Giters

samweru-zz / buupass-challenge

Buupass Trials

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Buupass Challenge

This project uses an expirable bearer token which is received after login. The token is used for every request that requires authorization. Permissions are used to enforce role based access on routes (RBAC)

Sample Code

# Found in rbac/api.py

@api.post("/user/{user_id}", auth=AuthBearer())
@permissions("view_user")
def user(request, user_id:int):
    try:
        user = User.objects.get(id=user_id)
        if user:
            return {'username': user.username}
    except Exception as e:
        logger.critical(e)

        return {"success": False}

Environment

To start, you'll need to install python 3.8 , git and pip

sudo apt update
sudo apt install git python3.8 python3-pip

Clone the project then run pip for requirements inside the project folder:

git clone https://github.com/samweru/buupass-challenge
cd buupass-challenge

Setup

Setting up the logs and sqlite database:

./bin/starter

This script will create logs/app.log file, create migration and execute them. It will also prompt for superuser so, please comply. (Smiley Face). It will also install requirements.txt

Seeding Database

To create subordinate users under superuser run the script below:

python seeder.py

Run Project

To server the project:

python manage.py runserver

The project will run under django's default port localhost:8000

You can interogate all routes under http://localhost:8000/api/docs to test the various APIs. You may also view Admin database at http://localhost:8000/api/admin for users.

Existing Routes

  • /api/bearer
  • /api/hello
  • /api/login
  • /api/user/{user_id}
  • /api/current/user
  • /api/add/user
  • /new/sub/to/user/{sup_id}
  • /for/user/{sup_id}/subs/all

Login

In this route /api/login username and password fields are required, the route will return a bearer token that can be used to authenticate on http://localhost:8000/api/docs in browser, ensure to click on the Authorize button at the top first.

-OR-

You can use httpie to authenticate your requests. For example:

http POST :8000/api/current/user "Authorization: Bearer <place_secret_token_here>"

You may install httpie via pip:

pip install httpie

Note

Route /api/hello requires no bearer.

Route /new/sub/to/user/{sup_id} adds a new surbordinate to a single supervisor. It also requires parameters for username and password.

Route /for/user/{sup_id}/subs/all lists all surborinates under a single supervisor You may find code for all routes and permissions under rbac/api.py

Decorators are used in code for permission, routes and http methods, it is an elegant method of keeping code clean, understanable and easy.

About

Buupass Trials

Languages

Language:Python 98.9%Language:Shell 1.1%