Merge pull request #291 from supertokens/api-logic-implementation

feat: Api logic implementation

Author: nkshah2

examples/with-flask/with-thirdpartyemailpassword/app.py

@@ -3,6 +3,7 @@
 from dotenv import load_dotenv
 from flask import Flask, abort, g, jsonify
 from flask_cors import CORS
+
 from supertokens_python import (
     InputAppInfo,
     SupertokensConfig,
@@ -11,9 +12,9 @@
 )
 from supertokens_python.framework.flask import Middleware
 from supertokens_python.recipe import (
+    emailverification,
     session,
     thirdpartyemailpassword,
-    emailverification,
 )
 from supertokens_python.recipe.session.framework.flask import verify_session
 from supertokens_python.recipe.thirdpartyemailpassword import (

supertokens_python/querier.py

@@ -166,11 +166,18 @@ async def f(url: str) -> Response:
 
         return await self.__send_request_helper(path, "POST", f, len(self.__hosts))
 
-    async def send_delete_request(self, path: NormalisedURLPath):
+    async def send_delete_request(
+        self, path: NormalisedURLPath, params: Union[Dict[str, Any], None] = None
+    ):
+        if params is None:
+            params = {}
+
         async def f(url: str) -> Response:
             async with AsyncClient() as client:
                 return await client.delete(  # type:ignore
-                    url, headers=await self.__get_headers_with_api_version(path)
+                    url,
+                    params=params,
+                    headers=await self.__get_headers_with_api_version(path),
                 )
 
         return await self.__send_request_helper(path, "DELETE", f, len(self.__hosts))

supertokens_python/recipe/dashboard/__init__.py

@@ -14,18 +14,20 @@
 
 from __future__ import annotations
 
-from typing import Optional, Callable
+from typing import TYPE_CHECKING, Callable, Optional, Union
 
-from supertokens_python import AppInfo, RecipeModule
-from supertokens_python.recipe.dashboard.utils import InputOverrideConfig
-
-from .recipe import DashboardRecipe
+if TYPE_CHECKING:
+    from supertokens_python import AppInfo, RecipeModule
+    from supertokens_python.recipe.dashboard.utils import InputOverrideConfig
 
 
 def init(
-    api_key: str,
+    api_key: Union[str, None] = None,
     override: Optional[InputOverrideConfig] = None,
 ) -> Callable[[AppInfo], RecipeModule]:
+    # Global import for the following was avoided because of circular import errors
+    from .recipe import DashboardRecipe
+
     return DashboardRecipe.init(
         api_key,
         override,

supertokens_python/recipe/dashboard/api/__init__.py

@@ -13,8 +13,8 @@
 # under the License.
 from .api_key_protector import api_key_protector
 from .dashboard import handle_dashboard_api
-from .signin import handle_sign_in_api
-from .signout import handle_signout
+from .signin import handle_emailpassword_signin_api
+from .signout import handle_emailpassword_signout_api
 from .userdetails.user_delete import handle_user_delete
 from .userdetails.user_email_verify_get import handle_user_email_verify_get
 from .userdetails.user_email_verify_put import handle_user_email_verify_put
@@ -47,6 +47,6 @@
     "handle_user_sessions_post",
     "handle_user_password_put",
     "handle_email_verify_token_post",
-    "handle_sign_in_api",
-    "handle_signout",
+    "handle_emailpassword_signin_api",
+    "handle_emailpassword_signout_api",
 ]

supertokens_python/recipe/dashboard/api/implementation.py

@@ -17,13 +17,12 @@
 from textwrap import dedent
 from typing import TYPE_CHECKING, Any, Dict
 
