Add user auth to table mods
This commit is contained in:
iamBadgers
@@ -6,6 +6,7 @@ from random import randint
|
|||||||
|
|
||||||
auth = Blueprint("auth_api", __name__)
|
auth = Blueprint("auth_api", __name__)
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/login", methods=["POST"])
|
@auth.route("/login", methods=["POST"])
|
||||||
def login():
|
def login():
|
||||||
username = request.get_json()["username"]
|
username = request.get_json()["username"]
|
||||||
@@ -19,6 +20,7 @@ def login():
|
|||||||
|
|
||||||
return jsonify({"username": "NONE", "authenticated": False}), 400
|
return jsonify({"username": "NONE", "authenticated": False}), 400
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/logout", methods=["POST"])
|
@auth.route("/logout", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def logout():
|
def logout():
|
||||||
@@ -26,6 +28,7 @@ def logout():
|
|||||||
return jsonify({"username": "NONE", "authenticated": False}), 200
|
return jsonify({"username": "NONE", "authenticated": False}), 200
|
||||||
return "Log Out Failed", 400
|
return "Log Out Failed", 400
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/user")
|
@auth.route("/user")
|
||||||
def get_current_user():
|
def get_current_user():
|
||||||
if current_user.is_authenticated:
|
if current_user.is_authenticated:
|
||||||
@@ -34,6 +37,7 @@ def get_current_user():
|
|||||||
return jsonify({"username": "NONE", "authenticated": False})
|
return jsonify({"username": "NONE", "authenticated": False})
|
||||||
return "Unauthd", 403
|
return "Unauthd", 403
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/user", methods=["POST"])
|
@auth.route("/user", methods=["POST"])
|
||||||
def create_user():
|
def create_user():
|
||||||
username = request.get_json()["username"]
|
username = request.get_json()["username"]
|
||||||
@@ -46,6 +50,7 @@ def create_user():
|
|||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify(user.to_dict())
|
return jsonify(user.to_dict())
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/user/<user_id>", methods=["POST"])
|
@auth.route("/user/<user_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def update_user(user_id):
|
def update_user(user_id):
|
||||||
@@ -55,11 +60,13 @@ def update_user(user_id):
|
|||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify(user.to_dict()), 200
|
return jsonify(user.to_dict()), 200
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/user/<user_id>", methods=["DELETE"])
|
@auth.route("/user/<user_id>", methods=["DELETE"])
|
||||||
@login_required
|
@login_required
|
||||||
def delete_user():
|
def delete_user():
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
@auth.route("/user/<user_id>")
|
@auth.route("/user/<user_id>")
|
||||||
@login_required
|
@login_required
|
||||||
def get_user():
|
def get_user():
|
||||||
|
|||||||
@@ -11,7 +11,8 @@ class GameTable(db.Model):
|
|||||||
active = db.Column(db.Boolean)
|
active = db.Column(db.Boolean)
|
||||||
version = db.Column(db.Integer)
|
version = db.Column(db.Integer)
|
||||||
docker_id = db.Column(db.Integer)
|
docker_id = db.Column(db.Integer)
|
||||||
user_id = db.Column(db.Integer)
|
owning_user_id = db.Column(db.Integer)
|
||||||
|
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f"<Game Table {self.game_table_name}>"
|
return f"<Game Table {self.game_table_name}>"
|
||||||
@@ -23,5 +24,5 @@ class GameTable(db.Model):
|
|||||||
"table_link": self.game_table_link,
|
"table_link": self.game_table_link,
|
||||||
"active": self.active,
|
"active": self.active,
|
||||||
"version": self.version,
|
"version": self.version,
|
||||||
"user_id": self.user_id
|
"user_id": self.owning_user_id,
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ from flask_login import LoginManager
|
|||||||
|
|
||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
|
|
||||||
|
|
||||||
def create_app():
|
def create_app():
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
||||||
@@ -24,9 +25,10 @@ def create_app():
|
|||||||
db.close()
|
db.close()
|
||||||
|
|
||||||
from user_model import User
|
from user_model import User
|
||||||
|
|
||||||
@login_manager.user_loader
|
@login_manager.user_loader
|
||||||
def load_user(user_id: string) -> User:
|
def load_user(user_id: string) -> User:
|
||||||
return User.query.get(int (user_id))
|
return User.query.get(int(user_id))
|
||||||
|
|
||||||
import tables
|
import tables
|
||||||
import auth
|
import auth
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ tables = Blueprint("tables_api", __name__)
|
|||||||
@tables.route("/tables", methods=["POST"])
|
@tables.route("/tables", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def create_table():
|
def create_table():
|
||||||
|
user = current_user
|
||||||
allTables = GameTable.query.all()
|
allTables = GameTable.query.all()
|
||||||
allIds = set([table.game_table_id for table in allTables] or [0])
|
allIds = set([table.game_table_id for table in allTables] or [0])
|
||||||
fullRange = set(range(0, max(allIds) + 2))
|
fullRange = set(range(0, max(allIds) + 2))
|
||||||
@@ -26,6 +26,7 @@ def create_table():
|
|||||||
version=request.get_json()["version"],
|
version=request.get_json()["version"],
|
||||||
active=False,
|
active=False,
|
||||||
docker_id=None,
|
docker_id=None,
