misc: Move auth constants to separate file

This simplifies avoiding circular imports when trying to use auth handlers.
rommapp · Jan 9, 2025 · 865370e · 865370e
1 parent fb02db6
commit 865370e
Show file tree

Hide file tree

Showing 21 changed files with 78 additions and 77 deletions.
diff --git a/backend/decorators/auth.py b/backend/decorators/auth.py
@@ -14,7 +14,7 @@
 from fastapi.security.http import HTTPBasic
 from fastapi.security.oauth2 import OAuth2PasswordBearer
 from fastapi.types import DecoratedCallable
-from handler.auth.base_handler import (
+from handler.auth.constants import (
     DEFAULT_SCOPES_MAP,
     FULL_SCOPES_MAP,
     WRITE_SCOPES_MAP,

diff --git a/backend/endpoints/collections.py b/backend/endpoints/collections.py
@@ -13,7 +13,7 @@
     CollectionPermissionError,
 )
 from fastapi import Request, UploadFile
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_collection_handler
 from handler.filesystem import fs_resource_handler
 from handler.filesystem.base_handler import CoverSize

diff --git a/backend/endpoints/configs.py b/backend/endpoints/configs.py
@@ -7,7 +7,7 @@
     ConfigNotWritableException,
 )
 from fastapi import HTTPException, Request, status
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from logger.logger import log
 from utils.router import APIRouter
 

diff --git a/backend/endpoints/feeds.py b/backend/endpoints/feeds.py
@@ -12,7 +12,7 @@
     WebrcadeFeedSchema,
 )
 from fastapi import Request
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_platform_handler, db_rom_handler
 from handler.metadata import meta_igdb_handler
 from handler.metadata.base_hander import SWITCH_TITLEDB_REGEX

diff --git a/backend/endpoints/firmware.py b/backend/endpoints/firmware.py
@@ -4,7 +4,7 @@
 from endpoints.responses.firmware import AddFirmwareResponse, FirmwareSchema
 from fastapi import File, HTTPException, Request, UploadFile, status
 from fastapi.responses import FileResponse
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_firmware_handler, db_platform_handler
 from handler.filesystem import fs_firmware_handler
 from handler.scan_handler import scan_firmware

diff --git a/backend/endpoints/platform.py b/backend/endpoints/platform.py
@@ -6,7 +6,7 @@
 from exceptions.endpoint_exceptions import PlatformNotFoundInDatabaseException
 from exceptions.fs_exceptions import PlatformAlreadyExistsException
 from fastapi import Request
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_platform_handler
 from handler.filesystem import fs_platform_handler
 from handler.metadata.igdb_handler import IGDB_PLATFORM_LIST

diff --git a/backend/endpoints/raw.py b/backend/endpoints/raw.py
@@ -2,7 +2,7 @@
 from decorators.auth import protected_route
 from fastapi import Request
 from fastapi.responses import FileResponse
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from utils.router import APIRouter
 
 router = APIRouter()

diff --git a/backend/endpoints/rom.py b/backend/endpoints/rom.py
@@ -19,7 +19,7 @@
 from exceptions.fs_exceptions import RomAlreadyExistsException
 from fastapi import HTTPException, Query, Request, UploadFile, status
 from fastapi.responses import Response
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_collection_handler, db_platform_handler, db_rom_handler
 from handler.filesystem import fs_resource_handler, fs_rom_handler
 from handler.filesystem.base_handler import CoverSize

diff --git a/backend/endpoints/saves.py b/backend/endpoints/saves.py
@@ -5,7 +5,7 @@
 from endpoints.responses.assets import SaveSchema, UploadedSavesResponse
 from exceptions.endpoint_exceptions import RomNotFoundInDatabaseException
 from fastapi import File, HTTPException, Request, UploadFile, status
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_rom_handler, db_save_handler, db_screenshot_handler
 from handler.filesystem import fs_asset_handler
 from handler.scan_handler import scan_save

diff --git a/backend/endpoints/screenshots.py b/backend/endpoints/screenshots.py
@@ -1,7 +1,7 @@
 from decorators.auth import protected_route
 from endpoints.responses.assets import UploadedScreenshotsResponse
 from fastapi import File, HTTPException, Request, UploadFile, status
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_rom_handler, db_screenshot_handler
 from handler.filesystem import fs_asset_handler
 from handler.scan_handler import scan_screenshot

diff --git a/backend/endpoints/search.py b/backend/endpoints/search.py
@@ -2,7 +2,7 @@
 from decorators.auth import protected_route
 from endpoints.responses.search import SearchCoverSchema, SearchRomSchema
 from fastapi import HTTPException, Request, status
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_rom_handler
 from handler.metadata import meta_igdb_handler, meta_moby_handler, meta_sgdb_handler
 from handler.metadata.igdb_handler import IGDB_API_ENABLED