-from supertokens_python.normalised_url_domain import NormalisedURLDomain
 from supertokens_python import Supertokens
+from supertokens_python.normalised_url_domain import NormalisedURLDomain
 from supertokens_python.normalised_url_path import NormalisedURLPath
+
 from ..constants import DASHBOARD_API
-from ..interfaces import (
-    APIInterface,
-)
+from ..interfaces import APIInterface
 
 if TYPE_CHECKING:
     from ..interfaces import APIOptions
@@ -48,7 +47,7 @@ async def dashboard_get(
 
             connection_uri = ""
             super_tokens_instance = Supertokens.get_instance()
-
+            auth_mode = options.config.auth_mode
             connection_uri = super_tokens_instance.supertokens_config.connection_uri
 
             dashboard_path = options.app_info.api_base_path.append(
@@ -65,6 +64,7 @@ async def dashboard_get(
                             window.staticBasePath = "${bundleDomain}/static"
                             window.dashboardAppPath = "${dashboardPath}"
                             window.connectionURI = "${connectionURI}"
+                            window.authMode = "${authMode}"
                         </script>
                         <script defer src="${bundleDomain}/static/js/bundle.js"></script></head>
                         <link href="${bundleDomain}/static/css/main.css" rel="stylesheet" type="text/css">
@@ -81,6 +81,7 @@ async def dashboard_get(
                 bundleDomain=bundle_domain,
                 dashboardPath=dashboard_path,
                 connectionURI=connection_uri,
+                authMode=auth_mode,
             )
 
         self.dashboard_get = dashboard_get

supertokens_python/recipe/dashboard/api/signin.py

@@ -18,6 +18,39 @@
 if TYPE_CHECKING:
     from supertokens_python.recipe.dashboard.interfaces import APIInterface, APIOptions
 
-# pylint: disable=unused-argument
-async def handle_sign_in_api(api_implementation: APIInterface, api_options: APIOptions):
-    pass
+from supertokens_python.exceptions import raise_bad_input_exception
+from supertokens_python.normalised_url_path import NormalisedURLPath
+from supertokens_python.querier import Querier
+from supertokens_python.utils import send_200_response
+
+
+async def handle_emailpassword_signin_api(_: APIInterface, api_options: APIOptions):
+    body = await api_options.request.json()
+    if body is None:
+        raise_bad_input_exception("Please send body")
+    email = body.get("email")
+    password = body.get("password")
+
+    if email is None or not isinstance(email, str):
+        raise_bad_input_exception("Missing required parameter 'email'")
+    if password is None or not isinstance(password, str):
+        raise_bad_input_exception("Missing required parameter 'password'")
+    response = await Querier.get_instance().send_post_request(
+        NormalisedURLPath("/recipe/dashboard/signin"),
+        {"email": email, "password": password},
+    )
+
+    if "status" in response and response["status"] == "OK":
+        return send_200_response(
+            {"status": "OK", "sessionId": response["sessionId"]}, api_options.response
+        )
+    if "status" in response and response["status"] == "INVALID_CREDENTIALS_ERROR":
+        return send_200_response(
+            {"status": "INVALID_CREDENTIALS_ERROR"},
+            api_options.response,
+        )
+    if "status" in response and response["status"] == "USER_SUSPENDED_ERROR":
+        return send_200_response(
+            {"status": "USER_SUSPENDED_ERROR", "message": response["message"]},
+            api_options.response,
+        )

supertokens_python/recipe/dashboard/api/signout.py

@@ -18,11 +18,26 @@
 if TYPE_CHECKING:
     from supertokens_python.recipe.dashboard.interfaces import APIInterface, APIOptions
 
+from supertokens_python.exceptions import raise_bad_input_exception
+from supertokens_python.normalised_url_path import NormalisedURLPath
+from supertokens_python.querier import Querier
+
 from ..interfaces import SignOutOK
 
