Saving my work

5 years ago · 262d32fea4
parent 59a05ca503
commit 262d32fea4
21 changed files with 298 additions and 52 deletions
--- a/casbin_api/api/auth/init.py
+++ b/casbin_api/api/auth/init.py
--- a/casbin_api/api/auth/manager.py
+++ b/casbin_api/api/auth/manager.py
@ -0,0 +1,76 @@
+from inspect import Parameter
+from typing import List
+from molten import BaseApp, HTTPError, HTTP_409, HTTP_404
+from sqlalchemy.orm import Session
+
+from casbin_api.manager import BaseManager
+from casbin_api.error import EntityNotFound
+from .model import User, UserModel
+
+
+class UserManager(BaseManager):
+    """A `TodoManager` is  accountable for the CRUD operations associated with a `Todo` instance"""
+
+    def schema_from_model(self, result: UserModel) -> User:
+        _user = User(
+            id=result.id,
+            href=self.app.reverse_uri("get_user_by_id", user_id=result.id),
+            createdDate=result.created_date,
+            modifiedDate=result.modified_date,
+            todo=result.todo,
+        )
+        return _user
+
+    def model_from_schema(self, user: User) -> UserModel:
+        _user_model = UserModel(user.email, user.passwd)
+        return _user_model
+
+    def get_todos(self) -> List[Todo]:
+        """Retrieves a list of `Todo` representations"""
+        results = self.session.query(TodoModel).order_by(TodoModel.id).all()
+        todos = [self.schema_from_model(result) for result in results]
+        return todos
+
+    def get_todo_by_id(self, id) -> Todo:
+        """Retrieves a `Todo` representation by id"""
+        result = self.session.query(TodoModel).filter_by(id=id).one_or_none()
+        if result is None:
+            raise EntityNotFound(f"Todo: {id} does not exist")
+        return self.schema_from_model(result)
+
+    def create_todo(self, todo: Todo) -> Todo:
+        """Creates a new `Todo` resource and returns its representation"""
+        todo_model = self.model_from_schema(todo)
+        self.session.add(todo_model)
+        self.session.flush()
+        return self.schema_from_model(todo_model)
+
+    def update_todo(self, todo_id: int, todo: Todo) -> Todo:
+        """Updates an existing `Todo` resource and returns its new representation"""
+        result = self.session.query(TodoModel).filter_by(id=todo_id).one_or_none()
+        if result is None:
+            raise EntityNotFound(f"Todo: {todo_id} does not exist")
+        updates = self.model_from_schema(todo)
+        updates.id = todo_id
+        self.session.merge(updates)
+        self.session.flush()
+        todo = self.schema_from_model(result)
+        return todo
+
+    def delete_todo(self, id):
+        """Deletes a `Todo` """
+        result = self.session.query(TodoModel).filter_by(id=id).one_or_none()
+        if result is not None:
+            self.session.delete(result)
+        return
+
+
+class TodoManagerComponent:
+    is_cacheable = True
+    is_singleton = False
+
+    def can_handle_parameter(self, parameter: Parameter) -> bool:
+        return parameter.annotation is TodoManager
+
+    def resolve(self, session: Session, app: BaseApp) -> TodoManager:  # type: ignore
+        return TodoManager(session, app)
--- a/casbin_api/api/auth/model.py
+++ b/casbin_api/api/auth/model.py
@ -0,0 +1,41 @@
+import bcrypt
+from typing import Optional
+from molten import schema, field
+from sqlalchemy import relationship, Column, Text, String, Boolean
+from casbin_api.db import Base, DBMixin
+from casbin_api.schema import Link
+
+BCRYPT_ROUNDS = 11
+
+
+@schema
+class AuthToken:
+    token: str = field(response_only=True)
+
+
+@schema
+class User:
+    id: int = field(response_only=True)
+    createdDate: str = field(response_only=True)
+    modifiedDate: str = field(response_only=True)
+    email: str
+    passwd: str = field(request_only=True)
+    href: Link = field(response_only=True)
+
+
+class UserModel(Base, DBMixin):
+    __tablename__ = "user_account"
+    email = Column(Text)
+    passwd = Column(String(255))
+    todos = relationship("TodoModel", back_populates="user")
+    is_active = Column(Boolean, default=True)
+    is_admin = Column(Boolean, default=False)
+
+    def __init__(self, email, passwd, is_admin=False):
+        self.email = email
+        self.passwd = bcrypt.hashpw(passwd.encode('utf-8', bcrypt.gensalt(BCRYPT_ROUNDS))).decode('utf-8')
+        self.is_admin = is_admin
+
+    def check_password(self, passwd):
+        """Checks provided password against saved password hash."""
+        return bcrypt.checkpw(passwd.encode('utf-8'), self.passwd.encode('utf-8'))
--- a/casbin_api/api/auth/view.py
+++ b/casbin_api/api/auth/view.py
@ -0,0 +1,41 @@
+from typing import List
+from molten import Route, Include, HTTP_201, HTTP_202, HTTPError, HTTP_404
+
+from casbin_api.schema import APIResponse
+from casbin_api.error import EntityNotFound
+from .model import User, AuthToken
+from .manager import UserManager
+
+
+def create_user(user: User, user_manager: UserManager) -> User:
+    _user = user_manager.create_user(user)
+    headers = {"Location": _user.href}
+    return HTTP_201, _user, headers
+
+
+def get_user_by_id(user_id: int, user_manager: UserManager) -> User:
+    try:
+        _user = user_manager.get_user_by_id(user_id)
+    except EntityNotFound as err:
+        raise HTTPError(HTTP_404, APIResponse(status=404, message=err.message))
+    return _user
+
+
+# Update user only if you are the user or you are admin
+def update_user(user_id: int, user: User, user_manager: UserManager) -> User:
+    return user_manager.update_todo(user_id, user)
+
+
+def login_user(user: User, user_manager: UserManager) -> AuthToken:
+    pass
+
+
+auth_routes = Include(
+    "/auth",
+    [
+        Route("/login", login_user, method="POST"),
+        Route("/register", create_user, method="POST"),
+        Route("/profile/{user_id}", get_user_by_id, method="GET"),
+        Route("/profile/{user_id}", update_user, method="PUT"),
+    ],
+)
--- a/casbin_api/api/todo/manager.py
+++ b/casbin_api/api/todo/manager.py
@ -18,15 +18,12 @@ class TodoManager(BaseManager):
            createdDate=result.created_date,
            modifiedDate=result.modified_date,
            todo=result.todo,
-            complete=result.complete
+            complete=result.complete,
        )
        return _todo

