def api_key_add():
form = AddApiKeyForm(request.form)
key = ApiKey(owner=current_user.to_dbref(), label=form.label.data)
key.save()
flash("Key has been added.", category="success")
return redirect(url_for('api.api_key_edit', key_id=key.id))
def api_key_add():
form = AddApiKeyForm(request.form)
key = ApiKey(owner=current_user.to_dbref(), label=form.label.data)
key.save()
flash("Key has been added.", category="success")
return redirect(url_for('api.api_key_edit', key_id=key.id))
def api_key_edit(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
form = ApiKeyEditForm()
form.acl.choices = list()
for access_token in access_tokens.values():
if access_token.get("permission"):
if not current_user.has_permission(access_token.get("permission")):
continue
form.acl.choices.append(
(access_token.get("token"), access_token.get("token")))
if request.method == "GET":
form.label.data = key.label
form.acl.data = key.access
return render_template(
'api_settings_edit_pane.html',
settings_panels_structure=settings_panels_structure,
form=form,
key=key,
title="Edit - API Keys - Developer - Settings")
elif request.method == "POST":
form.validate()
key.label = form.label.data
key.access = form.acl.data
key.save()
return redirect(url_for('api.api_key_edit', key_id=key_id))
def api_key_edit(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
form = ApiKeyEditForm()
form.acl.choices = list()
for access_token in access_tokens.values():
if access_token.get("permission"):
if not current_user.has_permission(access_token.get("permission")):
continue
form.acl.choices.append((access_token.get("token"), access_token.get("token")))
if request.method == "GET":
form.label.data = key.label
form.acl.data = key.access
return render_template('api_settings_edit_pane.html', settings_panels_structure=settings_panels_structure, form=form, key=key, title="Edit - API Keys - Developer - Settings")
elif request.method == "POST":
form.validate()
key.label = form.label.data
key.access = form.acl.data
key.save()
return redirect(url_for('api.api_key_edit', key_id=key_id))
def api_key_delete(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
key.delete()
flash("Key has been deleted.", category="success")
return redirect(url_for('api.api_key_settings_pane'))
def api_key_delete(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
key.delete()
flash("Key has been deleted.", category="success")
return redirect(url_for('api.api_key_settings_pane'))
def api_key_settings_pane():
apikey_add_form = AddApiKeyForm(request.form)
apikey_del_form = DelApiKeyForm(request.form)
keys = ApiKey.objects(owner=current_user.to_dbref())
return render_template('api_settings_pane.html',
settings_panels_structure=settings_panels_structure,
keys=keys,
apikey_add_form=apikey_add_form,
apikey_del_form=apikey_del_form,
title="API Keys - Developer - Settings")
def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
if key is None:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
for access in required_access_tokens:
if access not in key.access:
return {'error': [{'message': "api key doesn't have access to '%s'" % access, 'identifier': "permission#%s" % access}]}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {'error': [{'message': "api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers", 'identifier': "permission#api.as_user"}]}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the user specified in the AsUser header wasn't found", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {'error': [{'message': "player uuid specified in AsPlayer header is not registered in database (has not logged in?)", 'identifier': "player_uuid_not_found"}]}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the uuid specified in the AsPlayer field is not owned by a website user", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
def api_key_settings_pane():
apikey_add_form = AddApiKeyForm(request.form)
apikey_del_form = DelApiKeyForm(request.form)
keys = ApiKey.objects(owner=current_user.to_dbref())
return render_template('api_settings_pane.html', settings_panels_structure=settings_panels_structure, keys=keys, apikey_add_form=apikey_add_form, apikey_del_form=apikey_del_form, title="API Keys - Developer - Settings")
def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(
required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
if key is None:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
for access in required_access_tokens:
if access not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to '%s'" % access,
'identifier':
"permission#%s" % access
}]
}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers",
'identifier': "permission#api.as_user"
}]
}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the user specified in the AsUser header wasn't found",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {
'error': [{
'message':
"player uuid specified in AsPlayer header is not registered in database (has not logged in?)",
'identifier': "player_uuid_not_found"
}]
}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the uuid specified in the AsPlayer field is not owned by a website user",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
