summaryrefslogtreecommitdiff
path: root/src/services/api/graphql
diff options
context:
space:
mode:
Diffstat (limited to 'src/services/api/graphql')
-rw-r--r--src/services/api/graphql/bindings.py21
-rw-r--r--src/services/api/graphql/graphql/auth_token_mutation.py8
-rw-r--r--src/services/api/graphql/graphql/mutations.py13
-rw-r--r--src/services/api/graphql/graphql/queries.py13
-rw-r--r--src/services/api/graphql/libs/__init__.py0
-rw-r--r--src/services/api/graphql/libs/key_auth.py22
-rw-r--r--src/services/api/graphql/libs/token_auth.py41
-rw-r--r--src/services/api/graphql/routers.py54
-rw-r--r--src/services/api/graphql/session/session.py6
-rw-r--r--src/services/api/graphql/state.py4
10 files changed, 140 insertions, 42 deletions
diff --git a/src/services/api/graphql/bindings.py b/src/services/api/graphql/bindings.py
index ef4966466..93dd0fbfb 100644
--- a/src/services/api/graphql/bindings.py
+++ b/src/services/api/graphql/bindings.py
@@ -1,4 +1,4 @@
-# Copyright 2021 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -13,24 +13,35 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this library. If not, see <http://www.gnu.org/licenses/>.
+
import vyos.defaults
+
+from ariadne import make_executable_schema
+from ariadne import load_schema_from_path
+from ariadne import snake_case_fallback_resolvers
+
from . graphql.queries import query
from . graphql.mutations import mutation
from . graphql.directives import directives_dict
from . graphql.errors import op_mode_error
from . graphql.auth_token_mutation import auth_token_mutation
from . libs.token_auth import init_secret
-from . import state
-from ariadne import make_executable_schema, load_schema_from_path, snake_case_fallback_resolvers
+
+from .. session import SessionState
+
def generate_schema():
+ state = SessionState()
api_schema_dir = vyos.defaults.directories['api_schema']
- if state.settings['app'].state.vyos_auth_type == 'token':
+ if state.auth_type == 'token':
init_secret()
type_defs = load_schema_from_path(api_schema_dir)
- schema = make_executable_schema(type_defs, query, op_mode_error, mutation, auth_token_mutation, snake_case_fallback_resolvers, directives=directives_dict)
+ schema = make_executable_schema(type_defs, query, op_mode_error,
+ mutation, auth_token_mutation,
+ snake_case_fallback_resolvers,
+ directives=directives_dict)
return schema
diff --git a/src/services/api/graphql/graphql/auth_token_mutation.py b/src/services/api/graphql/graphql/auth_token_mutation.py
index a53fa4d60..164960217 100644
--- a/src/services/api/graphql/graphql/auth_token_mutation.py
+++ b/src/services/api/graphql/graphql/auth_token_mutation.py
@@ -21,7 +21,7 @@ from graphql import GraphQLResolveInfo
from .. libs.token_auth import generate_token
from .. session.session import get_user_info
-from .. import state
+from ... session import SessionState
auth_token_mutation = ObjectType("Mutation")
@@ -31,8 +31,10 @@ def auth_token_resolver(obj: Any, info: GraphQLResolveInfo, data: Dict):
user = data['username']
passwd = data['password']
- secret = state.settings['secret']
- exp_interval = int(state.settings['app'].state.vyos_token_exp)
+ state = SessionState()
+
+ secret = getattr(state, 'secret', '')
+ exp_interval = int(state.token_exp)
expiration = (datetime.datetime.now(tz=datetime.timezone.utc) +
datetime.timedelta(seconds=exp_interval))
diff --git a/src/services/api/graphql/graphql/mutations.py b/src/services/api/graphql/graphql/mutations.py
index d115a8e94..62031ada3 100644
--- a/src/services/api/graphql/graphql/mutations.py
+++ b/src/services/api/graphql/graphql/mutations.py
@@ -21,10 +21,10 @@ from makefun import with_signature
from typing import Any, Dict, Optional # pylint: disable=W0611
from graphql import GraphQLResolveInfo # pylint: disable=W0611
-from .. import state
+from ... session import SessionState
from .. libs import key_auth
-from api.graphql.session.session import Session
-from api.graphql.session.errors.op_mode_errors import op_mode_err_msg, op_mode_err_code
+from .. session.session import Session
+from .. session.errors.op_mode_errors import op_mode_err_msg, op_mode_err_code
from vyos.opmode import Error as OpModeError
mutation = ObjectType("Mutation")
@@ -45,12 +45,13 @@ def make_mutation_resolver(mutation_name, class_name, session_func):
func_base_name = convert_camel_case_to_snake(class_name)
resolver_name = f'resolve_{func_base_name}'
func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Optional[Dict]=None)'
+ state = SessionState()
@mutation.field(mutation_name)
@with_signature(func_sig, func_name=resolver_name)
async def func_impl(*args, **kwargs):
try:
- auth_type = state.settings['app'].state.vyos_auth_type
+ auth_type = state.auth_type
if auth_type == 'key':
data = kwargs['data']
@@ -86,11 +87,11 @@ def make_mutation_resolver(mutation_name, class_name, session_func):
}
else:
# AtrributeError will have already been raised if no
- # vyos_auth_type; validation and defaultValue ensure it is
+ # auth_type; validation and defaultValue ensure it is
# one of the previous cases, so this is never reached.
pass
- session = state.settings['app'].state.vyos_session
+ session = state.session
# one may override the session functions with a local subclass
try:
diff --git a/src/services/api/graphql/graphql/queries.py b/src/services/api/graphql/graphql/queries.py
index 717098259..1e9036574 100644
--- a/src/services/api/graphql/graphql/queries.py
+++ b/src/services/api/graphql/graphql/queries.py
@@ -21,10 +21,10 @@ from makefun import with_signature
from typing import Any, Dict, Optional # pylint: disable=W0611
from graphql import GraphQLResolveInfo # pylint: disable=W0611
-from .. import state
+from ... session import SessionState
from .. libs import key_auth
-from api.graphql.session.session import Session
-from api.graphql.session.errors.op_mode_errors import op_mode_err_msg, op_mode_err_code
+from .. session.session import Session
+from .. session.errors.op_mode_errors import op_mode_err_msg, op_mode_err_code
from vyos.opmode import Error as OpModeError
query = ObjectType("Query")
@@ -45,12 +45,13 @@ def make_query_resolver(query_name, class_name, session_func):
func_base_name = convert_camel_case_to_snake(class_name)
resolver_name = f'resolve_{func_base_name}'
func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Optional[Dict]=None)'
+ state = SessionState()
@query.field(query_name)
@with_signature(func_sig, func_name=resolver_name)
async def func_impl(*args, **kwargs):
try:
- auth_type = state.settings['app'].state.vyos_auth_type
+ auth_type = state.auth_type
if auth_type == 'key':
data = kwargs['data']
@@ -86,11 +87,11 @@ def make_query_resolver(query_name, class_name, session_func):
}
else:
# AtrributeError will have already been raised if no
- # vyos_auth_type; validation and defaultValue ensure it is
+ # auth_type; validation and defaultValue ensure it is
# one of the previous cases, so this is never reached.
pass
- session = state.settings['app'].state.vyos_session
+ session = state.session
# one may override the session functions with a local subclass
try:
diff --git a/src/services/api/graphql/libs/__init__.py b/src/services/api/graphql/libs/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/src/services/api/graphql/libs/__init__.py
diff --git a/src/services/api/graphql/libs/key_auth.py b/src/services/api/graphql/libs/key_auth.py
index 2db0f7d48..9e49a1203 100644
--- a/src/services/api/graphql/libs/key_auth.py
+++ b/src/services/api/graphql/libs/key_auth.py
@@ -1,5 +1,20 @@
+# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library. If not, see <http://www.gnu.org/licenses/>.