diff --git a/backend/endpoints/states.py b/backend/endpoints/states.py
@@ -5,7 +5,7 @@
 from endpoints.responses.assets import StateSchema, UploadedStatesResponse
 from exceptions.endpoint_exceptions import RomNotFoundInDatabaseException
 from fastapi import File, HTTPException, Request, UploadFile, status
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_rom_handler, db_screenshot_handler, db_state_handler
 from handler.filesystem import fs_asset_handler
 from handler.scan_handler import scan_state

diff --git a/backend/endpoints/tasks.py b/backend/endpoints/tasks.py
@@ -1,7 +1,7 @@
 from decorators.auth import protected_route
 from endpoints.responses import MessageResponse
 from fastapi import Request
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from tasks.update_switch_titledb import update_switch_titledb_task
 from utils.router import APIRouter
 

diff --git a/backend/endpoints/tests/test_oauth.py b/backend/endpoints/tests/test_oauth.py
@@ -2,7 +2,7 @@
 from endpoints.auth import ACCESS_TOKEN_EXPIRE_MINUTES
 from fastapi.exceptions import HTTPException
 from fastapi.testclient import TestClient
-from handler.auth.base_handler import WRITE_SCOPES
+from handler.auth.constants import WRITE_SCOPES
 from main import app
 
 

diff --git a/backend/endpoints/user.py b/backend/endpoints/user.py
@@ -9,7 +9,7 @@
 from endpoints.responses.identity import UserSchema
 from fastapi import Depends, HTTPException, Request, status
 from handler.auth import auth_handler
-from handler.auth.base_handler import Scope
+from handler.auth.constants import Scope
 from handler.database import db_user_handler
 from handler.filesystem import fs_asset_handler
 from logger.logger import log

diff --git a/backend/handler/auth/base_handler.py b/backend/handler/auth/base_handler.py
@@ -1,72 +1,18 @@
-import enum
 import uuid
 from datetime import datetime, timedelta, timezone
-from typing import Any, Final
+from typing import Any
 
 from config import OIDC_ENABLED, ROMM_AUTH_SECRET_KEY
 from exceptions.auth_exceptions import OAuthCredentialsException, UserDisabledException
 from fastapi import HTTPException, status
+from handler.auth.constants import ALGORITHM, DEFAULT_OAUTH_TOKEN_EXPIRY
 from joserfc import jwt
 from joserfc.errors import BadSignatureError
 from joserfc.jwk import OctKey
 from logger.logger import log
 from passlib.context import CryptContext
 from starlette.requests import HTTPConnection
 
-ALGORITHM: Final = "HS256"
-DEFAULT_OAUTH_TOKEN_EXPIRY: Final = timedelta(minutes=15)
-
-
-class Scope(enum.StrEnum):
-    ME_READ = "me.read"
-    ME_WRITE = "me.write"
-    ROMS_READ = "roms.read"
-    ROMS_WRITE = "roms.write"
-    ROMS_USER_READ = "roms.user.read"
-    ROMS_USER_WRITE = "roms.user.write"
-    PLATFORMS_READ = "platforms.read"
-    PLATFORMS_WRITE = "platforms.write"
-    ASSETS_READ = "assets.read"
-    ASSETS_WRITE = "assets.write"
-    FIRMWARE_READ = "firmware.read"
-    FIRMWARE_WRITE = "firmware.write"
-    COLLECTIONS_READ = "collections.read"
-    COLLECTIONS_WRITE = "collections.write"
-    USERS_READ = "users.read"
-    USERS_WRITE = "users.write"
-    TASKS_RUN = "tasks.run"
-
-
-DEFAULT_SCOPES_MAP: Final = {
-    Scope.ME_READ: "View your profile",
-    Scope.ME_WRITE: "Modify your profile",
-    Scope.ROMS_READ: "View ROMs",
-    Scope.PLATFORMS_READ: "View platforms",
-    Scope.ASSETS_READ: "View assets",
-    Scope.ASSETS_WRITE: "Modify assets",
-    Scope.FIRMWARE_READ: "View firmware",
-    Scope.ROMS_USER_READ: "View user-rom properties",
-    Scope.ROMS_USER_WRITE: "Modify user-rom properties",
-    Scope.COLLECTIONS_READ: "View collections",
-    Scope.COLLECTIONS_WRITE: "Modify collections",
-}
-
-WRITE_SCOPES_MAP: Final = {
-    Scope.ROMS_WRITE: "Modify ROMs",
-    Scope.PLATFORMS_WRITE: "Modify platforms",
-    Scope.FIRMWARE_WRITE: "Modify firmware",
-}
-
-FULL_SCOPES_MAP: Final = {
-    Scope.USERS_READ: "View users",
-    Scope.USERS_WRITE: "Modify users",
-    Scope.TASKS_RUN: "Run tasks",
-}
-
-DEFAULT_SCOPES: Final = list(DEFAULT_SCOPES_MAP.keys())
-WRITE_SCOPES: Final = DEFAULT_SCOPES + list(WRITE_SCOPES_MAP.keys())
-FULL_SCOPES: Final = WRITE_SCOPES + list(FULL_SCOPES_MAP.keys())
-
 
 class AuthHandler:
     def __init__(self) -> None:

