(0, max(allIds) + 2))
@@ -26,6 +26,7 @@ def create_table():
version=request.get_json()["version"],
active=False,
docker_id=None,
owning_user_id=user.id
)
potato.session.add(table)
potato.session.commit()
@@ -40,23 +41,34 @@ def get_table(table_id):
@tables.route("/tables/<int:table_id>", methods=["POST"])
@login_required
def update_table(table_id):
user = current_user
table = GameTable.query.get_or_404(table_id)
table.game_table_name = request.get_json()["table_name"]
table.game_table_link = request.get_json()["table_link"]
table.version = request.get_json()["version"]
potato.session.commit()
if table.owning_user_id == user.id or user.is_admin:
table.game_table_name = request.get_json()["table_name"]
table.game_table_link = request.get_json()["table_link"]
table.version = request.get_json()["version"]
potato.session.commit()
return jsonify(table.to_dict()), 200
return "Not auth'd to mod table.", 403
@tables.route("tables/<table_id>", methods=["DELETE"])
@
@login_required
def delete_table(table_id):
user = current_user
table = GameTable.query.get_or_404(table_id)
container_managment.delete_file_package(table)
potato.session.delete(table)
potato.session.commit()
return jsonify({}), 200
if table.owning_user_id == user.id or user.is_admin:
container_managment.delete_file_package(table)
potato.session.delete(table)
potato.session.commit()
return jsonify({}), 200
return "Not auth'd to mod table.", 403
@tables.route("/tables/active")
def list_active_tables():
@@ -77,11 +89,16 @@ def list_inactive_tables():
@tables.route("/tables/<table_id>:start", methods=["POST"])
@login_required
def activate_table(table_id):
user = current_user
hard = bool(request.get_json()["hard"])
keys = TableKey.query.filter_by(game_table_id=None).all()
table = GameTable.query.get_or_404(table_id)
if not table.owning_user_id == user.id and not user.is_admin:
return "Not auth'd to mod table.", 403
if table.active:
return "Table already active", 400
@@ -101,10 +118,15 @@ def activate_table(table_id):
@tables.route("/tables/<table_id>:stop", methods=["POST"])
@login_required
def deactivate_table(table_id):
user = current_user
table = GameTable.query.get_or_404(table_id)
key = TableKey.query.filter_by(game_table_id=table_id).first()
if not table.owning_user_id == user.id and not user.is_admin:
return "Not auth'd to mod table.", 403
if not table.active:
return "Table not active", 400

10
src/user_model.py
View File

@@ -4,9 +4,11 @@ from main import db
from werkzeug.security import generate_password_hash, check_password_hash
from flask_login import UserMixin
def create_new_session(user: User) -> Session:
return
class User(UserMixin, db.Model):
__tablename__ = "users"
@@ -24,7 +26,13 @@ class User(UserMixin, db.Model):
return check_password_hash(self.password_hash, password)
def to_dict(self):
return {"id": self.id, "username": self.user_name, "authenticated": self.is_authenticated}
return {
"id": self.id,
"username": self.user_name,
"authenticated": self.is_authenticated,
"is_admin": self.is_admin
}
class Session(db.Model):