From 6700c535d8e28fa98879e85f7bce4b3f7a48aa6e Mon Sep 17 00:00:00 2001 From: maffe03 Date: Mon, 29 Sep 2025 15:35:58 +0000 Subject: [PATCH 1/2] Add more origins for dev --- main.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/main.py b/main.py index 1a20e3fd..b5dcd00e 100644 --- a/main.py +++ b/main.py @@ -50,9 +50,17 @@ async def lifespan(app: FastAPI): dev_origins = [ "http://localhost", "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", ] -stage_origins = ["https://stage.frontend.fsektionen.se"] +stage_origins = [ + "https://stage.frontend.fsektionen.se", + "http://localhost", + "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", +] production_origins = ["https://fsektionen.se"] From 0060fbfdf1c98b4d03814afb8416da2c10e7e5da Mon Sep 17 00:00:00 2001 From: maffe03 Date: Tue, 4 Nov 2025 16:49:21 +0000 Subject: [PATCH 2/2] make it so that being verified is enough to book cafe pass --- routes/cafe_shift_router.py | 10 +++++----- user/permission.py | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/routes/cafe_shift_router.py b/routes/cafe_shift_router.py index e25965c4..c66c6e49 100644 --- a/routes/cafe_shift_router.py +++ b/routes/cafe_shift_router.py @@ -20,7 +20,7 @@ cafe_shift_router = APIRouter() -@cafe_shift_router.get("/view-shifts", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.get("/view-shifts", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_all_shifts(db: DB_dependency): shifts = db.query(CafeShift_DB).all() return shifts @@ -36,7 +36,7 @@ def admin_view_shift(shift_id: int, db: DB_dependency): return shift -@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.member()], response_model=CafeShiftRead) +@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.verified()], response_model=CafeShiftRead) def view_shift(shift_id: int, db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: @@ -45,7 +45,7 @@ def view_shift(shift_id: int, db: DB_dependency): # Var tvungen att göra en fuling och göra detta till en POST för att kunna skicka med en JSON body. Det var problem med att parsa datetimes om de skickades med som fält. -@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_shifts_between_dates(data: CafeViewBetweenDates, db: DB_dependency): shifts = ( db.query(CafeShift_DB) @@ -178,7 +178,7 @@ def update_shift(shift_id: int, data: CafeShiftUpdate, db: DB_dependency): @cafe_shift_router.patch("/sign-up/{shift_id}", response_model=CafeShiftRead) -def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()], db: DB_dependency): +def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.verified()], db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: raise HTTPException(status.HTTP_404_NOT_FOUND) @@ -194,7 +194,7 @@ def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()] @cafe_shift_router.patch("/sign-off/{shift_id}", response_model=CafeShiftRead) def signoff_from_shift( shift_id: int, - user: Annotated[User_DB, Permission.member()], + user: Annotated[User_DB, Permission.verified()], manage_permission: Annotated[bool, Permission.check("manage", "Cafe")], db: DB_dependency, ): diff --git a/user/permission.py b/user/permission.py index a4e59fae..9d08f44e 100644 --- a/user/permission.py +++ b/user/permission.py @@ -32,6 +32,20 @@ def dependency(user: User_DB | None = Depends(current_verified_user)): return Depends(dependency) + @classmethod + def verified(cls): + # Use this dependency for routes that all verified users should access + def dependency(user: User_DB | None = Depends(current_verified_user)): + if user is None: + raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated") + + if not user.is_verified: + raise HTTPException(status.HTTP_403_FORBIDDEN) + + return user + + return Depends(dependency) + @classmethod def member(cls): # Use this dependency for routes that only members should access