Skip to content

Commit

Permalink
update working schema
Browse files Browse the repository at this point in the history
  • Loading branch information
@mwfarb
mwfarb committed Aug 7, 2024
1 parent 3909baa commit 3f9550b
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 90 deletions.
40 changes: 20 additions & 20 deletions users/mqtt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def generate_arena_token_v1(
user,
username,
realm="realm",
namespaced_scene=None,
ns_scene=None,
device=None,
camid=None,
userid=None,
Expand All @@ -54,7 +54,7 @@ def generate_arena_token_v1(
user (object): User object
username (str): _description_
realm (str, optional): _description_. Defaults to "realm".
scene (str, optional): _description_. Defaults to None.
ns_scene (str, optional): _description_. Defaults to None.
device (str, optional): _description_. Defaults to None.
camid (str, optional): _description_. Defaults to None.
userid (str, optional): _description_. Defaults to None.
Expand Down Expand Up @@ -85,22 +85,22 @@ def generate_arena_token_v1(
p_users = SCENE_USERS_DEF

# create permissions shorthand
if namespaced_scene and Scene.objects.filter(name=namespaced_scene).exists():
scene_perm = Scene.objects.get(name=namespaced_scene)
if ns_scene and Scene.objects.filter(name=ns_scene).exists():
scene_perm = Scene.objects.get(name=ns_scene)
p_public_read = scene_perm.public_read
p_public_write = scene_perm.public_write
p_anonymous_users = scene_perm.anonymous_users
p_video = scene_perm.video_conference
p_users = scene_perm.users

# add jitsi server params if a/v scene
if namespaced_scene and camid and p_users and p_video:
if ns_scene and camid and p_users and p_video:
host = os.getenv("HOSTNAME")
headers = {"kid": host}
payload["aud"] = "arena"
payload["iss"] = "arena-account"
# we use the namespace + scene name as the jitsi room name, handle RFC 3986 reserved chars as = '_'
roomname = re.sub(r"[!#$&'()*+,\/:;=?@[\]]", '_', namespaced_scene.lower())
roomname = re.sub(r"[!#$&'()*+,\/:;=?@[\]]", '_', ns_scene.lower())
payload["room"] = roomname

# everyone should be able to read all public scenes
Expand All @@ -125,8 +125,8 @@ def generate_arena_token_v1(
subs.append(f"{realm}/env/#")
pubs.append(f"{realm}/env/#")
# vio experiments, staff only
if namespaced_scene:
pubs.append(f"{realm}/vio/{namespaced_scene}/#")
if ns_scene:
pubs.append(f"{realm}/vio/{ns_scene}/#")
else:
# scene owners have rights to their scene objects only
subs.append(f"{realm}/s/{username}/#")
Expand All @@ -137,7 +137,7 @@ def generate_arena_token_v1(
# add scenes that have been granted by other owners
u_scenes = Scene.objects.filter(editors=user)
for u_scene in u_scenes:
if not namespaced_scene or (namespaced_scene and u_scene.name == namespaced_scene):
if not ns_scene or (ns_scene and u_scene.name == ns_scene):
subs.append(f"{realm}/s/{u_scene.name}/#")
pubs.append(f"{realm}/s/{u_scene.name}/#")
subs.append(f"{realm}/env/{u_scene.name}/#")
Expand All @@ -153,28 +153,28 @@ def generate_arena_token_v1(
pubs.append(f"{realm}/d/{username}/#")

