Refactor client view
This commit is contained in:
@ -3,15 +3,27 @@
|
||||
import re
|
||||
import uuid
|
||||
import bcrypt
|
||||
from dataclasses import dataclass, field
|
||||
from sqlalchemy import Select
|
||||
from sqlalchemy.orm import selectinload
|
||||
|
||||
from sqlalchemy.future import select
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from sshecret_backend.models import Client
|
||||
from sshecret_backend.models import Client, ClientAccessPolicy
|
||||
|
||||
RE_UUID = re.compile(
|
||||
"^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$"
|
||||
)
|
||||
|
||||
|
||||
@dataclass
|
||||
class NewClientVersion:
|
||||
"""New client version dataclass."""
|
||||
|
||||
client: Client
|
||||
policies: list[ClientAccessPolicy] = field(default_factory=list)
|
||||
|
||||
RE_UUID = re.compile("^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$")
|
||||
|
||||
def verify_token(token: str, stored_hash: str) -> bool:
|
||||
"""Verify token."""
|
||||
@ -19,12 +31,19 @@ def verify_token(token: str, stored_hash: str) -> bool:
|
||||
stored_bytes = stored_hash.encode("utf-8")
|
||||
return bcrypt.checkpw(token_bytes, stored_bytes)
|
||||
|
||||
async def reload_client_with_relationships(session: AsyncSession, client: Client) -> Client:
|
||||
|
||||
async def reload_client_with_relationships(
|
||||
session: AsyncSession, client: Client
|
||||
) -> Client:
|
||||
"""Reload a client from the database."""
|
||||
session.expunge(client)
|
||||
stmt = (
|
||||
select(Client)
|
||||
.options(selectinload(Client.policies), selectinload(Client.secrets))
|
||||
.options(
|
||||
selectinload(Client.policies),
|
||||
selectinload(Client.secrets),
|
||||
selectinload(Client.previous_version),
|
||||
)
|
||||
.where(Client.id == client.id)
|
||||
)
|
||||
result = await session.execute(stmt)
|
||||
@ -36,13 +55,26 @@ def client_with_relationships() -> Select[tuple[Client]]:
|
||||
return select(Client).options(
|
||||
selectinload(Client.secrets),
|
||||
selectinload(Client.policies),
|
||||
selectinload(Client.previous_version),
|
||||
)
|
||||
|
||||
async def get_client_by_name(session: AsyncSession, name: str) -> Client | None:
|
||||
"""Get client by name."""
|
||||
client_filter = client_with_relationships().where(Client.name == name)
|
||||
client_results = await session.execute(client_filter)
|
||||
return client_results.scalars().first()
|
||||
|
||||
async def resolve_client_id(
|
||||
session: AsyncSession, name: str, version: int | None = None, include_deleted: bool = False,
|
||||
) -> uuid.UUID | None:
|
||||
"""Get the ID of a client name."""
|
||||
if include_deleted:
|
||||
client_filter = client_with_relationships().where(Client.name == name)
|
||||
else:
|
||||
client_filter = query_active_clients().where(Client.name == name)
|
||||
if version:
|
||||
client_filter = client_filter.where(Client.version == version)
|
||||
|
||||
client_result = await session.execute(client_filter)
|
||||
if client := client_result.scalars().first():
|
||||
return client.id
|
||||
return None
|
||||
|
||||
|
||||
async def get_client_by_id(session: AsyncSession, id: uuid.UUID) -> Client | None:
|
||||
"""Get client by ID."""
|
||||
@ -50,10 +82,75 @@ async def get_client_by_id(session: AsyncSession, id: uuid.UUID) -> Client | Non
|
||||
client_results = await session.execute(client_filter)
|
||||
return client_results.scalars().first()
|
||||
|
||||
async def get_client_by_id_or_name(session: AsyncSession, id_or_name: str) -> Client | None:
|
||||
|
||||
async def get_client_by_id_or_name(
|
||||
session: AsyncSession, id_or_name: str
|
||||
) -> Client | None:
|
||||
"""Get client either by id or name."""
|
||||
if RE_UUID.match(id_or_name):
|
||||
id = uuid.UUID(id_or_name)
|
||||
return await get_client_by_id(session, id)
|
||||
|
||||
return await get_client_by_name(session, id_or_name)
|
||||
|
||||
|
||||
def query_active_clients() -> Select[tuple[Client]]:
|
||||
"""Get all active clients."""
|
||||
client_filter = (
|
||||
client_with_relationships()
|
||||
.where(Client.is_active.is_(True))
|
||||
.where(Client.is_deleted.is_(False))
|
||||
)
|
||||
return client_filter
|
||||
|
||||
|
||||
async def get_client_by_name(session: AsyncSession, name: str) -> Client | None:
|
||||
"""Get client by name.
|
||||
|
||||
This will get the latest client version, unless it's deleted.
|
||||
"""
|
||||
client_filter = (
|
||||
client_with_relationships()
|
||||
.where(Client.is_active.is_(True))
|
||||
.where(Client.is_deleted.is_not(True))
|
||||
.where(Client.name == name)
|
||||
.order_by(Client.version.desc())
|
||||
)
|
||||
client_result = await session.execute(client_filter)
|
||||
return client_result.scalars().first()
|
||||
|
||||
|
||||
async def refresh_client(session: AsyncSession, client: Client) -> None:
|
||||
"""Refresh the client and load in all relationships."""
|
||||
await session.refresh(
|
||||
client, attribute_names=["secrets", "policies", "previous_version", "updated_at"]
|
||||
)
|
||||
|
||||
|
||||
async def create_new_client_version(
|
||||
session: AsyncSession, current_client: Client, new_public_key: str
|
||||
) -> Client:
|
||||
new_client = Client(
|
||||
name=current_client.name,
|
||||
version=current_client.version + 1,
|
||||
description=current_client.description,
|
||||
public_key=new_public_key,
|
||||
previous_version_id=current_client.id,
|
||||
is_active=True,
|
||||
)
|
||||
|
||||
# Mark current client as inactive
|
||||
current_client.is_active = False
|
||||
|
||||
# Copy policies
|
||||
for policy in current_client.policies:
|
||||
copied_policy = ClientAccessPolicy(
|
||||
client=new_client,
|
||||
address=policy.source,
|
||||
)
|
||||
session.add(copied_policy)
|
||||
|
||||
session.add(new_client)
|
||||
await session.flush()
|
||||
await refresh_client(session, new_client)
|
||||
return new_client
|
||||
|
||||
Reference in New Issue
Block a user