-from .. import state
+
+from ... session import SessionState
def check_auth(key_list, key):
if not key_list:
@@ -11,8 +26,9 @@ def check_auth(key_list, key):
return key_id
def auth_required(key):
+ state = SessionState()
api_keys = None
- api_keys = state.settings['app'].state.vyos_keys
+ api_keys = state.keys
key_id = check_auth(api_keys, key)
- state.settings['app'].state.vyos_id = key_id
+ state.id = key_id
return key_id
diff --git a/src/services/api/graphql/libs/token_auth.py b/src/services/api/graphql/libs/token_auth.py
index 8585485c9..2d772e035 100644
--- a/src/services/api/graphql/libs/token_auth.py
+++ b/src/services/api/graphql/libs/token_auth.py
@@ -1,33 +1,52 @@
+# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+
import jwt
import uuid
import pam
from secrets import token_hex
-from .. import state
+from ... session import SessionState
+
def _check_passwd_pam(username: str, passwd: str) -> bool:
if pam.authenticate(username, passwd):
return True
return False
+
def init_secret():
- length = int(state.settings['app'].state.vyos_secret_len)
+ state = SessionState()
+ length = int(state.secret_len)
secret = token_hex(length)
- state.settings['secret'] = secret
+ state.secret = secret
+
def generate_token(user: str, passwd: str, secret: str, exp: int) -> dict:
if user is None or passwd is None:
return {}
+ state = SessionState()
if _check_passwd_pam(user, passwd):
- app = state.settings['app']
try:
- users = app.state.vyos_token_users
+ users = state.token_users
except AttributeError:
- app.state.vyos_token_users = {}
- users = app.state.vyos_token_users
+ users = state.token_users = {}
user_id = uuid.uuid1().hex
payload_data = {'iss': user, 'sub': user_id, 'exp': exp}
- secret = state.settings.get('secret')
+ secret = getattr(state, 'secret', None)
if secret is None:
return {"errors": ['missing secret']}
token = jwt.encode(payload=payload_data, key=secret, algorithm="HS256")
@@ -37,10 +56,12 @@ def generate_token(user: str, passwd: str, secret: str, exp: int) -> dict:
else:
return {"errors": ['failed pam authentication']}
+
def get_user_context(request):
context = {}
context['request'] = request
context['user'] = None
+ state = SessionState()
if 'Authorization' in request.headers:
auth = request.headers['Authorization']
scheme, token = auth.split()
@@ -48,7 +69,7 @@ def get_user_context(request):
return context
try:
- secret = state.settings.get('secret')
+ secret = getattr(state, 'secret', None)
payload = jwt.decode(token, secret, algorithms=["HS256"])
user_id: str = payload.get('sub')
if user_id is None:
@@ -59,7 +80,7 @@ def get_user_context(request):
except jwt.PyJWTError:
return context
try:
- users = state.settings['app'].state.vyos_token_users
+ users = state.token_users
except AttributeError:
return context
diff --git a/src/services/api/graphql/routers.py b/src/services/api/graphql/routers.py
new file mode 100644
index 000000000..d04375a49
--- /dev/null
+++ b/src/services/api/graphql/routers.py
@@ -0,0 +1,54 @@
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+# pylint: disable=import-outside-toplevel
+
+
+import typing
+
+from ariadne.asgi import GraphQL
+from starlette.middleware.cors import CORSMiddleware
+
+
+if typing.TYPE_CHECKING:
+ from fastapi import FastAPI
+
+
+def graphql_init(app: "FastAPI"):
+ from .. session import SessionState
+ from .libs.token_auth import get_user_context
+
+ state = SessionState()
+
+ # import after initializaion of state
+ from .bindings import generate_schema
+ schema = generate_schema()
+
+ in_spec = state.introspection
+
+ if state.origins:
+ origins = state.origins
+ app.add_route('/graphql', CORSMiddleware(GraphQL(schema,
+ context_value=get_user_context,
+ debug=True,
+ introspection=in_spec),
+ allow_origins=origins,
+ allow_methods=("GET", "POST", "OPTIONS"),
+ allow_headers=("Authorization",)))
+ else:
+ app.add_route('/graphql', GraphQL(schema,
+ context_value=get_user_context,
+ debug=True,
+ introspection=in_spec))
diff --git a/src/services/api/graphql/session/session.py b/src/services/api/graphql/session/session.py
index 6ae44b9bf..6e2875f3c 100644
--- a/src/services/api/graphql/session/session.py
+++ b/src/services/api/graphql/session/session.py
@@ -138,7 +138,6 @@ class Session:
return res
def show_user_info(self):
- session = self._session
data = self._data
user_info = {}
@@ -151,10 +150,9 @@ class Session:
return user_info
def system_status(self):
- import api.graphql.session.composite.system_status as system_status
+ from api.graphql.session.composite import system_status
session = self._session
- data = self._data
status = {}
status['host_name'] = session.show(['host', 'name']).strip()
@@ -165,7 +163,6 @@ class Session:
return status
def gen_op_query(self):
- session = self._session
data = self._data
name = self._name
op_mode_list = self._op_mode_list
@@ -189,7 +186,6 @@ class Session:
return res
def gen_op_mutation(self):
- session = self._session
data = self._data
name = self._name
op_mode_list = self._op_mode_list
diff --git a/src/services/api/graphql/state.py b/src/services/api/graphql/state.py
deleted file mode 100644
index 63db9f4ef..000000000
--- a/src/services/api/graphql/state.py
+++ /dev/null
@@ -1,4 +0,0 @@
-
-def init():
- global settings
- settings = {}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 18:18:03 +0000