# anon/non-owners have rights to view scene objects only
if namespaced_scene and not user.is_staff:
if ns_scene and not user.is_staff:
# did the user set specific public read or public write?
if not user.is_authenticated and not p_anonymous_users:
return None # anonymous not permitted
if p_public_read:
subs.append(f"{realm}/s/{namespaced_scene}/#")
subs.append(f"{realm}/s/{ns_scene}/#")
# Interactivity to extent of viewing objects is similar to publishing env
pubs.append(f"{realm}/env/{namespaced_scene}/#")
pubs.append(f"{realm}/env/{ns_scene}/#")
if p_public_write:
pubs.append(f"{realm}/s/{namespaced_scene}/#")
pubs.append(f"{realm}/s/{ns_scene}/#")
# user presence objects
if camid and p_users: # probable web browser write
pubs.append(f"{realm}/s/{namespaced_scene}/{camid}")
pubs.append(f"{realm}/s/{namespaced_scene}/{camid}/#")
pubs.append(f"{realm}/s/{ns_scene}/{camid}")
pubs.append(f"{realm}/s/{ns_scene}/{camid}/#")
if handleftid and p_users:
pubs.append(f"{realm}/s/{namespaced_scene}/{handleftid}")
pubs.append(f"{realm}/s/{ns_scene}/{handleftid}")
if handrightid and p_users:
pubs.append(f"{realm}/s/{namespaced_scene}/{handrightid}")
pubs.append(f"{realm}/s/{ns_scene}/{handrightid}")

# chat messages
if namespaced_scene and userid and p_users:
namespace = namespaced_scene.split("/")[0]
if ns_scene and userid and p_users:
namespace = ns_scene.split("/")[0]
# receive private messages: Read
subs.append(f"{realm}/c/{namespace}/p/{userid}/#")
# receive open messages to everyone and/or scene: Read
Expand All @@ -185,7 +185,7 @@ def generate_arena_token_v1(
pubs.append(f"{realm}/c/{namespace}/p/+/{userid}")

# apriltags
if namespaced_scene:
if ns_scene:
subs.append(f"{realm}/g/a/#")
pubs.append(f"{realm}/g/a/#")

Expand Down
71 changes: 1 addition & 70 deletions users/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -620,74 +620,6 @@ def storelogin(request):
return response


class ArenaTokenSchema(AutoSchema):
def __init__(self):
super(ArenaTokenSchema, self).__init__()

def get_manual_fields(self, path, method):
extra_fields = [
coreapi.Field(
"username",
required=True,
location="body",
type="string",
description="ARENA user database username, or like 'anonymous-[name]'.",
),
coreapi.Field(
"id_token",
required=False,
location="body",
type="string",
description="JWT id_token from social account authentication service, \
if forwarding from remote client like arena-py.",
),
coreapi.Field(
"realm",
required=False,
location="body",
type="string",
description="Name of the ARENA realm used in the topic string (default: 'realm').",
),
coreapi.Field(
"scene",
required=False,
location="body",
type="string",
description="Name of the ARENA scene: '[namespace]/[scene]'.",
),
coreapi.Field(
"userid",
required=False,
location="body",
type="string",
description="Name of the user's ARENA web client id.",
),
coreapi.Field(
"camid",
required=False,
location="body",
type="string",
description="Name of the user's ARENA camera object id.",
),
coreapi.Field(
"handleftid",
required=False,
location="body",
type="string",
description="Name of the user's ARENA controller object left hand.",
),
coreapi.Field(
"handrightid",
required=False,
location="body",
type="string",
description="Name of the user's ARENA controller object right hand.",
),
]
manual_fields = super().get_manual_fields(path, method)
return manual_fields + extra_fields


def get_user_from_id_token(gid_token):
"""
Internal method to validate id_tokens from remote authentication.
Expand Down Expand Up @@ -729,7 +661,6 @@ def deprecated_token(request):


@ api_view(["POST"])
# @schema(ArenaTokenSchema()) # TODO: schema not working yet
def arena_token_v1(request):
"""
Endpoint to request an ARENA token with permissions for an anonymous or authenticated user for
Expand Down Expand Up @@ -777,7 +708,7 @@ def arena_token_v1(request):
user=user,
username=username,
realm=request.POST.get("realm", "realm"),
namespaced_scene=request.POST.get("scene", None),
ns_scene=request.POST.get("scene", None),
camid=camid,
userid=userid,
handleftid=handleftid,
Expand Down

0 comments on commit 3f9550b

Please sign in to comment.