async def update( zone_id: int, form: ZoneCreateForm, zone_repo: ZoneRepo = Depends(ZoneRepo()), dns_server_repo: DnsServerRepo = Depends(DnsServerRepo()), http_server_repo: DnsServerRepo = Depends(HttpServerRepo()), token: TokenPayload = Depends(ScopedTo("zone:update")), includes: List[str] = Query(None), ): data = only(dict(form), ["ip", "domain"]) if "domain" in data: data["domain"] = data["domain"].lower() existing_domain = zone_repo.first(domain=data["domain"]).results() if existing_domain and existing_domain.id != zone_id: abort_for_input("domain", "A Zone with that domain already exists") zone_repo.clear() if form.dns_server_id is not None: if form.dns_server_id is 0: data["dns_server_id"] = None elif dns_server_repo.exists(id=form.dns_server_id): dns_server = dns_server_repo.results() data["dns_server"] = dns_server if form.http_server_id is not None: if form.http_server_id is 0: data["http_server_id"] = None elif http_server_repo.exists(id=form.http_server_id): http_server = http_server_repo.results() data["http_server"] = http_server zone = (zone_repo.loads(includes).get_or_fail(zone_id).update( data).includes(includes).data()) return ZoneResponse(zone=zone)
async def store( form: ZoneCreateForm, zone_repo: ZoneRepo = Depends(ZoneRepo()), dns_server_repo: DnsServerRepo = Depends(DnsServerRepo()), http_server_repo: HttpServerRepo = Depends(HttpServerRepo()), token: TokenPayload = Depends(ScopedTo("zone:create")), ): data = only(dict(form), ["ip", "domain"]) data["domain"] = data["domain"].lower() # Make sure domain is unique if zone_repo.exists(domain=data["domain"]): abort_for_input("domain", "A Zone with that domain already exists") zone_repo.clear() if form.dns_server_id: if dns_server_repo.exists(id=form.dns_server_id): data["dns_server_id"] = dns_server_repo.results().id if form.http_server_id: if http_server_repo.exists(id=form.http_server_id): data["http_server_id"] = http_server_repo.results().id zone = zone_repo.create(data).data() return ZoneResponse(zone=zone)
async def store( form: DnsRequestCreateForm, dns_request_repo: DnsRequestRepo = Depends(DnsRequestRepo()), zone_repo: ZoneRepo = Depends(ZoneRepo()), dns_server_repo: DnsServerRepo = Depends(DnsServerRepo()), token: str = Depends(ScopedTo("dns-request:create")), ): dns_server_id = ( dns_server_repo.first_or_fail(name=form.dns_server_name.lower()).results().id ) zone = ( zone_repo.filter(literal(form.name.lower()).contains(zone_repo.label("domain"))) .first() .results() ) zone_id = zone.id if zone else None data = only( dict(form), ["name", "source_address", "source_port", "type", "protocol", "raw_request"], ) data["name"] = data["name"].lower() data["type"] = data["type"].upper() data["dns_server_id"] = dns_server_id data["zone_id"] = zone_id logger.info("[email protected] - Creating DNS Request") dns_request = dns_request_repo.create(data).data() return DnsRequestResponse(dns_request=dns_request)
async def index( http_server: str, sort_qs: SortQS = Depends(SortQS), search: str = Query(None), pagination: PaginationQS = Depends(PaginationQS), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("zone:list")), includes: List[str] = Query(None), ): includes = only(includes, ["http_records"], values=True) # Support ability to either submit http_server.name or http_server.id as http_server_id zone_http_server_id_label = zone_repo.label("http_server_id") try: http_server = int(http_server) label = zone_http_server_id_label except ValueError: label = zone_repo.label("http_server.name") pg, items = (zone_repo.search(search).loads(includes).filter_or( label == http_server, zone_http_server_id_label.is_(None)).sort( sort_qs).paginate(pagination).includes(includes).data()) return ZonesResponse(pagination=pg, zones=items)
