Spaces:
Sleeping
Sleeping
optimize auth
Browse files- auth.py +1 -6
- routers/users_v1.py +14 -1
auth.py
CHANGED
|
@@ -19,12 +19,7 @@ def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(securit
|
|
| 19 |
detail="Invalid authentication credentials",
|
| 20 |
headers={"WWW-Authenticate": "Bearer"},
|
| 21 |
)
|
| 22 |
-
|
| 23 |
-
raise HTTPException(
|
| 24 |
-
status_code=status.HTTP_403_FORBIDDEN,
|
| 25 |
-
detail="Have no permission",
|
| 26 |
-
headers={"WWW-Authenticate": "Bearer"},
|
| 27 |
-
)
|
| 28 |
return user
|
| 29 |
|
| 30 |
def validate_token(token: str):
|
|
|
|
| 19 |
detail="Invalid authentication credentials",
|
| 20 |
headers={"WWW-Authenticate": "Bearer"},
|
| 21 |
)
|
| 22 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 23 |
return user
|
| 24 |
|
| 25 |
def validate_token(token: str):
|
routers/users_v1.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
from fastapi import APIRouter, Depends
|
| 2 |
from pydantic import BaseModel
|
| 3 |
import uuid
|
| 4 |
|
|
@@ -25,6 +25,13 @@ class User(BaseModel):
|
|
| 25 |
# response = TbsDb(db_module_filename, "Cloudflare").get_list(query)
|
| 26 |
# return response
|
| 27 |
async def read_user(current_user: UserModel = Depends(get_current_user)):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
query = "SELECT * FROM users"
|
| 29 |
response = TbsDb(db_module_filename, "Cloudflare").get_list(query)
|
| 30 |
return response
|
|
@@ -47,6 +54,12 @@ async def create_user(user: UserModel):
|
|
| 47 |
|
| 48 |
@router.get("/users/{id}")
|
| 49 |
async def read_user(id:int, current_user: UserModel = Depends(get_current_user)):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50 |
query = f"SELECT * FROM users where id={id}"
|
| 51 |
response = TbsDb(db_module_filename, "Cloudflare").get_item(query)
|
| 52 |
return response
|
|
|
|
| 1 |
+
from fastapi import APIRouter, Depends, HTTPException, status
|
| 2 |
from pydantic import BaseModel
|
| 3 |
import uuid
|
| 4 |
|
|
|
|
| 25 |
# response = TbsDb(db_module_filename, "Cloudflare").get_list(query)
|
| 26 |
# return response
|
| 27 |
async def read_user(current_user: UserModel = Depends(get_current_user)):
|
| 28 |
+
if current_user.is_admin == 0:
|
| 29 |
+
raise HTTPException(
|
| 30 |
+
status_code=status.HTTP_403_FORBIDDEN,
|
| 31 |
+
detail="Have no permission",
|
| 32 |
+
headers={"WWW-Authenticate": "Bearer"},
|
| 33 |
+
)
|
| 34 |
+
|
| 35 |
query = "SELECT * FROM users"
|
| 36 |
response = TbsDb(db_module_filename, "Cloudflare").get_list(query)
|
| 37 |
return response
|
|
|
|
| 54 |
|
| 55 |
@router.get("/users/{id}")
|
| 56 |
async def read_user(id:int, current_user: UserModel = Depends(get_current_user)):
|
| 57 |
+
if (current_user.is_admin == 0) and (current_user.id != id):
|
| 58 |
+
raise HTTPException(
|
| 59 |
+
status_code=status.HTTP_403_FORBIDDEN,
|
| 60 |
+
detail="Have no permission",
|
| 61 |
+
headers={"WWW-Authenticate": "Bearer"},
|
| 62 |
+
)
|
| 63 |
query = f"SELECT * FROM users where id={id}"
|
| 64 |
response = TbsDb(db_module_filename, "Cloudflare").get_item(query)
|
| 65 |
return response
|