From d8bb637532685fb8c5d45263424f5d71bd6f2008 Mon Sep 17 00:00:00 2001 From: Lilia Kai Date: Thu, 21 Sep 2023 15:20:46 +0200 Subject: [PATCH 1/2] Add db task endpoint --- src/main.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main.py b/src/main.py index 6223887..0ed4a71 100644 --- a/src/main.py +++ b/src/main.py @@ -100,6 +100,10 @@ def archive_tasks(archive:schemas.ArchiveCreate, email = Depends(get_bearer_auth task = create_archive_task.delay(archive.json()) return JSONResponse({"id": task.id}) +@app.get("/archive/{task_id}") +def lookup(task_id, db: Session = Depends(get_db), email = Depends(get_bearer_auth)): + return crud.get_task(db, task_id) + @app.get("/tasks/{task_id}") def get_status(task_id, email = Depends(get_bearer_auth)): logger.info(f"status check for user {email} task {task_id}") From e3c128c4fd346ecd45876002cdb9d6f43ee13559 Mon Sep 17 00:00:00 2001 From: msramalho <19508417+msramalho@users.noreply.github.com> Date: Tue, 17 Oct 2023 16:08:35 +0100 Subject: [PATCH 2/2] adds access control to new endpoint --- src/db/crud.py | 13 +++++++------ src/main.py | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/db/crud.py b/src/db/crud.py index f4cac35..b3e444a 100644 --- a/src/db/crud.py +++ b/src/db/crud.py @@ -14,12 +14,13 @@ DOMAIN_GROUPS_LOADED = False # --------------- TASK = Archive -def get_task(db: Session, task_id: str): - return base_query(db).filter(models.Archive.id == task_id).first() - - -def get_tasks(db: Session, skip: int = 0, limit: int = 100): - return base_query(db).offset(skip).limit(limit).all() +def get_task(db: Session, task_id: str, email: str): + email = email.lower() + query = base_query(db).filter(models.Archive.id == task_id) + if email != ALLOW_ANY_EMAIL: + groups = get_user_groups(db, email) + query = query.filter(or_(models.Archive.public == True, models.Archive.author_id == email, models.Archive.group_id.in_(groups))) + return query.first() def search_tasks_by_url(db: Session, url: str, email: str, skip: int = 0, limit: int = 100, archived_after: datetime = None, archived_before: datetime = None): diff --git a/src/main.py b/src/main.py index 0ed4a71..ab8aeab 100644 --- a/src/main.py +++ b/src/main.py @@ -25,7 +25,7 @@ load_dotenv() # Configuration ALLOWED_ORIGINS = os.environ.get("ALLOWED_ORIGINS", "chrome-extension://ondkcheoicfckabcnkdgbepofpjmjcmb,chrome-extension://ojcimmjndnlmmlgnjaeojoebaceokpdp").split(",") -VERSION = "0.5.4" +VERSION = "0.5.5" # min-version refers to the version of auto-archiver-extension on the webstore BREAKING_CHANGES = {"minVersion": "0.3.1", "message": "The latest update has breaking changes, please update the extension to the most recent version."} @@ -101,8 +101,8 @@ def archive_tasks(archive:schemas.ArchiveCreate, email = Depends(get_bearer_auth return JSONResponse({"id": task.id}) @app.get("/archive/{task_id}") -def lookup(task_id, db: Session = Depends(get_db), email = Depends(get_bearer_auth)): - return crud.get_task(db, task_id) +def lookup(task_id, db: Session = Depends(get_db), email = Depends(get_bearer_auth_token_or_jwt)): + return crud.get_task(db, task_id, email) @app.get("/tasks/{task_id}") def get_status(task_id, email = Depends(get_bearer_auth)):