 
-# pylint: disable=unused-argument
-async def handle_signout(
-    api_implementation: APIInterface, api_options: APIOptions
+async def handle_emailpassword_signout_api(
+    _: APIInterface, api_options: APIOptions
 ) -> SignOutOK:
+    if api_options.config.auth_mode == "api-key":
+        return SignOutOK()
+    session_id_form_auth_header = api_options.request.get_header("authorization")
+    if not session_id_form_auth_header:
+        return raise_bad_input_exception(
+            "Neither 'API Key' nor 'Authorization' header was found"
+        )
+    session_id_form_auth_header = session_id_form_auth_header.split()[1]
+    await Querier.get_instance().send_delete_request(
+        NormalisedURLPath("/recipe/dashboard/session"),
+        {"sessionId": session_id_form_auth_header},
+    )
     return SignOutOK()

supertokens_python/recipe/dashboard/api/validate_key.py

@@ -22,25 +22,19 @@
     )
 
 from supertokens_python.utils import (
-    default_user_context,
     send_200_response,
     send_non_200_response_with_message,
 )
 
+from ..utils import validate_api_key
+
 
 async def handle_validate_key_api(
-    api_implementation: APIInterface, api_options: APIOptions
+    _api_implementation: APIInterface, api_options: APIOptions
 ):
-    _ = api_implementation
 
-    should_allow_accesss = await api_options.recipe_implementation.should_allow_access(
-        api_options.request,
-        api_options.config,
-        default_user_context(api_options.request),
-    )
-    if should_allow_accesss is False:
-        return send_non_200_response_with_message(
-            "Unauthorized access", 401, api_options.response
-        )
+    is_valid_key = validate_api_key(api_options.request, api_options.config)
 
-    return send_200_response({"status": "OK"}, api_options.response)
+    if is_valid_key:
+        return send_200_response({"status": "OK"}, api_options.response)
+    return send_non_200_response_with_message("Unauthorised", 401, api_options.response)

supertokens_python/recipe/dashboard/interfaces.py

@@ -19,13 +19,14 @@
 from supertokens_python.recipe.session.interfaces import SessionInformationResult
 from supertokens_python.types import User
 
-from ...supertokens import AppInfo
 from ...types import APIResponse
-from .utils import DashboardConfig, UserWithMetadata
 
 if TYPE_CHECKING:
     from supertokens_python.framework import BaseRequest, BaseResponse
 
+    from ...supertokens import AppInfo
+    from .utils import DashboardConfig, UserWithMetadata
+
 
 class SessionInfo:
     def __init__(self, info: SessionInformationResult) -> None:
@@ -288,5 +289,7 @@ def to_json(self) -> Dict[str, Any]:
 
 
 class SignOutOK(APIResponse):
+    status: str = "OK"
+
     def to_json(self):
-        return {"status": "OK"}
+        return {"status": self.status}

supertokens_python/recipe/dashboard/recipe.py

@@ -23,11 +23,11 @@
     api_key_protector,
     handle_dashboard_api,
     handle_email_verify_token_post,
+    handle_emailpassword_signin_api,
+    handle_emailpassword_signout_api,
     handle_metadata_get,
     handle_metadata_put,
     handle_sessions_get,
-    handle_sign_in_api,
-    handle_signout,
     handle_user_delete,
     handle_user_email_verify_get,
     handle_user_email_verify_put,
@@ -141,7 +141,9 @@ async def handle_api_request(
         if request_id == VALIDATE_KEY_API:
             return await handle_validate_key_api(self.api_implementation, api_options)
         if request_id == EMAIL_PASSWORD_SIGN_IN:
-            return await handle_sign_in_api(self.api_implementation, api_options)
+            return await handle_emailpassword_signin_api(
+                self.api_implementation, api_options
+            )
 
