reintroduce security for reverse lockup

Merge remote-tracking branch 'origin/server_instance' into server_instance
Merge remote-tracking branch 'origin/main' into server_instance
2023-04-13 09:44:37 -04:00 · 2023-04-12 15:27:55 -04:00 · 2023-04-12 15:27:21 -04:00 · 2023-04-06 12:25:41 -04:00 · 2023-04-03 14:51:21 -04:00 · 2023-03-30 12:45:46 -04:00
6 changed files with 36 additions and 29 deletions
--- a/bootstrap.py
+++ b/bootstrap.py
@ -43,14 +43,14 @@ with open("hub_api/docs/openapi-specs.yml", "r") as stream:
    "headers": [],
    "specs": [
      {
-        "endpoint": 'apispec',
-        "route": '/v1.4/apispec.json',
+        "endpoint": '/api/apispec/',
+        "route": '/api/apispec/apispec.json',
        "rule_filter": lambda rule: True,  # all in
        "model_filter": lambda tag: True,  # all in
      }
    ],
-    "static_url_path": "/api/v1.4/static",
-    "specs_route": "/v1.4/api-docs/",
+    "static_url_path": "/api/static/",
+    "specs_route": "/api/api-docs/",
    "openapi": "3.0.0"
  }
  try:
--- a/hub_api/buildings/meb.py
+++ b/hub_api/buildings/meb.py
@ -21,9 +21,9 @@ class Meb(Resource, Config):
    _session = refresh_session(session_id, token, application_uuid)
    if _session is None:
      return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
    application_id = session(session_id)['application_id']
    user_id = session(session_id)['user_id']
-    token = {'token': _session['token']}
    payload = request.get_json()
    results = self.export_db_factory.results(user_id, application_id, payload)
    if results == {}:
--- a/hub_api/config.py
+++ b/hub_api/config.py
@ -14,12 +14,11 @@ from hub.imports.db_factory import DBFactory
 class Config:

  def __init__(self):
-    dotenv_path = "{}/.env".format(os.path.expanduser('~'))
+    dotenv_path = "{}".format(os.path.expanduser('~'))
    if platform.system() == 'Linux':
-      dotenv_path = Path('/usr/local/etc/hub/.env').resolve()
-
+      dotenv_path = f'{dotenv_path}/.local/etc/hub_api/.env'
    environment = 'TEST'
-    database_name = 'persistence_test'
+    database_name = 'montreal_retrofit_test'

    self.export_db_factory = CityExportFactory(db_name=database_name, app_env=environment,
                                               dotenv_path=dotenv_path)
--- a/hub_api/control/session.py
+++ b/hub_api/control/session.py
@ -22,7 +22,7 @@ class SessionStart(Resource, Config):
  def put(self):
    username = request.headers.get('username', None)
    password = request.headers.get('password', None)
-    application_uuid = request.headers.get('application_uuid', None)
+    application_uuid = request.headers.get('application-uuid', None)
    ip = request.remote_addr
    user_info = self.export_db_factory.user_login(name=username, password=password, application_uuid=application_uuid)
    if user_info:
--- a/hub_api/docs/openapi-specs.yml
+++ b/hub_api/docs/openapi-specs.yml
@ -9,7 +9,7 @@ externalDocs:
  description: Find out more about Swagger
  url: http://swagger.io
 paths:
-  /v1.4/uptime:
+  /api/v1.4/uptime:
    get:
      parameters:
        []
@ -25,7 +25,7 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/uptime'
-  /v1.4/session/start:
+  /api/v1.4/session/start:
    put:
      parameters:
        - in: header
@ -42,7 +42,7 @@ paths:
          required: true
          description: the password for the user accessing this API
        - in: header
-          name: application_uuid
+          name: application-uuid
          schema:
            type: string
          required: true
@ -50,7 +50,7 @@ paths:
      tags:
        - Session start
      summary: Starts an user session
-      operationId: session_start
+      operationId: session-start
      description: Authentication and initialization of a user session in the Api
      responses:
        '200':
@ -60,7 +60,7 @@ paths:
              schema:
                $ref: '#/components/schemas/login_succeed'
          headers:
-            session_id:
+            session-id:
              type: string
              format: uuid
              description: Session id
@ -76,12 +76,12 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/unauthorized'
-  /v1.4/session/keep_alive:
+  /api/v1.4/session/keep_alive:
    put:
      security:
-        - session_id: []
+        - session-id: []
        - token: []
-        - application_uuid: []
+        - application-uuid: []
      parameters:
        []
      tags:
@ -108,10 +108,10 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/unauthorized'
-  /v1.4/session/end:
+  /api/v1.4/session/end:
    put:
      security:
-        - session_id: []
+        - session-id: []
        - token: []
        - application_uuid: []
      parameters:
@ -140,10 +140,10 @@ paths:
            application/json:
              schema:
                $ref: '#/components/schemas/unauthorized'
-  /v1.4/buildings/meb:
+  /api/v1.4/buildings/meb:
    post:
      security:
-        - session_id: [ ]
+        - session-id: [ ]
        - token: [ ]
        - application_uuid: [ ]
      requestBody:
@ -220,14 +220,14 @@ paths:
                $ref: '#/components/schemas/unauthorized'
 components:
  securitySchemes:
-    session_id:
+    session-id:
      type: apiKey
      in: header
-      name: session_id
-    application_uuid:
+      name: session-id
+    application-uuid:
      type: apiKey
      in: header
-      name: application_uuid
+      name: application-uuid
    token:
      type: apiKey
      in: header
--- a/hub_api/geolocation/reverse.py
+++ b/hub_api/geolocation/reverse.py
@ -2,10 +2,11 @@ import json
 import math
 from pathlib import Path

-from flask import Response
+from flask import Response, request
 from flask.views import MethodView

 from hub_api.config import Config
+from hub_api.helpers.session_helper import refresh_session


 class Reverse(MethodView, Config):
@ -14,6 +15,13 @@ class Reverse(MethodView, Config):
    self._reverse_path = Path(Path(__file__).parent.parent / 'data/cities15000.txt').resolve()

  def get(self, latitude: float, longitude: float):
+    session_id = request.headers.get('session_id', None)
+    token = request.headers.get('token', None)
+    application_uuid = request.headers.get('application_uuid', None)
+    _session = refresh_session(session_id, token, application_uuid)
+    if _session is None:
+      return Response(json.dumps({'error': 'unauthorized'}), status=403)
+    token = {'token': _session['token']}
    latitude = float(latitude)
    longitude = float(longitude)
    distance = math.inf
@ -31,5 +39,5 @@ class Reverse(MethodView, Config):
          distance = new_distance
          country = file_country_code
          city = file_city_name
-    return Response(json.dumps({'country': country, 'city':city}), status=200)
+    return Response(json.dumps({'country': country, 'city':city}), status=200, headers=token)
Author	SHA1	Message	Date
guille	cc03524585	reintroduce security for reverse lockup	2023-04-13 09:44:37 -04:00
guille	8759a5cea3	Merge remote-tracking branch 'origin/server_instance' into server_instance	2023-04-12 15:27:55 -04:00
guille	ddb43aab23	Merge remote-tracking branch 'origin/main' into server_instance	2023-04-12 15:27:21 -04:00
cerc	94844a2f75	small corrections in configuration	2023-04-06 12:25:41 -04:00
cerc	7be95d7cc5	try to fix db connection	2023-04-03 14:51:21 -04:00
cerc	e7c49e7e25	specific changes for the servert	2023-03-30 12:45:46 -04:00