app/dao/api_key_dao.py

import uuid
from datetime import timedelta

from sqlalchemy import func, or_, select

from app import db
from app.dao.dao_utils import autocommit, version_class
from app.models import ApiKey
from app.utils import utc_now


@autocommit
@version_class(ApiKey)
def save_model_api_key(api_key):
    if not api_key.id:
        api_key.id = (
            uuid.uuid4()
        )  # must be set now so version history model can use same id
    api_key.secret = uuid.uuid4()
    db.session.add(api_key)


@autocommit
@version_class(ApiKey)
def expire_api_key(service_id, api_key_id):
    api_key = (
        db.session.execute(
            select(ApiKey).where(
                ApiKey.id == api_key_id, ApiKey.service_id == service_id
            )
        )
        .scalars()
        .one()
    )
    api_key.expiry_date = utc_now()
    db.session.add(api_key)


def get_model_api_keys(service_id, id=None):
    if id:
        return (
            db.session.execute(
                select(ApiKey).where(
                    ApiKey.id == id,
                    ApiKey.service_id == service_id,
                    ApiKey.expiry_date == None,  # noqa
                )
            )
            .scalars()
            .one()
        )
    seven_days_ago = utc_now() - timedelta(days=7)
    return (
        db.session.execute(
            select(ApiKey).where(
                or_(
                    ApiKey.expiry_date == None,  # noqa
                    func.date(ApiKey.expiry_date) > seven_days_ago,  # noqa
                ),
                ApiKey.service_id == service_id,
            )
        )
        .scalars()
        .all()
    )


def get_unsigned_secrets(service_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_keys = (
        db.session.execute(
            select(ApiKey).where(
                ApiKey.service_id == service_id, ApiKey.expiry_date == None  # noqa
            )
        )
        .scalars()
        .all()
    )
    keys = [x.secret for x in api_keys]
    return keys


def get_unsigned_secret(key_id):
    """
    This method can only be exposed to the Authentication of the api calls.
    """
    api_key = (
        db.session.execute(
            select(ApiKey).where(
                ApiKey.id == key_id, ApiKey.expiry_date == None  # noqa
            )
        )
        .scalars()
        .one()
    )
    return api_key.secret
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`import uuid`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`from datetime import timedelta`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00
more 2024-11-15 08:50:01 -08:00			`from sqlalchemy import func, or_, select`
Run auto-correct on app/ and tests/ 2021-03-10 13:55:06 +00:00
flake8 - remove unused imports and ensure they're always at the top of the file 2017-11-28 10:35:16 +00:00			`from app import db`
Rename database management functions. Rename @transactional to @autocommit. Rename nested_transaction to tranaction. 2021-04-14 07:11:01 +01:00			`from app.dao.dao_utils import autocommit, version_class`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from app.models import ApiKey`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`from app.utils import utc_now`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00
Rename database management functions. Rename @transactional to @autocommit. Rename nested_transaction to tranaction. 2021-04-14 07:11:01 +01:00			`@autocommit`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00			`@version_class(ApiKey)`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`def save_model_api_key(api_key):`
			`if not api_key.id:`
reformat 2023-08-29 14:54:30 -07:00			`api_key.id = (`
			`uuid.uuid4()`
			`) # must be set now so version history model can use same id`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`api_key.secret = uuid.uuid4()`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`db.session.add(api_key)`


Rename database management functions. Rename @transactional to @autocommit. Rename nested_transaction to tranaction. 2021-04-14 07:11:01 +01:00			`@autocommit`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`@version_class(ApiKey)`
			`def expire_api_key(service_id, api_key_id):`
more 2024-11-15 08:50:01 -08:00			`api_key = (`
			`db.session.execute(`
code review feedback 2024-12-19 07:29:37 -08:00			`select(ApiKey).where(`
			`ApiKey.id == api_key_id, ApiKey.service_id == service_id`
			`)`
more 2024-11-15 08:50:01 -08:00			`)`
code review feedback 2024-12-19 07:46:14 -08:00			`.scalars()`
more 2024-11-15 08:50:01 -08:00			`.one()`
			`)`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`api_key.expiry_date = utc_now()`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`db.session.add(api_key)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`def get_model_api_keys(service_id, id=None):`
			`if id:`
code review feedback 2024-12-19 07:26:05 -08:00			`return (`
			`db.session.execute(`
code review feedback 2024-12-19 07:29:37 -08:00			`select(ApiKey).where(`
			`ApiKey.id == id,`
			`ApiKey.service_id == service_id,`
fix filter_bys 2024-12-19 11:10:03 -08:00			`ApiKey.expiry_date == None, # noqa`
code review feedback 2024-12-19 07:29:37 -08:00			`)`
code review feedback 2024-12-19 07:26:05 -08:00			`)`
code review feedback 2024-12-19 07:37:22 -08:00			`.scalars()`
code review feedback 2024-12-19 07:26:05 -08:00			`.one()`
			`)`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`seven_days_ago = utc_now() - timedelta(days=7)`
try fixing pagination 2024-11-18 11:36:20 -08:00			`return (`
			`db.session.execute(`
			`select(ApiKey).where(`
			`or_(`
			`ApiKey.expiry_date == None, # noqa`
			`func.date(ApiKey.expiry_date) > seven_days_ago, # noqa`
			`),`
			`ApiKey.service_id == service_id,`
			`)`
			`)`
			`.scalars()`
			`.all()`
			`)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`def get_unsigned_secrets(service_id):`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
code review feedback 2024-12-19 07:26:05 -08:00			`api_keys = (`
			`db.session.execute(`
code review feedback 2024-12-19 07:29:37 -08:00			`select(ApiKey).where(`
			`ApiKey.service_id == service_id, ApiKey.expiry_date == None # noqa`
			`)`
code review feedback 2024-12-19 07:26:05 -08:00			`)`
code review feedback 2024-12-19 07:37:22 -08:00			`.scalars()`
code review feedback 2024-12-19 07:26:05 -08:00			`.all()`
			`)`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`keys = [x.secret for x in api_keys]`
Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`return keys`


			`def get_unsigned_secret(key_id):`
			`"""`
			`This method can only be exposed to the Authentication of the api calls.`
			`"""`
code review feedback 2024-12-19 07:26:05 -08:00			`api_key = (`
code review feedback 2024-12-19 07:29:37 -08:00			`db.session.execute(`
fix filter_bys 2024-12-19 11:10:03 -08:00			`select(ApiKey).where(`
			`ApiKey.id == key_id, ApiKey.expiry_date == None # noqa`
			`)`
code review feedback 2024-12-19 07:29:37 -08:00			`)`
code review feedback 2024-12-19 07:37:22 -08:00			`.scalars()`
code review feedback 2024-12-19 07:26:05 -08:00			`.one()`
			`)`
Refactor ApiKeys.secret and ServiceInboundApi.bearer_token to use the same encryption method and get rid of the duplicate code. 2017-06-19 14:32:22 +01:00			`return api_key.secret`