async def show( http_server: str, http_server_repo: HttpServerRepo = Depends(HttpServerRepo()), token: TokenPayload = Depends(ScopedTo("http-server:show")), includes: List[str] = Query(None), ): includes = only(includes, ["zones"], values=True) http_server_id_label = http_server_repo.label("id") try: http_server = int(http_server) label = http_server_id_label except ValueError: label = http_server_repo.label("name") # TODO: is this vulnerable to sql injection? item = ( http_server_repo.loads(includes) .filter(label == http_server) .first_or_fail() .includes(includes) .data() ) return HttpServerResponse(http_server=item)
async def update( user_id: int, form: UserEditForm, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends( ScopedTo("user:update", "super", satisfy="one")), ): email = getattr(form, "email", None) if email: for u in user_repo.new().all().results(): print("USER:"******"Invalid Email Address", code=422, field="email") data = only(form, ["email", "is_active", "is_superuser"]) if getattr(form, "password", None): data["hashed_password"] = hash_password(form.password) item = user_repo.new().get_or_fail(user_id).update(data).data() return UserResponse(user=item)
async def update( http_server: str, form: HttpServerCreateForm, http_server_repo: HttpServerRepo = Depends(HttpServerRepo()), token: TokenPayload = Depends(ScopedTo("http-server:update")), ): data = only(dict(form), ["name"]) data["name"] = data["name"].lower() http_server_id_label = http_server_repo.label("id") try: http_server = int(http_server) label = http_server_id_label except ValueError: label = http_server_repo.label("name") # TODO: is this vulnerable to sql injection? item = ( http_server_repo.filter(label == http_server) .first_or_fail() .update(data) .data() ) return HttpServerResponse(http_server=item)
async def show( user_id: int, user_repo: UserRepo = Depends(UserRepo()), token: TokenPayload = Depends(ScopedTo("user:show", "super")), includes: List[str] = Query(None), ): includes = only(includes, [], values=True) item = user_repo.loads(includes).get_or_fail(user_id).includes( includes).data() return UserResponse(user=item)
async def show( zone_id: int, zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("zone:show")), includes: List[str] = Query(None), ): includes = only(includes, ["dns_server", "dns_records", "http_server"], values=True) zone = zone_repo.loads(includes).get_or_fail(zone_id).includes( includes).data() return ZoneResponse(zone=zone)
async def index( sort_qs: SortQS = Depends(SortQS), pagination: PaginationQS = Depends(PaginationQS), api_token_repo: ApiTokenRepo = Depends(ApiTokenRepo()), token: TokenPayload = Depends(ScopedTo("api-token:list")), includes: List[str] = Query(None), ): includes = only(includes, ["dns_server", "http_server"], values=True) pg, items = (api_token_repo.loads(includes).strict().sort( sort_qs).paginate(pagination).includes(includes).data()) return ApiTokensResponse(pagination=pg, api_tokens=items)
async def index( sort_qs: SortQS = Depends(SortQS), pagination: PaginationQS = Depends(PaginationQS), dns_server_repo: DnsServerRepo = Depends(DnsServerRepo()), token: TokenPayload = Depends(ScopedTo("dns-server:list")), search: str = Query(None), includes: List[str] = Query(None), ): includes = only(includes, ["zones"], values=True) pg, items = (dns_server_repo.loads(includes).includes(includes).search( search, searchable=["name", "id"]).paginate(pagination).data()) return DnsServersResponse(pagination=pg, dns_servers=items)
async def show( http_request_id: int, http_request_repo: HttpRequestRepo = Depends(HttpRequestRepo()), token: TokenPayload = Depends(ScopedTo("http-request:show")), includes: List[str] = Query(None), ): # probably a bunch of access bypasses with scopes via includes # need easy way to scope for includes includes = only(includes, ["http_server", "zone"], values=True) http_request = (http_request_repo.loads(includes).get_or_fail( http_request_id).includes(includes).data()) return HttpRequestResponse(http_request=http_request)