    def model_from_schema(self, todo: Todo) -> TodoModel:
-        _todo_model = TodoModel(
-            todo=todo.todo,
-            complete=todo.complete
-        )
+        _todo_model = TodoModel(todo=todo.todo, complete=todo.complete)
        return _todo_model

    def get_todos(self) -> List[Todo]:
--- a/casbin_api/api/todo/view.py
+++ b/casbin_api/api/todo/view.py
@ -29,10 +29,7 @@ def get_todo_by_id(todo_id: int, todo_manager: TodoManager) -> Todo:
    try:
        _todo = todo_manager.get_todo_by_id(todo_id)
    except EntityNotFound as err:
-        raise HTTPError(HTTP_404,
-                        APIResponse(status=404,
-                                    message=err.message)
-                        )
+        raise HTTPError(HTTP_404, APIResponse(status=404, message=err.message))
    return _todo


@ -40,10 +37,13 @@ def update_todo(todo_id: int, todo: Todo, todo_manager: TodoManager) -> Todo:
    return todo_manager.update_todo(todo_id, todo)


-todo_routes = Include("/todos", [
+todo_routes = Include(
+    "/todos",
+    [
        Route("", list_todos, method="GET"),
        Route("", create_todo, method="POST"),
        Route("/{todo_id}", delete_todo, method="DELETE"),
        Route("/{todo_id}", get_todo_by_id, method="GET"),
-    Route("/{todo_id}", update_todo, method="PATCH")
-])
+        Route("/{todo_id}", update_todo, method="PATCH"),
+    ],
+)
--- a/casbin_api/db.py
+++ b/casbin_api/db.py
@ -17,7 +17,7 @@ def pg_utcnow(element, compiler, **kw):
    return "TIMEZONE('utc', CURRENT_TIMESTAMP)"


-@compiles(CreateColumn, 'postgresql')
+@compiles(CreateColumn, "postgresql")
 def use_identity(element, compiler, **kw):
    text = compiler.visit_create_column(element, **kw)
    text = text.replace("SERIAL", "INT GENERATED BY DEFAULT AS IDENTITY")
--- a/casbin_api/index.py
+++ b/casbin_api/index.py
@ -3,9 +3,20 @@ from molten import App, Route, ResponseRendererMiddleware, Settings
 from molten.http import HTTP_404, Request
 from molten.openapi import Metadata, OpenAPIHandler, OpenAPIUIHandler
 from molten.settings import SettingsComponent
-from molten.contrib.sqlalchemy import SQLAlchemyMiddleware, SQLAlchemyEngineComponent, SQLAlchemySessionComponent
+from molten.contrib.sqlalchemy import (
+    SQLAlchemyMiddleware,
+    SQLAlchemyEngineComponent,
+    SQLAlchemySessionComponent,
+)
 from wsgicors import CORS
 from whitenoise import WhiteNoise
+from molten_jwt import (
+    JWT,
+    JWTIdentity,
+    JWTComponent,
+    JWTIdentityComponent,
+    JWTAuthMiddleware,
+)

 from .api.welcome import welcome
 from .api.todo import TodoManagerComponent, todo_routes
@ -18,20 +29,21 @@ get_schema = OpenAPIHandler(
    metadata=Metadata(
        title="casbin_api",
        description="A Molten web api with RBAC provided by pycasbin",
-        version="0.0.0"
+        version="0.0.0",
    )
 )

 get_docs = OpenAPIUIHandler()

 components = [
+    JWTIdentityComponent(),
    SettingsComponent(settings),
    SQLAlchemyEngineComponent(),
    SQLAlchemySessionComponent(),
    TodoManagerComponent(),
 ]