         # Do API key validation for the remaining APIs
         api_function: Optional[
@@ -178,7 +180,7 @@ async def handle_api_request(
         elif request_id == USER_EMAIL_VERIFY_TOKEN_API:
             api_function = handle_email_verify_token_post
         elif request_id == EMAIL_PASSSWORD_SIGNOUT:
-            api_function = handle_signout
+            api_function = handle_emailpassword_signout_api
 
         if api_function is not None:
             return await api_key_protector(

supertokens_python/recipe/dashboard/recipe_implementation.py

@@ -15,12 +15,13 @@
 
 from typing import Any, Dict
 
-from supertokens_python.framework import BaseRequest
-from .interfaces import (
-    RecipeInterface,
-)
 from supertokens_python.constants import DASHBOARD_VERSION
-from .utils import DashboardConfig
+from supertokens_python.framework import BaseRequest
+from supertokens_python.normalised_url_path import NormalisedURLPath
+from supertokens_python.querier import Querier
+
+from .interfaces import RecipeInterface
+from .utils import DashboardConfig, validate_api_key
 
 
 class RecipeImplementation(RecipeInterface):
@@ -33,12 +34,21 @@ async def should_allow_access(
         config: DashboardConfig,
         user_context: Dict[str, Any],
     ) -> bool:
-        api_key_header_value = request.get_header("authorization")
-
-        # We receive the api key as `Bearer API_KEY`, this retrieves just the key
-        api_key = api_key_header_value.split(" ")[1] if api_key_header_value else None
-
-        if api_key is None:
-            return False
-
-        return api_key == config.api_key
+        if not config.api_key:
+            auth_header_value = request.get_header("authorization")
+
+            if not auth_header_value:
+                return False
+
+            auth_header_value = auth_header_value.split()[1]
+            session_verification_response = (
+                await Querier.get_instance().send_post_request(
+                    NormalisedURLPath("/recipe/dashboard/session/verify"),
+                    {"sessionId": auth_header_value},
+                )
+            )
+            return (
+                "status" in session_verification_response
+                and session_verification_response["status"] == "OK"
+            )
+        return validate_api_key(request, config)

supertokens_python/recipe/dashboard/utils.py

@@ -17,6 +17,7 @@
 
 if TYPE_CHECKING:
     from supertokens_python.framework.request import BaseRequest
+    from ...supertokens import AppInfo
 
 from supertokens_python.recipe.emailpassword import EmailPasswordRecipe
 from supertokens_python.recipe.emailpassword.asyncio import (
@@ -46,7 +47,6 @@
 from supertokens_python.utils import Awaitable
 
 from ...normalised_url_path import NormalisedURLPath
-from ...supertokens import AppInfo
 from .constants import (
     DASHBOARD_API,
     EMAIL_PASSSWORD_SIGNOUT,
@@ -394,8 +394,10 @@ def is_recipe_initialised(recipeId: str) -> bool:
     return isRecipeInitialised
 
 
-def validate_APIKey(req: BaseRequest, config: DashboardConfig) -> bool:
-    apiKeyHeaderValue = req.get_header("authorization")
-    if not apiKeyHeaderValue:
+def validate_api_key(req: BaseRequest, config: DashboardConfig) -> bool:
+    api_key_header_value = req.get_header("authorization")
+    if not api_key_header_value:
         return False
-    return apiKeyHeaderValue == config.api_key
+    # We receieve the api key as `Bearer API_KEY`, this retrieves just the key
+    api_key_header_value = api_key_header_value.split(" ")[1]
+    return api_key_header_value == config.api_key

supertokens_python/recipe/emailverification/interfaces.py

@@ -14,16 +14,17 @@
 from __future__ import annotations
 
 from abc import ABC, abstractmethod
-from typing import TYPE_CHECKING, Any, Dict, Union, Callable, Awaitable, Optional
+from typing import TYPE_CHECKING, Any, Awaitable, Callable, Dict, Optional, Union
 
 from supertokens_python.ingredients.emaildelivery import EmailDeliveryIngredient
 from supertokens_python.types import APIResponse, GeneralErrorResponse
+
 from ..session.interfaces import SessionContainer
-from ...supertokens import AppInfo
 
 if TYPE_CHECKING:
     from supertokens_python.framework import BaseRequest, BaseResponse
 
+    from ...supertokens import AppInfo
     from .types import User, VerificationEmailTemplateVars
     from .utils import EmailVerificationConfig