Commit ccf54733 authored by adietmue's avatar adietmue
Browse files

Backend/Fixes: Add cors support, fix api login errors

parent f4bad8ac
...@@ -18,7 +18,6 @@ The important bits are: ...@@ -18,7 +18,6 @@ The important bits are:
""" """
from functools import wraps from functools import wraps
import json
import requests import requests
from eve.auth import TokenAuth from eve.auth import TokenAuth
from flask import g, current_app, abort from flask import g, current_app, abort
...@@ -26,14 +25,11 @@ from flask import g, current_app, abort ...@@ -26,14 +25,11 @@ from flask import g, current_app, abort
# Requests to AMIVAPI # Requests to AMIVAPI
def api_get(resource, where, projection): def api_get(endpoint, **params):
"""Format and send a GET request to AMIVAPI. Return json data or None.""" """Format and send a GET request to AMIVAPI. Return json data or None."""
url = requests.compat.urljoin(current_app.config['AMIVAPI_URL'], resource) url = requests.compat.urljoin(current_app.config['AMIVAPI_URL'], endpoint)
headers = {'Authorization': "Token %s" % g.token} headers = {'Authorization': "Token %s" % g.token}
params = {
'where': json.dumps(where),
'projection': json.dumps(projection)
}
response = requests.get(url, params=params, headers=headers) response = requests.get(url, params=params, headers=headers)
if response.status_code == 200: if response.status_code == 200:
return response.json() return response.json()
...@@ -46,6 +42,7 @@ def request_cache(key): ...@@ -46,6 +42,7 @@ def request_cache(key):
def _wrapper(*args, **kwargs): def _wrapper(*args, **kwargs):
try: try:
# If the value is already in g, don't call function # If the value is already in g, don't call function
print(key, getattr(g, key))
return getattr(g, key) return getattr(g, key)
except AttributeError: except AttributeError:
setattr(g, key, function(*args, **kwargs)) setattr(g, key, function(*args, **kwargs))
...@@ -57,7 +54,11 @@ def request_cache(key): ...@@ -57,7 +54,11 @@ def request_cache(key):
@request_cache('user') @request_cache('user')
def get_user(): def get_user():
"""Return user id if the token is valid, None otherwise.""" """Return user id if the token is valid, None otherwise."""
response = api_get('sessions', {'token': g.get('token', '')}, {'user': 1}) response = api_get(
'sessions',
where={'token': g.get('token', '')},
projection={'user': 1}
)
if response: if response:
return response['_items'][0]['user'] return response['_items'][0]['user']
...@@ -66,7 +67,7 @@ def get_user(): ...@@ -66,7 +67,7 @@ def get_user():
def get_nethz(): def get_nethz():
"""Return nethz of current user.""" """Return nethz of current user."""
if get_user() is not None: if get_user() is not None:
response = api_get('users/%s' % get_user(), {}, {'nethz': 1}) response = api_get('users', projection={'nethz': 1})
return response.get('nethz') return response.get('nethz')
...@@ -80,15 +81,20 @@ def is_admin(): ...@@ -80,15 +81,20 @@ def is_admin():
user_id = get_user() user_id = get_user()
if user_id is not None: if user_id is not None:
# Find Group with correct name, return list of members # Find Group with correct name, return list of members
groups = api_get('groups', groups = api_get(
{'name': current_app.config['ADMIN_GROUP_NAME']}, 'groups',
{'_id': 1}) where={'name': current_app.config['ADMIN_GROUP_NAME']},
projection={'_id': 1}
)
if groups: if groups:
print(groups)
group_id = groups['_items'][0]['_id'] group_id = groups['_items'][0]['_id']
membership = api_get('groupmemberships', membership = api_get(
{'user': user_id, 'group': group_id}, 'groupmemberships',
{'_id': 1}) where={'user': user_id, 'group': group_id},
projection={'_id': 1}
)
return bool(membership and membership['_items']) return bool(membership and membership['_items'])
......
...@@ -11,6 +11,12 @@ schema directly. ...@@ -11,6 +11,12 @@ schema directly.
from os import environ from os import environ
# prefix everything with /api
URL_PREFIX = 'api'
# CORS
X_DOMAINS = '*'
X_HEADERS = ['Authorization', 'If-Match', 'If-Modified-Since', 'Content-Type']
# AMIVAPI URL and Admin Group # AMIVAPI URL and Admin Group
AMIVAPI_URL = "https://amiv-api.ethz.ch" AMIVAPI_URL = "https://amiv-api.ethz.ch"
......
...@@ -20,6 +20,7 @@ from app import create_app ...@@ -20,6 +20,7 @@ from app import create_app
TEST_SETTINGS = { TEST_SETTINGS = {
'URL_PREFIX': '', # remove prefix to avoid typing /api/ everywhere
'MONGO_DBNAME': 'pvk_test', 'MONGO_DBNAME': 'pvk_test',
'MONGO_USERNAME': 'pvk_user', 'MONGO_USERNAME': 'pvk_user',
'MONGO_PASSWORD': 'pvk_pass', 'MONGO_PASSWORD': 'pvk_pass',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment