routes

Author: mariusandra

backend/app/api/__init__.py

@@ -1,7 +1,18 @@
 from fastapi import APIRouter
 
-public_api = APIRouter()
-private_api = APIRouter()
+# When using HASSIO_MODE (Home Assistant ingress with automatic login), we make this distinction:
+# - api_public: exported to the local network via port 8989, no authentication required
+# - api_no_auth: accessible via Home Assistant ingress (on port 8990) without authentication
+# - api_with_auth: accessible via Home Assistant ingress (on port 8990) without authentication
+
+# When not using HASSIO_MODE (running directly from Docker), we make this distinction:
+# - api_public: routes that do not require authentication
+# - api_no_auth: routes that do not require authentication
+# - api_with_auth: routes that can only be accessed by authenticated users
+
+api_public = APIRouter()
+api_no_auth = APIRouter()
+api_with_auth = APIRouter()
 
 from .auth import *  # noqa: E402, F403
 from .apps import *  # noqa: E402, F403

backend/app/api/apps.py

@@ -19,24 +19,24 @@
  EnhanceSourceRequest,
  EnhanceSourceResponse
 )
-from . import private_api
+from . import api_with_auth
 
 from typing import Optional
 
-@private_api.get("/apps", response_model=AppsListResponse)
+@api_with_auth.get("/apps", response_model=AppsListResponse)
 async def api_apps_list(db: Session = Depends(get_db)):
     return {"apps": get_app_configs()}
 
 
-@private_api.get("/apps/source", response_model=AppsSourceResponse)
+@api_with_auth.get("/apps/source", response_model=AppsSourceResponse)
 async def api_apps_source(keyword: Optional[str] = None, db: Session = Depends(get_db)):
     sources = get_one_app_sources(keyword)
     if sources is None:
         raise HTTPException(status_code=404, detail="App sources not found")
     return sources
 
 
-@private_api.post("/apps/validate_source", response_model=ValidateSourceResponse)
+@api_with_auth.post("/apps/validate_source", response_model=ValidateSourceResponse)
 async def validate_python_frame_source(data: ValidateSourceRequest):
     file = data.file
     source = data.source
@@ -56,7 +56,7 @@ async def validate_python_frame_source(data: ValidateSourceRequest):
     return {"errors": errors}
 
 
-@private_api.post("/apps/enhance_source", response_model=EnhanceSourceResponse)
+@api_with_auth.post("/apps/enhance_source", response_model=EnhanceSourceResponse)
 async def enhance_python_frame_source(data: EnhanceSourceRequest, db: Session = Depends(get_db)):
     source = data.source
     prompt = data.prompt

backend/app/api/auth.py

@@ -15,7 +15,7 @@
 from werkzeug.security import generate_password_hash, check_password_hash
 from app.schemas.auth import Token, UserSignup
 
-from . import public_api
+from . import api_no_auth
 
 config = get_config()
 SECRET_KEY = config.SECRET_KEY
@@ -35,6 +35,14 @@ def create_access_token(data: dict, expires_delta: Optional[datetime.timedelta]
     return encoded_jwt
 
 async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
+    # if config.HASSIO_MODE == "ingress":
+    #     user = db.query(User).first()
+    #     if user is None:
+    #         user = User(email="[email protected]", password="")
+    #         db.add(user)
+    #         db.commit()
+    #     return user
+
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
@@ -53,8 +61,10 @@ async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = De
         raise credentials_exception
     return user
 
-@public_api.post("/login", response_model=Token)
+@api_no_auth.post("/login", response_model=Token)
 async def login(request: Request, form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
+    if config.HASSIO_MODE is not None:
+        raise HTTPException(status_code=401, detail="Login not allowed with HASSIO_MODE")
     email = form_data.username
     password = form_data.password
     ip = request.client.host
@@ -76,8 +86,11 @@ async def login(request: Request, form_data: OAuth2PasswordRequestForm = Depends
     access_token = create_access_token(data={"sub": user.email}, expires_delta=access_token_expires)
     return {"access_token": access_token, "token_type": "bearer"}
 
-@public_api.post("/signup")
+@api_no_auth.post("/signup")
 async def signup(data: UserSignup, db: Session = Depends(get_db)):
+    if config.HASSIO_MODE is not None:
+        raise HTTPException(status_code=401, detail="Signup not allowed with HASSIO_MODE")
+
     # Check if there is already a user registered (one-user system)
     if db.query(User).first() is not None:
         raise HTTPException(status_code=400, detail="Only one user is allowed. Please login!")

backend/app/api/frames.py

@@ -25,28 +25,29 @@
     FrameMetricsResponse, FrameImageLinkResponse, FrameStateResponse,
     FrameAssetsResponse, FrameCreateRequest, FrameUpdateRequest
 )
-from app.api.auth import ALGORITHM, SECRET_KEY, get_current_user
+from app.api.auth import ALGORITHM, SECRET_KEY
 from app.utils.network import is_safe_host
 from app.redis import get_redis
-from . import private_api, public_api
+from app.config import Config, get_config
+from . import api_with_auth, api_no_auth
 