diff --git a/backend/handler/auth/constants.py b/backend/handler/auth/constants.py
@@ -0,0 +1,57 @@
+import enum
+from datetime import timedelta
+from typing import Final
+
+ALGORITHM: Final = "HS256"
+DEFAULT_OAUTH_TOKEN_EXPIRY: Final = timedelta(minutes=15)
+
+
+class Scope(enum.StrEnum):
+    ME_READ = "me.read"
+    ME_WRITE = "me.write"
+    ROMS_READ = "roms.read"
+    ROMS_WRITE = "roms.write"
+    ROMS_USER_READ = "roms.user.read"
+    ROMS_USER_WRITE = "roms.user.write"
+    PLATFORMS_READ = "platforms.read"
+    PLATFORMS_WRITE = "platforms.write"
+    ASSETS_READ = "assets.read"
+    ASSETS_WRITE = "assets.write"
+    FIRMWARE_READ = "firmware.read"
+    FIRMWARE_WRITE = "firmware.write"
+    COLLECTIONS_READ = "collections.read"
+    COLLECTIONS_WRITE = "collections.write"
+    USERS_READ = "users.read"
+    USERS_WRITE = "users.write"
+    TASKS_RUN = "tasks.run"
+
+
+DEFAULT_SCOPES_MAP: Final = {
+    Scope.ME_READ: "View your profile",
+    Scope.ME_WRITE: "Modify your profile",
+    Scope.ROMS_READ: "View ROMs",
+    Scope.PLATFORMS_READ: "View platforms",
+    Scope.ASSETS_READ: "View assets",
+    Scope.ASSETS_WRITE: "Modify assets",
+    Scope.FIRMWARE_READ: "View firmware",
+    Scope.ROMS_USER_READ: "View user-rom properties",
+    Scope.ROMS_USER_WRITE: "Modify user-rom properties",
+    Scope.COLLECTIONS_READ: "View collections",
+    Scope.COLLECTIONS_WRITE: "Modify collections",
+}
+
+WRITE_SCOPES_MAP: Final = {
+    Scope.ROMS_WRITE: "Modify ROMs",
+    Scope.PLATFORMS_WRITE: "Modify platforms",
+    Scope.FIRMWARE_WRITE: "Modify firmware",
+}
+
+FULL_SCOPES_MAP: Final = {
+    Scope.USERS_READ: "View users",
+    Scope.USERS_WRITE: "Modify users",
+    Scope.TASKS_RUN: "Run tasks",
+}
+
+DEFAULT_SCOPES: Final = list(DEFAULT_SCOPES_MAP.keys())
+WRITE_SCOPES: Final = DEFAULT_SCOPES + list(WRITE_SCOPES_MAP.keys())
+FULL_SCOPES: Final = WRITE_SCOPES + list(FULL_SCOPES_MAP.keys())
diff --git a/backend/handler/auth/tests/test_auth.py b/backend/handler/auth/tests/test_auth.py
@@ -3,7 +3,7 @@
 import pytest
 from fastapi.exceptions import HTTPException
 from handler.auth import auth_handler, oauth_handler
-from handler.auth.base_handler import WRITE_SCOPES
+from handler.auth.constants import WRITE_SCOPES
 from handler.auth.hybrid_auth import HybridAuthBackend
 from handler.database import db_user_handler
 from models.user import User

diff --git a/backend/main.py b/backend/main.py
@@ -34,7 +34,7 @@
 )
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
-from handler.auth.base_handler import ALGORITHM
+from handler.auth.constants import ALGORITHM
 from handler.auth.hybrid_auth import HybridAuthBackend
 from handler.auth.middleware import CustomCSRFMiddleware, SessionMiddleware
 from handler.socket_handler import socket_handler

diff --git a/backend/models/tests/test_user.py b/backend/models/tests/test_user.py
@@ -1,4 +1,4 @@
-from handler.auth.base_handler import DEFAULT_SCOPES, FULL_SCOPES, WRITE_SCOPES
+from handler.auth.constants import DEFAULT_SCOPES, FULL_SCOPES, WRITE_SCOPES
 from models.user import User
 
 

diff --git a/backend/models/user.py b/backend/models/user.py
@@ -4,13 +4,13 @@
 from datetime import datetime, timezone
 from typing import TYPE_CHECKING
 
+from handler.auth.constants import DEFAULT_SCOPES, FULL_SCOPES, WRITE_SCOPES, Scope
 from models.base import BaseModel
 from sqlalchemy import DateTime, Enum, String
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 from starlette.authentication import SimpleUser
 
 if TYPE_CHECKING:
-    from handler.auth.base_handler import Scope
     from models.assets import Save, Screenshot, State
     from models.collection import Collection
     from models.rom import RomUser
@@ -47,8 +47,6 @@ class User(BaseModel, SimpleUser):
 
     @property
     def oauth_scopes(self) -> list[Scope]:
-        from handler.auth.base_handler import DEFAULT_SCOPES, FULL_SCOPES, WRITE_SCOPES
-
         if self.role == Role.ADMIN:
             return FULL_SCOPES