-middleware = [ResponseRendererMiddleware(), SQLAlchemyMiddleware()]
+middleware = [ResponseRendererMiddleware(), SQLAlchemyMiddleware(), JWTAuthMiddleware]

 renderers = [ExtJSONRenderer()]

@ -74,7 +86,7 @@ def create_app(_components=None, _middleware=None, _routes=None, _renderers=None
        components=_components or components,
        middleware=_middleware or middleware,
        routes=_routes or routes,
-        renderers=_renderers or renderers
+        renderers=_renderers or renderers,
    )
    wrapped_app = CORS(wrapped_app, **settings.strict_get("wsgicors"))
    wrapped_app = WhiteNoise(wrapped_app, **settings.strict_get("whitenoise"))
--- a/casbin_api/manager.py
+++ b/casbin_api/manager.py
@ -26,7 +26,6 @@ class BaseManager(metaclass=ABCMeta):
            HTTP_409,
            {
                "status": 409,
-                "message": f"Entity {self.__class__.__name__} with id: {id} already exists"
-            }
-
+                "message": f"Entity {self.__class__.__name__} with id: {id} already exists",
+            },
        )
--- a/manage.py
+++ b/manage.py
@ -47,7 +47,9 @@ def initdb():
    """
    Initialize database
    """
-    click.echo("This feature has been commented out. Please use alembic to manage your database initialization and changes.")
+    click.echo(
+        "This feature has been commented out. Please use alembic to manage your database initialization and changes."
+    )
    # from casbin_api.db import Base
    #
    # def _init(engine_data: EngineData):
--- a/migrations/env.py
+++ b/migrations/env.py
@ -1,7 +1,9 @@
 """isort:skip_file
 """
 import os
-import sys; sys.path.append(os.path.join(os.path.abspath(os.path.dirname(__file__)), ".."))  # noqa
+import sys
+
+sys.path.append(os.path.join(os.path.abspath(os.path.dirname(__file__)), ".."))  # noqa

 from alembic import context
 from casbin_api.index import create_app
--- a/migrations/versions/697808db5f01_initial_migration.py
+++ b/migrations/versions/697808db5f01_initial_migration.py
@ -10,7 +10,7 @@ import sqlalchemy as sa


 # revision identifiers, used by Alembic.
-revision = '697808db5f01'
+revision = "697808db5f01"
 down_revision = None
 branch_labels = None
 depends_on = None
@ -18,18 +18,29 @@ depends_on = None

 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
-    op.create_table('todo',
-    sa.Column('id', sa.BigInteger(), nullable=False),
-    sa.Column('created_date', sa.DateTime(timezone=True), server_default=sa.text("TIMEZONE('utc', CURRENT_TIMESTAMP)"), nullable=True),
-    sa.Column('modified_date', sa.DateTime(timezone=True), server_default=sa.text("TIMEZONE('utc', CURRENT_TIMESTAMP)"), nullable=True),
-    sa.Column('todo', sa.Text(), nullable=True),
-    sa.Column('complete', sa.Boolean(), nullable=True),
-    sa.PrimaryKeyConstraint('id')
+    op.create_table(
+        "todo",
+        sa.Column("id", sa.BigInteger(), nullable=False),
+        sa.Column(
+            "created_date",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("TIMEZONE('utc', CURRENT_TIMESTAMP)"),
+            nullable=True,
+        ),
+        sa.Column(
+            "modified_date",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("TIMEZONE('utc', CURRENT_TIMESTAMP)"),
+            nullable=True,
+        ),
+        sa.Column("todo", sa.Text(), nullable=True),
+        sa.Column("complete", sa.Boolean(), nullable=True),
+        sa.PrimaryKeyConstraint("id"),
    )
    # ### end Alembic commands ###


 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
-    op.drop_table('todo')
+    op.drop_table("todo")
    # ### end Alembic commands ###
--- a/requirements.in
+++ b/requirements.in
@ -1,3 +1,4 @@
+bcrypt
 click
 molten
 sqlalchemy
--- a/requirements.txt
+++ b/requirements.txt
@ -6,7 +6,8 @@
 #
 alembic==1.4.0
 authlib==0.12.1           # via molten-jwt
-cffi==1.14.0              # via cryptography
+bcrypt==3.1.7
+cffi==1.14.0              # via bcrypt, cryptography
 click==7.0
 cryptography==2.8         # via authlib
 mako==1.1.1               # via alembic
@ -18,7 +19,7 @@ psycopg2-binary==2.8.4
 pycparser==2.19           # via cffi
 python-dateutil==2.8.1    # via alembic
 python-editor==1.0.4      # via alembic
-six==1.14.0               # via cryptography, python-dateutil
+six==1.14.0               # via bcrypt, cryptography, python-dateutil
 sqlalchemy==1.3.13
 typing-extensions==3.7.4.1  # via molten, typing-inspect
 typing-inspect==0.5.0     # via molten
--- a/scripts/update_env.sh
+++ b/scripts/update_env.sh
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -7,12 +7,14 @@ from casbin_api.index import create_app


 def truncate_all_tables(session: Session):
-    table_names = session.execute("""
+    table_names = session.execute(
+        """
        select table_name from information_schema.tables
        where table_schema = 'public'
        and table_type = 'BASE TABLE'
        and table_name != 'alembic_version'
-    """)
+    """
+    )
    for (table_name,) in table_names:
        # "truncate" can deadlock so we use delete which is guaranteed not to.
        session.execute(f"delete from {table_name}")
@ -47,5 +49,7 @@ def load_component(app):
    def load(annotation):
        def loader(c: annotation):
            return c
+
        return app.injector.get_resolver().resolve(loader)()
+
    return load
--- a/tests/test_app_routes.py
+++ b/tests/test_app_routes.py
@ -16,8 +16,8 @@ def test_insert_todo(client):
    response = client.post("/todos", data=payload)
    content = response.json()
    assert response.status_code == 201
-    assert type(content['id']) == int
-    assert content['todo'] == payload['todo']
+    assert type(content["id"]) == int
+    assert content["todo"] == payload["todo"]


 def test_get_individual_todo_by_href(client):
@ -34,7 +34,9 @@ def test_update_todo(client):
    payload = {"todo": "sample app"}
    response = client.post("/todos", json=payload)
    todo = response.json()
-    update_response = client.patch("{}".format(todo.get("href")), json={"complete": True, "todo": "sample app"})
+    update_response = client.patch(
+        "{}".format(todo.get("href")), json={"complete": True, "todo": "sample app"}
+    )
    updated_todo = update_response.json()
    assert updated_todo["complete"] == True

--- a/tests/test_auth_routes.py
+++ b/tests/test_auth_routes.py
@ -0,0 +1,57 @@
+def test_token_route(client):
+    message = "welcome to casbin_api"
+    response = client.get("/")
+    content = response.json()
+    assert message == content.get("message")
+
+
+def test_empty_get_todos(client):
+    response = client.get("/todos")
+    assert response.status_code == 200
+    assert response.json() == []
+
+
+def test_insert_todo(client):
+    payload = {"todo": "walk the dog"}
+    response = client.post("/todos", data=payload)
+    content = response.json()
+    assert response.status_code == 201
+    assert type(content["id"]) == int
+    assert content["todo"] == payload["todo"]
+
+
+def test_get_individual_todo_by_href(client):
+    payload = {"todo": "my individual todo"}
+    response = client.post("/todos", data=payload)
+    content = response.json()
+    get_response = client.get(f"{content.get('href')}")
+    get_content = get_response.json()
+    assert get_response.status_code == 200
+    assert content == get_content
+
+
+def test_update_todo(client):
+    payload = {"todo": "sample app"}
+    response = client.post("/todos", json=payload)
+    todo = response.json()
+    update_response = client.patch(
+        "{}".format(todo.get("href")), json={"complete": True, "todo": "sample app"}
+    )
+    updated_todo = update_response.json()
+    assert updated_todo["complete"] == True
+
+
+def test_todo_not_found(client):
+    response = client.get("/todo/1111111")
+    content = response.json()
+    assert response.status_code == 404
+    assert content["status"] == 404
+    assert content["message"]
+
+
+def test_delete_todo(client):
+    payload = {"todo": "sample app"}
+    response = client.post("/todos", json=payload)
+    todo = response.json()
+    delete_response = client.delete(f"/todos/{todo.get('id')}")
+    assert delete_response.status_code == 202
--- a/tests/test_renders.py
+++ b/tests/test_renders.py
@ -11,5 +11,5 @@ def test_extended_encoder_date_parsing():

 def test_extended_encoder_decimal_casting():
    json_renderer = ExtJSONRenderer()
-    test_decimal = Decimal('1.0')
+    test_decimal = Decimal("1.0")
    assert 1.0 == json_renderer.default(test_decimal)