From 7c7dbae05a8ba27d42935467759c8e81e411d5a2 Mon Sep 17 00:00:00 2001 From: Peter Stockings Date: Thu, 21 Dec 2023 14:03:25 +1100 Subject: [PATCH] Add option to make http functions private (Require authentication, currently just redirects to login page; Should look into cookie + JWT + api key) --- app.py | 20 +++++++++--- db.py | 18 +++++++---- services.py | 3 +- templates/dashboard/http_functions/edit.html | 3 +- templates/dashboard/http_functions/new.html | 3 +- templates/function_editor.html | 32 ++++++++++++++++++-- 6 files changed, 64 insertions(+), 15 deletions(-) diff --git a/app.py b/app.py index 0be527b..aec324b 100644 --- a/app.py +++ b/app.py @@ -106,7 +106,7 @@ def dashboard_http_functions(): @ app.route("/dashboard/http_functions/add_form", methods=["GET"]) @login_required def get_http_function_add_form(): - return render_template("dashboard/http_functions/new.html", name=DEFAULT_FUNCTION_NAME, script=DEFAULT_SCRIPT, environment_info=DEFAULT_ENVIRONMENT) + return render_template("dashboard/http_functions/new.html", name=DEFAULT_FUNCTION_NAME, script=DEFAULT_SCRIPT, environment_info=DEFAULT_ENVIRONMENT, is_public=False) @ app.route("/dashboard/http_functions/create", methods=["POST"]) @login_required @@ -116,8 +116,9 @@ def create_http_function(): name = request.json.get('name') script_content = request.json.get('script_content') environment_info = json.dumps(eval(request.json.get('environment_info'))) + is_public = request.json.get('is_public') - db.create_new_http_function(user_id, name, script_content, environment_info) + db.create_new_http_function(user_id, name, script_content, environment_info, is_public) http_functions = db.get_http_functions_for_user(user_id) http_functions = create_http_functions_view_model(http_functions) @@ -136,7 +137,8 @@ def get_http_function_edit_form(): return jsonify({'error': 'Function not found'}), 404 script = http_function['script_content'] environment_info = json.dumps(http_function['environment_info'], indent=2) - return render_template("dashboard/http_functions/edit.html", user_id=user_id, name=name, script=script, environment_info=environment_info) + is_public = http_function['is_public'] + return render_template("dashboard/http_functions/edit.html", user_id=user_id, name=name, script=script, environment_info=environment_info, is_public=is_public) @ app.route("/dashboard/http_functions/edit", methods=["POST"]) @login_required @@ -146,8 +148,9 @@ def edit_http_function(): name = request.json.get('name') script_content = request.json.get('script_content') environment_info = json.dumps(eval(request.json.get('environment_info'))) + is_public = request.json.get('is_public') - db.edit_http_function(user_id, name, script_content, environment_info) + db.edit_http_function(user_id, name, script_content, environment_info, is_public) return { "status": "success", "message": f'{name} updated' } except Exception as e: print(e) @@ -227,6 +230,15 @@ def execute_http_function(user_id, function): code = http_function['script_content'] environment = http_function['environment_info'] + is_public = http_function['is_public'] + + # Check if the function is public, if not check if the user is authenticated and owns the function + if not is_public: + if not current_user.is_authenticated: + return login_manager.unauthorized() + + if int(current_user.id) != user_id: + return jsonify({'error': 'Function belongs to another user', 'current_user_id': current_user.id, 'user_id': user_id}), 404 request_data = { 'method': request.method, diff --git a/db.py b/db.py index 9d3385f..2f8d42e 100644 --- a/db.py +++ b/db.py @@ -49,21 +49,27 @@ class DataBase(): def get_http_functions_for_user(self, user_id): http_functions = self.execute( - 'SELECT id, user_id, NAME, script_content, invoked_count, environment_info FROM http_functions WHERE user_id=%s ORDER by id DESC', [user_id]) + 'SELECT id, user_id, NAME, script_content, invoked_count, environment_info, is_public FROM http_functions WHERE user_id=%s ORDER by id DESC', [user_id]) return http_functions def get_http_function(self, user_id, name): http_function = self.execute( - 'SELECT id, user_id, NAME, script_content, invoked_count, environment_info FROM http_functions WHERE user_id=%s AND NAME=%s', [user_id, name], one=True) + 'SELECT id, user_id, NAME, script_content, invoked_count, environment_info, is_public FROM http_functions WHERE user_id=%s AND NAME=%s', [user_id, name], one=True) return http_function - def create_new_http_function(self, user_id, name, script_content, environment_info): + def create_new_http_function(self, user_id, name, script_content, environment_info, is_public=False): self.execute( - 'INSERT INTO http_functions (user_id, NAME, script_content, environment_info) VALUES (%s, %s, %s, %s)', [user_id, name, script_content, environment_info], commit=True) + 'INSERT INTO http_functions (user_id, NAME, script_content, environment_info, is_public) VALUES (%s, %s, %s, %s, %s)', + [user_id, name, script_content, environment_info, is_public], + commit=True + ) - def edit_http_function(self, user_id, name, script_content, environment_info): + def edit_http_function(self, user_id, name, script_content, environment_info, is_public): self.execute( - 'UPDATE http_functions SET script_content=%s, environment_info=%s WHERE user_id=%s AND NAME=%s', [script_content, environment_info, user_id, name], commit=True) + 'UPDATE http_functions SET script_content=%s, environment_info=%s, is_public=%s WHERE user_id=%s AND NAME=%s', + [script_content, environment_info, is_public, user_id, name], + commit=True + ) def update_http_function_environment_info_and_invoked_count(self, user_id, name, environment_info): self.execute( diff --git a/services.py b/services.py index 8359a88..4b363fe 100644 --- a/services.py +++ b/services.py @@ -5,7 +5,8 @@ def create_http_function_view_model(http_function): "name": http_function['name'], "script_content": http_function['script_content'], "invoked_count": http_function['invoked_count'], - "environment_info": http_function['environment_info'] + "environment_info": http_function['environment_info'], + "is_public": http_function['is_public'] } return function_view_model diff --git a/templates/dashboard/http_functions/edit.html b/templates/dashboard/http_functions/edit.html index eac4844..232bbe7 100644 --- a/templates/dashboard/http_functions/edit.html +++ b/templates/dashboard/http_functions/edit.html @@ -42,4 +42,5 @@ -{{ render_partial('function_editor.html', name=name, script=script, environment_info=environment_info, is_edit=True) }} \ No newline at end of file +{{ render_partial('function_editor.html', name=name, script=script, environment_info=environment_info, +is_public=is_public, is_edit=True) }} \ No newline at end of file diff --git a/templates/dashboard/http_functions/new.html b/templates/dashboard/http_functions/new.html index d7cacbb..e5b678b 100644 --- a/templates/dashboard/http_functions/new.html +++ b/templates/dashboard/http_functions/new.html @@ -8,4 +8,5 @@ -{{ render_partial('function_editor.html', name=name, script=script, environment_info=environment_info, is_add=True) }} \ No newline at end of file +{{ render_partial('function_editor.html', name=name, script=script, environment_info=environment_info, +is_public=is_public, is_add=True) }} \ No newline at end of file diff --git a/templates/function_editor.html b/templates/function_editor.html index 085115d..26f2c77 100644 --- a/templates/function_editor.html +++ b/templates/function_editor.html @@ -141,6 +141,32 @@ editor_environment.session.setMode("ace/mode/json"); + {% if is_add|default(false, true) or is_edit|default(false, true) %} +
+ +
+ + +
+ +
+ {% endif %} +
{% if is_edit|default(false, true) %}