From: Adam Dullage Date: Fri, 28 Jul 2023 07:17:58 +0000 (+0100) Subject: Added _edit_only auth types X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=3cc2a1a8c9c65b754ea0d34708235109886ee8fc;p=flatnotes.git Added _edit_only auth types --- diff --git a/flatnotes/auth.py b/flatnotes/auth.py index 952a898..7ea6871 100644 --- a/flatnotes/auth.py +++ b/flatnotes/auth.py @@ -40,3 +40,20 @@ def validate_token(token: str = Depends(oauth2_scheme)): detail="Invalid authentication credentials", headers={"WWW-Authenticate": "Bearer"}, ) + + +def no_auth(): + return + + +def get_auth(for_edit: bool = True): + if config.auth_type == AuthType.NONE: + return no_auth + elif ( + config.auth_type + in [AuthType.PASSWORD_EDIT_ONLY, AuthType.TOTP_EDIT_ONLY] + and for_edit is False + ): + return no_auth + else: + return validate_token diff --git a/flatnotes/config.py b/flatnotes/config.py index 9dc9823..482fb40 100644 --- a/flatnotes/config.py +++ b/flatnotes/config.py @@ -9,7 +9,9 @@ from logger import logger class AuthType(str, Enum): NONE = "none" PASSWORD = "password" + PASSWORD_EDIT_ONLY = "password_edit_only" TOTP = "totp" + TOTP_EDIT_ONLY = "totp_edit_only" class Config: diff --git a/flatnotes/main.py b/flatnotes/main.py index c9bdc2b..79e10f2 100644 --- a/flatnotes/main.py +++ b/flatnotes/main.py @@ -7,7 +7,7 @@ from fastapi.responses import HTMLResponse from fastapi.staticfiles import StaticFiles from qrcode import QRCode -from auth import create_access_token, validate_token +from auth import create_access_token, get_auth, validate_token from config import AuthType, config from error_responses import ( invalid_title_response, @@ -87,8 +87,12 @@ def root(title: str = ""): return HTMLResponse(content=html) -@app.post("/api/notes", response_model=NoteModel) -def post_note(data: NoteModel, _: str = Depends(validate_token)): +@app.post( + "/api/notes", + dependencies=[Depends(get_auth(for_edit=True))], + response_model=NoteModel, +) +def post_note(data: NoteModel): """Create a new note.""" try: note = Note(flatnotes, data.title, new=True) @@ -100,11 +104,14 @@ def post_note(data: NoteModel, _: str = Depends(validate_token)): return title_exists_response -@app.get("/api/notes/{title}", response_model=NoteModel) +@app.get( + "/api/notes/{title}", + dependencies=[Depends(get_auth(for_edit=False))], + response_model=NoteModel, +) def get_note( title: str, include_content: bool = True, - _: str = Depends(validate_token), ): """Get a specific note.""" try: @@ -116,10 +123,12 @@ def get_note( return note_not_found_response -@app.patch("/api/notes/{title}", response_model=NoteModel) -def patch_note( - title: str, new_data: NotePatchModel, _: str = Depends(validate_token) -): +@app.patch( + "/api/notes/{title}", + dependencies=[Depends(get_auth(for_edit=True))], + response_model=NoteModel, +) +def patch_note(title: str, new_data: NotePatchModel): try: note = Note(flatnotes, title) if new_data.new_title is not None: @@ -135,8 +144,10 @@ def patch_note( return note_not_found_response -@app.delete("/api/notes/{title}") -def delete_note(title: str, _: str = Depends(validate_token)): +@app.delete( + "/api/notes/{title}", dependencies=[Depends(get_auth(for_edit=True))] +) +def delete_note(title: str): try: note = Note(flatnotes, title) note.delete() @@ -146,19 +157,25 @@ def delete_note(title: str, _: str = Depends(validate_token)): return note_not_found_response -@app.get("/api/tags") -def get_tags(_: str = Depends(validate_token)): +@app.get( + "/api/tags", + dependencies=[Depends(get_auth(for_edit=False))], +) +def get_tags(): """Get a list of all indexed tags.""" return flatnotes.get_tags() -@app.get("/api/search", response_model=List[SearchResultModel]) +@app.get( + "/api/search", + dependencies=[Depends(get_auth(for_edit=False))], + response_model=List[SearchResultModel], +) def search( term: str, sort: Literal["score", "title", "lastModified"] = "score", order: Literal["asc", "desc"] = "desc", limit: int = None, - _: str = Depends(validate_token), ): """Perform a full text search on all notes.""" if sort == "lastModified":