From fd3f1fc9296b8f86d3a85e71296fc099010cf0ea Mon Sep 17 00:00:00 2001 From: jokob-sk Date: Sun, 31 Aug 2025 09:54:56 +1000 Subject: [PATCH] api layer v0.3.2 - /settings Signed-off-by: jokob-sk --- server/api_server/api_server_start.py | 12 ++++++ test/test_settings_endpoints.py | 53 +++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100755 test/test_settings_endpoints.py diff --git a/server/api_server/api_server_start.py b/server/api_server/api_server_start.py index 168b42ed..7d766834 100755 --- a/server/api_server/api_server_start.py +++ b/server/api_server/api_server_start.py @@ -34,6 +34,7 @@ CORS( r"/history/*": {"origins": "*"}, r"/nettools/*": {"origins": "*"}, r"/sessions/*": {"origins": "*"}, + r"/settings/*": {"origins": "*"}, r"/dbquery/*": {"origins": "*"}, r"/events/*": {"origins": "*"} }, @@ -77,6 +78,17 @@ def graphql_endpoint(): return jsonify(response) +# -------------------------- +# Settings Endpoints +# -------------------------- + +@app.route("/settings/", methods=["GET"]) +def api_get_setting(setKey): + if not is_authorized(): + return jsonify({"error": "Forbidden"}), 403 + value = get_setting_value(setKey) + return jsonify({"success": True, "value": value}) + # -------------------------- # Device Endpoints # -------------------------- diff --git a/test/test_settings_endpoints.py b/test/test_settings_endpoints.py new file mode 100755 index 00000000..aefb851a --- /dev/null +++ b/test/test_settings_endpoints.py @@ -0,0 +1,53 @@ +import sys +import pathlib +import sqlite3 +import random +import string +import uuid +import pytest +from datetime import datetime, timedelta + +INSTALL_PATH = "/app" +sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"]) + +from helper import timeNowTZ, get_setting_value +from api_server.api_server_start import app + +@pytest.fixture(scope="session") +def api_token(): + return get_setting_value("API_TOKEN") + +@pytest.fixture +def client(): + with app.test_client() as client: + yield client + +@pytest.fixture +def test_mac(): + # Generate a unique MAC for each test run + return "AA:BB:CC:" + ":".join(f"{random.randint(0,255):02X}" for _ in range(3)) + +def auth_headers(token): + return {"Authorization": f"Bearer {token}"} + +def test_get_setting_unauthorized(client): + resp = client.get("/settings/API_TOKEN") # no auth header + assert resp.status_code == 403 + assert resp.json.get("error") == "Forbidden" + + +def test_get_setting_valid_key(client, api_token): + # We know API_TOKEN exists in settings + resp = client.get("/settings/API_TOKEN", headers=auth_headers(api_token)) + assert resp.status_code == 200 + assert resp.json.get("success") is True + # The value should equal the token itself + assert resp.json.get("value") == api_token + + +def test_get_setting_invalid_key(client, api_token): + resp = client.get("/settings/DOES_NOT_EXIST", headers=auth_headers(api_token)) + assert resp.status_code == 200 + assert resp.json.get("success") is True + # Depending on implementation, might be None or "" + assert resp.json.get("value") in (None, "")