async def show( api_token_id: int, api_token_repo: ApiTokenRepo = Depends(ApiTokenRepo()), token: TokenPayload = Depends(ScopedTo("api-token:read")), includes: List[str] = Query(None), ): includes = only(includes, ["dns_server", "http_server"], values=True) if (not api_token_repo.loads(includes).strict().includes(includes).exists( api_token_id)): raise HTTPException(404, detail="Not found") api_token = api_token_repo.data() return ApiTokenResponse(api_token=api_token)
async def store( zone_id: int, form: DnsRecordForZoneCreateForm, dns_record_repo: DnsRecordRepo = Depends(DnsRecordRepo()), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("dns-record:create")), ): zone_repo.exists(id=zone_id, or_fail=True) data = only(dict(form), ["record", "sort"]) data["zone_id"] = zone_id item = dns_record_repo.create(data).data() return DnsRecordResponse(dns_record=item)
async def index( sort_qs: SortQS = Depends(SortQS), pagination: PaginationQS = Depends(PaginationQS), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("zone:list")), includes: List[str] = Query(None), ): # TODO: bypasses a bunch of scopes, find a way to restrict access via scopes includes = only(includes, ["dns_server", "dns_records", "http_server"], values=True) pg, items = (zone_repo.loads(includes).strict().sort(sort_qs).paginate( pagination).includes(includes).data()) return ZonesResponse(pagination=pg, zones=items)
async def store( form: HttpServerCreateForm, http_server_repo: HttpServerRepo = Depends(HttpServerRepo()), token: TokenPayload = Depends(ScopedTo("http-server:create")), ): if http_server_repo.exists(name=form.name.lower()): abort_for_input("name", "Server name already taken") data = only(dict(form), ["name"]) data["name"] = data["name"].lower() item = http_server_repo.create(data).data() return HttpServerResponse(http_server=item)
async def sensitive( api_token_id: int, api_token_repo: ApiTokenRepo = Depends(ApiTokenRepo()), token: TokenPayload = Depends(ScopedTo("api-token:read")), includes: List[str] = Query(None), ): includes = only(includes, ["dns_server", "http_server"], values=True) # TODO: require stronger scope if not api_token_repo.exists(api_token_id): raise HTTPException(404, detail="Not found") api_token = (api_token_repo.loads(includes).set_data_model( SensitiveApiTokenData).includes(includes).data()) return SensitiveApiTokenResponse(api_token=api_token)
async def update( zone_id: int, dns_record_id: int, form: DnsRecordForZoneCreateForm, dns_record_repo: DnsRecordRepo = Depends(DnsRecordRepo()), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("dns-record:create")), ): # TODO: use abort_for_input instead of or_fail zone_repo.exists(id=zone_id, or_fail=True) data = only(form, ["record", "sort"]) item = dns_record_repo.first_or_fail(id=dns_record_id).update(data).data() return DnsRecordResponse(dns_record=item)
async def index( zone_id: int, sort_qs: SortQS = Depends(SortQS), pagination: PaginationQS = Depends(PaginationQS), dns_record_repo: DnsRecordRepo = Depends(DnsRecordRepo()), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("dns-record:list")), includes: List[str] = Query(None), ): zone_repo.exists(id=zone_id, or_fail=True) includes = only(includes, ["zone"], values=True) pg, items = (dns_record_repo.loads("zone").sort(sort_qs).filter_by( zone_id=zone_id).paginate(pagination).includes(includes).data()) return DnsRecordsResponse(pagination=pg, dns_records=items)
async def show( zone_id: int, dns_record_id: int, dns_record_repo: DnsRecordRepo = Depends(DnsRecordRepo()), zone_repo: ZoneRepo = Depends(ZoneRepo()), token: TokenPayload = Depends(ScopedTo("dns-record:show")), includes: List[str] = Query(None), ): zone_repo.exists(id=zone_id, or_fail=True) includes = only(includes, ["zone"], values=True) item = (dns_record_repo.loads("zone").filter_by( zone_id=zone_id).first_or_fail( id=dns_record_id).includes(includes).data()) return DnsRecordResponse(dns_record=item)