routes.py

# copyright 2022 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact https://www.logilab.fr -- mailto:contact@logilab.fr
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
import logging
from contextlib import contextmanager
from enum import Enum
from typing import Callable

from cubicweb import AuthenticationError, QueryError, Unauthorized, Forbidden
from cubicweb.pyramid.core import Connection
from cubicweb.schema_exporters import JSONSchemaExporter
from pyramid.config import Configurator
from pyramid.httpexceptions import HTTPError
from pyramid.request import Request
from pyramid.response import Response
from pyramid.view import view_config, view_defaults
from rql import RQLException
from yams import ValidationError, UnknownType

from cubicweb_api.api_transaction import ApiTransactionsRepository
from cubicweb_api.auth.jwt_auth import setup_jwt
from cubicweb_api.constants import (
    API_ROUTE_NAME_PREFIX,
)
from cubicweb_api.httperrors import get_http_error, get_http_500_error
from cubicweb_api.openapi.openapi import setup_openapi
from cubicweb_api.util import get_cw_repo, get_transactions_repository

log = logging.getLogger(__name__)


class ApiRoutes(Enum):
    """
    All the available routes as listed in the openapi/openapi_template.yml file.
    """

    schema = "schema"
    rql = "rql"
    login = "login"
    current_user = "current_user"
    transaction_begin = "transaction/begin"
    transaction_execute = "transaction/execute"
    transaction_commit = "transaction/commit"
    transaction_rollback = "transaction/rollback"
    help = "help"


def get_route_name(route_name: ApiRoutes) -> str:
    """
    Generates a unique route name using the api prefix to prevent clashes with routes
    from other cubes.

    :param route_name: The route name base
    :return: The generated route name
    """
    return f"{API_ROUTE_NAME_PREFIX}{route_name.value}"


@contextmanager
def _catch_rql_errors(cnx: Connection):
    """
    Calls and returns the result of the given function.
    If an error related to RQL occurs, this will raise an HTTP 400 error

    :param func: The function to check for errors
    :return: The function's result if no error occurred
    :raise HTTPError: with 400 code if a RQL related exception is caught
    """
    try:
        try:
            yield
        except ValidationError as e:
            e.translate(cnx._)
            raise
    except (RQLException, QueryError, ValidationError, UnknownType) as e:
        log.info(e.__class__.__name__, exc_info=True)
        raise get_http_error(400, e.__class__.__name__, str(e))


def view_exception_handler(func: Callable):
    """
    Use it as a decorator for any pyramid view to catch authentication errors
    and raise HTTP 401 or 403 errors.
    It also catches any other leftover exceptions and raises an HTTP 500 error.

    :param func: The pyramid view function
    :raise HTTPError: with different error codes depending on the exception caught
    """

    def request_wrapper(*args):
        try:
            return func(*args)
        except HTTPError as e:
            # The decorated function raised its own HTTP error, simply forward it.
            return e
        except (AuthenticationError, Unauthorized) as e:
            # User was not authenticated, return 401 HTTP error
            log.info(e.__class__.__name__, exc_info=True)
            return get_http_error(401, e.__class__.__name__, str(e))
        except Forbidden as e:
            # User was authenticated but had insufficient privileges, return 403 HTTP error
            log.info(e.__class__.__name__, exc_info=True)
            return get_http_error(403, e.__class__.__name__, str(e))
        except Exception:
            # An exception was raised but not caught, this is a server error (HTTP 5OO)
            log.info("ServerError", exc_info=True)
            raise get_http_500_error()

    return request_wrapper


@view_defaults(
    request_method="POST",
    renderer="cubicweb_api_json",
    require_csrf=False,
    openapi=True,
)
class ApiViews:
    def __init__(self, request: Request):
        self.request = request

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.schema),
        request_method="GET",
        anonymous_or_connected=True,
    )
    def schema_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        repo = get_cw_repo(self.request)
        exporter = JSONSchemaExporter()
        exported_schema = exporter.export_as_dict(repo.schema)
        return exported_schema

    @view_exception_handler
    @view_config(route_name=get_route_name(ApiRoutes.rql), anonymous_or_connected=True)
    def rql_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        request_params = self.request.openapi_validated.body
        query: str = request_params["query"]
        params: dict = request_params["params"]
        with _catch_rql_errors(self.request.cw_cnx):
            return self.request.cw_cnx.execute(query, params).rows

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.login),
    )
    def login_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        request_params = self.request.openapi_validated.body
        login: str = request_params["login"]
        pwd: str = request_params["password"]

        repo = get_cw_repo(self.request)
        with repo.internal_cnx() as cnx:
            try:
                cwuser = repo.authenticate_user(cnx, login, password=pwd)
            except AuthenticationError:
                raise get_http_error(
                    401, "AuthenticationFailure", "Login and/or password invalid."
                )
            else:
                headers = self.request.authentication_policy.remember(
                    self.request,
                    cwuser.eid,
                    login=cwuser.login,
                    firstname=cwuser.firstname,
                    lastname=cwuser.surname,
                )
                return Response(headers=headers, status=204)

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.current_user),
        request_method="GET",
        anonymous_or_connected=True,
    )
    def current_user(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        user = self.request.cw_cnx.user
        return {"eid": user.eid, "login": user.login, "dcTitle": user.dc_title()}

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.transaction_begin),
        anonymous_or_connected=True,
    )
    def transaction_begin_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        transactions = get_transactions_repository(self.request)
        user = self.request.cw_cnx.user
        return transactions.begin_transaction(user)

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.transaction_execute),
        anonymous_or_connected=True,
    )
    def transaction_execute_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        transactions = get_transactions_repository(self.request)
        request_params = self.request.openapi_validated.body
        uuid: str = request_params["uuid"]
        query: str = request_params["query"]
        params: dict = request_params["params"]
        with _catch_rql_errors(self.request.cw_cnx):
            return transactions[uuid].execute(query, params).rows

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.transaction_commit),
        anonymous_or_connected=True,
    )
    def transaction_commit_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        transactions = get_transactions_repository(self.request)
        request_params = self.request.openapi_validated.body
        uuid: str = request_params["uuid"]
        with _catch_rql_errors(self.request.cw_cnx):
            return transactions[uuid].commit()

    @view_exception_handler
    @view_config(
        route_name=get_route_name(ApiRoutes.transaction_rollback),
        anonymous_or_connected=True,
    )
    def transaction_rollback_route(self):
        """
        See the openapi/openapi_template.yml file for more information on this route.
        """
        transactions = get_transactions_repository(self.request)
        request_params = self.request.openapi_validated.body
        uuid: str = request_params["uuid"]
        rollback_result = transactions[uuid].rollback()
        transactions.end_transaction(uuid)
        return rollback_result


def includeme(config: Configurator):
    setup_jwt(config)
    repo = get_cw_repo(config)
    repo.api_transactions = ApiTransactionsRepository(repo)
    setup_openapi(config)
    config.pyramid_openapi3_register_routes()
    config.scan()