darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-03-20 18:20:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add more admin api endpoints

Browse Source
This commit is contained in:
Ryan Ahearn
2022-11-17 17:04:51 -05:00
parent 0a9ca6b231
commit f71df236b7
4 changed files with 145 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/authentication/auth.py
View File

@@ -132,8 +132,9 @@ def _decode_jwt_token(auth_token, api_keys, service_id=None):
try:
decode_jwt_token(auth_token, api_key.secret)
except TokenExpiredError:
err_msg = "Error: Your system clock must be accurate to within 30 seconds"
raise AuthError(err_msg, 403, service_id=service_id, api_key_id=api_key.id)
if not current_app.config.get('ALLOW_EXPIRED_API_TOKEN', False):
err_msg = "Error: Your system clock must be accurate to within 30 seconds"
raise AuthError(err_msg, 403, service_id=service_id, api_key_id=api_key.id)
except TokenAlgorithmError:
err_msg = "Invalid token: algorithm used is not HS256"
raise AuthError(err_msg, 403, service_id=service_id, api_key_id=api_key.id)

2
app/config.py
View File

@@ -80,6 +80,7 @@ class Config(object):
('{"%s":["%s"]}' % (ADMIN_CLIENT_ID, getenv('ADMIN_CLIENT_SECRET')))
)
)
ALLOW_EXPIRED_API_TOKEN = False
# encyption secret/salt
SECRET_KEY = getenv('SECRET_KEY')
DANGEROUS_SALT = getenv('DANGEROUS_SALT')
@@ -368,6 +369,7 @@ class Development(Config):
DANGEROUS_SALT = 'dev-notify-salt'
SECRET_KEY = 'dev-notify-secret-key' # nosec B105 - this is only used in development
INTERNAL_CLIENT_API_KEYS = {Config.ADMIN_CLIENT_ID: ['dev-notify-secret-key']}
ALLOW_EXPIRED_API_TOKEN = getenv('ALLOW_EXPIRED_API_TOKEN', '0') == '1'
class Test(Development):

6
docs/api-usage.md
View File

@@ -20,3 +20,9 @@ flask command create-admin-jwt | tail -n 1 | pbcopy
```
to copy a token usable by the admin UI to your pasteboard. This token will expire in 30 seconds
### Disable token expiration checking in development
```
env ALLOW_EXPIRED_API_TOKEN=1 make run-flask
```

145
docs/openapi.yml
View File

@@ -15,6 +15,13 @@ components:
type: http
scheme: bearer
bearerFormat: JWT
parameters:
uuidPath:
name: uuid
in: path
required: true
schema:
type: string
schemas:
serviceObject:
type: object
@@ -128,6 +135,30 @@ components:
state:
type: string
enum: ["pending", "active", "inactive"]
apiKeyResponse:
type: object
properties:
apiKeys:
type: array
items:
type: object
properties:
created_by:
type: string
created_at:
type: string
expiry_date:
type: string
id:
type: string
key_type:
type: string
name:
type: string
updated_at:
type: string
version:
type: number
paths:
/_status?simple=1:
get:
@@ -211,11 +242,7 @@ paths:
tags:
- internal-api
parameters:
- name: uuid
in: path
required: true
schema:
type: string
- $ref: "#/components/parameters/uuidPath"
responses:
'200':
description: OK
@@ -275,6 +302,52 @@ paths:
type: array
items:
$ref: "#/components/schemas/serviceObject"
/service/find-services-by-name:
get:
security:
- bearerAuth: []
description: 'Find a service by name'
tags:
- internal-api
parameters:
- name: service_name
in: query
required: true
schema:
type: string
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
type: object
properties:
active:
type: boolean
id:
type: string
name:
type: string
research_mode:
type: boolean
restricted:
type: boolean
/service/live-services-data:
get:
security:
- bearerAuth: []
description: 'Unsure'
tags:
- internal-api
responses:
'200':
description: OK
/service/{uuid}:
get:
security:
@@ -283,11 +356,7 @@ paths:
tags:
- internal-api
parameters:
- name: uuid
in: path
required: true
schema:
type: string
- $ref: "#/components/parameters/uuidPath"
responses:
'200':
description: OK
@@ -306,11 +375,60 @@ paths:
tags:
- internal-api
parameters:
- name: uuid
- $ref: "#/components/parameters/uuidPath"
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
/service/{uuid}/api-keys:
get:
security:
- bearerAuth: []
description: 'Retrieve api-keys for a service'
tags:
- internal-api
parameters:
- $ref: "#/components/parameters/uuidPath"
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/apiKeyResponse"
/service/{uuid}/api-keys/{key-id}:
get:
security:
- bearerAuth: []
description: 'Retrieve details of a single API key'
tags:
- internal-api
parameters:
- $ref: "#/components/parameters/uuidPath"
- name: key-id
in: path
required: true
schema:
type: string
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/apiKeyResponse"
/service/{uuid}/users:
get:
security:
- bearerAuth: []
description: 'Retrieve users associated with this service'
tags:
- internal-api
parameters:
- $ref: "#/components/parameters/uuidPath"
responses:
'200':
description: OK
@@ -318,3 +436,8 @@ paths:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: "#/components/schemas/userObject"