9820a77d25
Adds the anonymous read surface (/api/v1/public) — the privacy-critical core. - CurrentUserOrNone dependency: optional auth that never 401s (anonymous OK). - public_view_service: every projection passes through privacy.person_visibility. persons redacted (living → "Living person", hidden dropped); relationships only when both endpoints non-hidden; events only for FULL-visibility persons (partnership events only when both partners full); names only for FULL persons. Not-viewable trees raise 404 (not 403) so the surface can't probe for private trees. Media deferred (higher-sensitivity; own pass later). - public router: read-only directory + tree + persons/relationships/events + person detail/names/events. Directory lists `public` to all and adds `site_members` for authenticated callers; never lists unlisted/private. - PublicTreeRead omits owner_id. Tests (ran locally — CI does not run pytest): an anonymous end-to-end leak test asserting a living person's real name, alias, and birth year appear in NO public response while the deceased person's data does; plus private=404, unlisted viewable-by-link-but-unlisted, site_members requires login, and directory visibility. Full suite: 70 passed. Regenerated openapi.json + TS client. Note: the AUTHED list endpoints still leak per-person for non-members (pre-existing) — fixed next, separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Justin Paul <justin@jpaul.me>
70 lines
2.4 KiB
Python
70 lines
2.4 KiB
Python
"""Shared API dependencies: DB session, the authenticated user, and the mailer."""
|
|
|
|
from typing import Annotated
|
|
|
|
from fastapi import Depends, HTTPException, Request, status
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.core.config import get_settings
|
|
from app.core.db import get_session
|
|
from app.integrations.mailer.base import Mailer
|
|
from app.integrations.mailer.console import ConsoleMailer
|
|
from app.integrations.mailer.smtp import SMTPMailer
|
|
from app.integrations.objectstore.base import ObjectStore
|
|
from app.integrations.objectstore.s3 import S3ObjectStore
|
|
from app.models.user import User
|
|
from app.services import auth_service
|
|
|
|
SessionDep = Annotated[AsyncSession, Depends(get_session)]
|
|
|
|
|
|
def extract_session_token(request: Request) -> str | None:
|
|
"""Bearer header (API clients) takes precedence over the session cookie
|
|
(browser)."""
|
|
authorization = request.headers.get("authorization")
|
|
if authorization and authorization.lower().startswith("bearer "):
|
|
return authorization[7:].strip()
|
|
return request.cookies.get(get_settings().cookie_name)
|
|
|
|
|
|
async def get_current_user(request: Request, session: SessionDep) -> User:
|
|
raw_token = extract_session_token(request)
|
|
if raw_token is None:
|
|
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "authentication required")
|
|
user = await auth_service.resolve_session_user(session, raw_token=raw_token)
|
|
if user is None:
|
|
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "invalid or expired session")
|
|
return user
|
|
|
|
|
|
CurrentUser = Annotated[User, Depends(get_current_user)]
|
|
|
|
|
|
async def get_current_user_or_none(request: Request, session: SessionDep) -> User | None:
|
|
"""Optional auth for public read endpoints — never raises. Returns the user
|
|
when a valid session is present, else None (anonymous viewer)."""
|
|
raw_token = extract_session_token(request)
|
|
if raw_token is None:
|
|
return None
|
|
return await auth_service.resolve_session_user(session, raw_token=raw_token)
|
|
|
|
|
|
CurrentUserOrNone = Annotated[User | None, Depends(get_current_user_or_none)]
|
|
|
|
|
|
def get_mailer() -> Mailer:
|
|
settings = get_settings()
|
|
if settings.mailer == "smtp" and settings.smtp_host:
|
|
return SMTPMailer(settings)
|
|
return ConsoleMailer()
|
|
|
|
|
|
MailerDep = Annotated[Mailer, Depends(get_mailer)]
|
|
|
|
|
|
def get_objectstore() -> ObjectStore:
|
|
return S3ObjectStore(get_settings())
|
|
|
|
|
|
ObjectStoreDep = Annotated[ObjectStore, Depends(get_objectstore)]
|