|
||||||
|
owning_user_id=user.id
|
||||||
)
|
)
|
||||||
potato.session.add(table)
|
potato.session.add(table)
|
||||||
potato.session.commit()
|
potato.session.commit()
|
||||||
@@ -40,23 +41,34 @@ def get_table(table_id):
|
|||||||
|
|
||||||
|
|
||||||
@tables.route("/tables/<int:table_id>", methods=["POST"])
|
@tables.route("/tables/<int:table_id>", methods=["POST"])
|
||||||
|
@login_required
|
||||||
def update_table(table_id):
|
def update_table(table_id):
|
||||||
|
user = current_user
|
||||||
table = GameTable.query.get_or_404(table_id)
|
table = GameTable.query.get_or_404(table_id)
|
||||||
table.game_table_name = request.get_json()["table_name"]
|
|
||||||
table.game_table_link = request.get_json()["table_link"]
|
if table.owning_user_id == user.id or user.is_admin:
|
||||||
table.version = request.get_json()["version"]
|
table.game_table_name = request.get_json()["table_name"]
|
||||||
potato.session.commit()
|
table.game_table_link = request.get_json()["table_link"]
|
||||||
|
table.version = request.get_json()["version"]
|
||||||
|
potato.session.commit()
|
||||||
|
return jsonify(table.to_dict()), 200
|
||||||
|
|
||||||
|
return "Not auth'd to mod table.", 403
|
||||||
|
|
||||||
|
|
||||||
@tables.route("tables/<table_id>", methods=["DELETE"])
|
@tables.route("tables/<table_id>", methods=["DELETE"])
|
||||||
@
|
@login_required
|
||||||
def delete_table(table_id):
|
def delete_table(table_id):
|
||||||
|
user = current_user
|
||||||
table = GameTable.query.get_or_404(table_id)
|
table = GameTable.query.get_or_404(table_id)
|
||||||
container_managment.delete_file_package(table)
|
|
||||||
potato.session.delete(table)
|
|
||||||
potato.session.commit()
|
|
||||||
return jsonify({}), 200
|
|
||||||
|
|
||||||
|
if table.owning_user_id == user.id or user.is_admin:
|
||||||
|
container_managment.delete_file_package(table)
|
||||||
|
potato.session.delete(table)
|
||||||
|
potato.session.commit()
|
||||||
|
return jsonify({}), 200
|
||||||
|
|
||||||
|
return "Not auth'd to mod table.", 403
|
||||||
|
|
||||||
@tables.route("/tables/active")
|
@tables.route("/tables/active")
|
||||||
def list_active_tables():
|
def list_active_tables():
|
||||||
@@ -77,11 +89,16 @@ def list_inactive_tables():
|
|||||||
|
|
||||||
|
|
||||||
@tables.route("/tables/<table_id>:start", methods=["POST"])
|
@tables.route("/tables/<table_id>:start", methods=["POST"])
|
||||||
|
@login_required
|
||||||
def activate_table(table_id):
|
def activate_table(table_id):
|
||||||
|
user = current_user
|
||||||
hard = bool(request.get_json()["hard"])
|
hard = bool(request.get_json()["hard"])
|
||||||
keys = TableKey.query.filter_by(game_table_id=None).all()
|
keys = TableKey.query.filter_by(game_table_id=None).all()
|
||||||
table = GameTable.query.get_or_404(table_id)
|
table = GameTable.query.get_or_404(table_id)
|
||||||
|
|
||||||
|
if not table.owning_user_id == user.id and not user.is_admin:
|
||||||
|
return "Not auth'd to mod table.", 403
|
||||||
|
|
||||||
if table.active:
|
if table.active:
|
||||||
return "Table already active", 400
|
return "Table already active", 400
|
||||||
|
|
||||||
@@ -101,10 +118,15 @@ def activate_table(table_id):
|
|||||||
|
|
||||||
|
|
||||||
@tables.route("/tables/<table_id>:stop", methods=["POST"])
|
@tables.route("/tables/<table_id>:stop", methods=["POST"])
|
||||||
|
@login_required
|
||||||
def deactivate_table(table_id):
|
def deactivate_table(table_id):
|
||||||
|
user = current_user
|
||||||
table = GameTable.query.get_or_404(table_id)
|
table = GameTable.query.get_or_404(table_id)
|
||||||
key = TableKey.query.filter_by(game_table_id=table_id).first()
|
key = TableKey.query.filter_by(game_table_id=table_id).first()
|
||||||
|
|
||||||
|
if not table.owning_user_id == user.id and not user.is_admin:
|
||||||
|
return "Not auth'd to mod table.", 403
|
||||||
|
|
||||||
if not table.active:
|
if not table.active:
|
||||||
return "Table not active", 400
|
return "Table not active", 400
|
||||||
|
|
||||||
|
|||||||
@@ -4,9 +4,11 @@ from main import db
|
|||||||
from werkzeug.security import generate_password_hash, check_password_hash
|
from werkzeug.security import generate_password_hash, check_password_hash
|
||||||
from flask_login import UserMixin
|
from flask_login import UserMixin
|
||||||
|
|
||||||
|
|
||||||
def create_new_session(user: User) -> Session:
|
def create_new_session(user: User) -> Session:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
class User(UserMixin, db.Model):
|
class User(UserMixin, db.Model):
|
||||||
|
|
||||||
__tablename__ = "users"
|
__tablename__ = "users"
|
||||||
@@ -24,7 +26,13 @@ class User(UserMixin, db.Model):
|
|||||||
return check_password_hash(self.password_hash, password)
|
return check_password_hash(self.password_hash, password)
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
return {"id": self.id, "username": self.user_name, "authenticated": self.is_authenticated}
|
return {
|
||||||
|
"id": self.id,
|
||||||
|
"username": self.user_name,
|
||||||
|
"authenticated": self.is_authenticated,
|
||||||
|
"is_admin": self.is_admin
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class Session(db.Model):
|
class Session(db.Model):
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user