Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 5dc6d077

Přidáno uživatelem Matěj Zeman před asi 2 roky(ů)

security fix for all endpoints. Added view for Licenses and html template on "/" with information about server endpoints.

Zobrazit rozdíly:

server/sql_app/api/devices_web.py
87 87 

  		




  88
  88
  
    

  		




  89
  89
  
    
@device_web.get("/device-license/{device_id}", response_class=HTMLResponse)


  		




  90
  
  
    
async def connect_dev_lic(request: Request, device_id: int, db: Session = Depends(get_db)):


  		




  
  90
  
    
async def connect_dev_lic(request: Request, device_id: int, db: Session = Depends(get_db),


  		




  
  91
  
    
                          Authorize: AuthJWT = Depends()):


  		




  91
  92
  
    
    """


  		




  92
  93
  
    
    Returns template with one device and all available licenses that can be assigned to it.


  		




  93
  94
  
    
    """


  		




  
  95
  
    
    Authorize.jwt_optional()


  		




  
  96
  
    
    current_user = Authorize.get_jwt_subject()


  		




  
  97
  
    
    if current_user != "admin":


  		




  
  98
  
    
        return RedirectResponse(url=f"/logs-web", status_code=303)


  		




  94
  99
  
    
    device = crud.get_device(db, device_id)


  		




  95
  100
  
    
    dev_licenses = crud.get_device_licenses(db, device_id)


  		




  96
  101
  
    
    lic_names = []


  		




  ......




  109
  114
  
    

  		




  110
  115
  
    

  		




  111
  116
  
    
@device_web.post("/devices-web/{device_id}")


  		




  112
  
  
    
async def connect_post(device_id: int, lic: str = Form(...), db: Session = Depends(get_db)):


  		




  
  117
  
    
async def connect_post(device_id: int, lic: str = Form(...), db: Session = Depends(get_db),


  		




  
  118
  
    
                       Authorize: AuthJWT = Depends()):


  		




  113
  119
  
    
    """


  		




  114
  120
  
    
    Endpoint called from template for connecting device with license. Adds entry to devices_licenses


  		




  115
  121
  
    
    table and redirects to devices-web endpoint


  		




  116
  122
  
    
    """


  		




  
  123
  
    
    Authorize.jwt_optional()


  		




  
  124
  
    
    current_user = Authorize.get_jwt_subject()


  		




  
  125
  
    
    if current_user != "admin":


  		




  
  126
  
    
        return RedirectResponse(url=f"/logs-web", status_code=303)


  		




  117
  127
  
    
    crud.create_device_license(db, device_id, int(lic), datetime.now())


  		




  118
  128
  
    
    return RedirectResponse(url=f"/devices-web", status_code=303)


  		




  119
  129
  
    

  		




  120
  130
  
    

  		




  121
  131
  
    
@device_web.post("/devices-web-del/{device_id}")


  		




  122
  
  
    
async def delete_post(device_id: int, lic_del: str = Form(...), db: Session = Depends(get_db)):


  		




  
  132
  
    
async def delete_post(device_id: int, lic_del: str = Form(...), db: Session = Depends(get_db),


  		




  
  133
  
    
                      Authorize: AuthJWT = Depends()):


  		




  123
  134
  
    
    """


  		




  124
  135
  
    
    Endpoint called from template for deleting device-license connection. Adds entry to bodydevices_licenses


  		




  125
  136
  
    
    table and redirects to devices-web endpoint


  		




  126
  137
  
    
    """


  		




  
  138
  
    
    Authorize.jwt_optional()


  		




  
  139
  
    
    current_user = Authorize.get_jwt_subject()


  		




  
  140
  
    
    if current_user != "admin":


  		




  
  141
  
    
        return RedirectResponse(url=f"/logs-web", status_code=303)


  		




  127
  142
  
    
    crud.delete_device_license(db, device_id, int(lic_del))


  		




  128
  143
  
    
    return RedirectResponse(url=f"/devices-web", status_code=303)


  		












Také k dispozici:  Unified diff