 
-@private_api.get("/frames", response_model=FramesListResponse)
+@api_with_auth.get("/frames", response_model=FramesListResponse)
 async def api_frames_list(db: Session = Depends(get_db)):
     frames = db.query(Frame).all()
     frames_list = [frame.to_dict() for frame in frames]
     return {"frames": frames_list}
 
 
-@private_api.get("/frames/{id:int}", response_model=FrameResponse)
+@api_with_auth.get("/frames/{id:int}", response_model=FrameResponse)
 async def api_frame_get(id: int, db: Session = Depends(get_db)):
     frame = db.get(Frame, id)
     if frame is None:
         raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail="Frame not found")
     return {"frame": frame.to_dict()}
 
 
-@private_api.get("/frames/{id:int}/logs", response_model=FrameLogsResponse)
+@api_with_auth.get("/frames/{id:int}/logs", response_model=FrameLogsResponse)
 async def api_frame_get_logs(id: int, db: Session = Depends(get_db)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -55,8 +56,8 @@ async def api_frame_get_logs(id: int, db: Session = Depends(get_db)):
     return {"logs": logs}
 
 
-@private_api.get("/frames/{id:int}/image_link", response_model=FrameImageLinkResponse)
-async def get_image_link(id: int, user=Depends(get_current_user)):
+@api_with_auth.get("/frames/{id:int}/image_link", response_model=FrameImageLinkResponse)
+async def get_image_link(id: int, config: Config = Depends(get_config)):
     expire_minutes = 5
     now = datetime.utcnow()
     expire = now + timedelta(minutes=expire_minutes)
@@ -66,11 +67,11 @@ async def get_image_link(id: int, user=Depends(get_current_user)):
     expires_in = int((expire - now).total_seconds())
 
     return {
-        "url": f"/api/frames/{id}/image?token={token}",
+        "url": config.base_path + f"/api/frames/{id}/image?token={token}",
         "expires_in": expires_in
     }
 
-@public_api.get("/frames/{id:int}/image")
+@api_no_auth.get("/frames/{id:int}/image")
 async def api_frame_get_image(id: int, token: str, request: Request, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
@@ -109,7 +110,7 @@ async def api_frame_get_image(id: int, token: str, request: Request, db: Session
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.get("/frames/{id:int}/state", response_model=FrameStateResponse)
+@api_with_auth.get("/frames/{id:int}/state", response_model=FrameStateResponse)
 async def api_frame_get_state(id: int, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -145,7 +146,7 @@ async def api_frame_get_state(id: int, db: Session = Depends(get_db), redis: Red
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}/event/{event}")
+@api_with_auth.post("/frames/{id:int}/event/{event}")
 async def api_frame_event(id: int, event: str, request: Request, db: Session = Depends(get_db)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -177,7 +178,7 @@ async def api_frame_event(id: int, event: str, request: Request, db: Session = D
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.get("/frames/{id:int}/scene_source/{scene}")
+@api_with_auth.get("/frames/{id:int}/scene_source/{scene}")
 async def api_frame_scene_source(id: int, scene: str, db: Session = Depends(get_db)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -189,7 +190,7 @@ async def api_frame_scene_source(id: int, scene: str, db: Session = Depends(get_
     raise HTTPException(status_code=HTTPStatus.NOT_FOUND, detail=f"Scene {scene} not found")
 
 
-@private_api.get("/frames/{id:int}/assets", response_model=FrameAssetsResponse)
+@api_with_auth.get("/frames/{id:int}/assets", response_model=FrameAssetsResponse)
 async def api_frame_get_assets(id: int, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -216,7 +217,7 @@ async def api_frame_get_assets(id: int, db: Session = Depends(get_db), redis: Re
     return {"assets": assets}
 
 
-@private_api.get("/frames/{id:int}/asset")
+@api_with_auth.get("/frames/{id:int}/asset")
 async def api_frame_get_asset(id: int, request: Request, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
     frame = db.get(Frame, id)
     if frame is None:
@@ -279,7 +280,7 @@ async def api_frame_get_asset(id: int, request: Request, db: Session = Depends(g
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}/reset")
+@api_with_auth.post("/frames/{id:int}/reset")
 async def api_frame_reset_event(id: int, redis: Redis = Depends(get_redis)):
     try:
         from app.tasks import reset_frame
@@ -289,7 +290,7 @@ async def api_frame_reset_event(id: int, redis: Redis = Depends(get_redis)):
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}/restart")
+@api_with_auth.post("/frames/{id:int}/restart")
 async def api_frame_restart_event(id: int, redis: Redis = Depends(get_redis)):
     try:
         from app.tasks import restart_frame
@@ -299,7 +300,7 @@ async def api_frame_restart_event(id: int, redis: Redis = Depends(get_redis)):
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}/stop")
+@api_with_auth.post("/frames/{id:int}/stop")
 async def api_frame_stop_event(id: int, redis: Redis = Depends(get_redis)):
     try:
         from app.tasks import stop_frame
@@ -309,7 +310,7 @@ async def api_frame_stop_event(id: int, redis: Redis = