bellingcat/auto-archiver-api
1
0
Fork 0
mirror of https://github.com/bellingcat/auto-archiver-api.git synced 2026-06-12 05:28:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

introduces user.read_public drops unused endpoints

Browse Source
This commit is contained in:
msramalho
2025-02-04 15:40:20 +00:00
parent 7f5211f0ca
commit 809438fbb9
10 changed files with 61 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/endpoints/url.py
View File

@@ -4,11 +4,13 @@ from fastapi.responses import JSONResponse
from datetime import datetime
from loguru import logger
from web.security import get_user_auth, get_token_or_user_auth
from core.config import ALLOW_ANY_EMAIL
from db.user_state import UserState
from web.security import get_token_or_user_auth, get_user_state
from sqlalchemy.orm import Session
from db import crud, schemas
from db.database import get_db, get_db_dependency
from db.database import get_db_dependency
from worker.main import create_archive_task
@@ -18,16 +20,19 @@ url_router = APIRouter(prefix="/url", tags=["Single URL operations"])
@url_router.post("/archive", status_code=201, summary="Submit a single URL archive request, starts an archiving task.", response_description="task_id for the archiving task, will match the archive id.")
def archive_url(
archive: schemas.ArchiveTrigger,
email=Depends(get_token_or_user_auth)
email=Depends(get_token_or_user_auth),
db: Session = Depends(get_db_dependency)
) -> schemas.Task:
logger.info(f"new {archive.public=} task for {email=} and {archive.group_id=}: {archive.url}")
# TODO: implement quota
if archive.group_id:
with get_db() as db:
if not crud.is_user_in_group(db, email, archive.group_id):
raise HTTPException(status_code=403, detail="User does not have access to this group.")
if email != ALLOW_ANY_EMAIL:
user = UserState(db, email)
if not user.has_quota_max_monthly_urls():
raise HTTPException(status_code=429, detail="User has reached their monthly URL quota.")
if not user.has_quota_max_monthly_mbs():
raise HTTPException(status_code=429, detail="User has reached their monthly MB quota.")
if archive.group_id and not user.in_group(archive.group_id):
raise HTTPException(status_code=403, detail="User does not have access to this group.")
# TODO: deprecate ArchiveCreate
backwards_compatible_archive = schemas.ArchiveCreate(
@@ -47,28 +52,25 @@ def search_by_url(
url: str, skip: int = 0, limit: int = 25,
archived_after: datetime = None, archived_before: datetime = None,
db: Session = Depends(get_db_dependency),
email=Depends(get_token_or_user_auth)
email: str = Depends(get_token_or_user_auth)
) -> list[schemas.ArchiveResult]:
if email != ALLOW_ANY_EMAIL:
user = UserState(db, email)
if not user.read and not user.read_public:
raise HTTPException(status_code=403, detail="User does not have read access.")
return crud.search_archives_by_url(db, url.strip(), email, skip=skip, limit=limit, archived_after=archived_after, archived_before=archived_before)
@url_router.get("/latest", summary="Fetch latest URL archives for the authenticated user.")
def latest(skip: int = 0, limit: int = 25, db: Session = Depends(get_db_dependency), email=Depends(get_user_auth)) -> list[schemas.ArchiveResult]:
return crud.search_archives_by_email(db, email, skip=skip, limit=limit)
# TODO: find out where/if this is used, tests are also disabled
# @url_router.get("/{id}", summary="Fetch a single URL archive by the associated id.")
# def lookup(id, db: Session = Depends(get_db_dependency), email=Depends(get_token_or_user_auth)) -> schemas.ArchiveResult:
# archive = crud.get_archive(db, id, email)
# if archive is None:
# raise HTTPException(status_code=404, detail="Archive not found")
# return archive
@url_router.delete("/{id}", summary="Delete a single URL archive by id.")
def delete_task(id, db: Session = Depends(get_db_dependency), email=Depends(get_user_auth)) -> schemas.TaskDelete:
logger.info(f"deleting url archive task {id} request by {email}")
def delete_task(
id:str,
user: UserState = Depends(get_user_state),
db: Session = Depends(get_db_dependency)
) -> schemas.TaskDelete:
logger.info(f"deleting url archive task {id} request by {user.email}")
return JSONResponse({
"id": id,
"deleted": crud.soft_delete_task(db, id, email)
"deleted": crud.soft_delete_task(db, id, user.email)
})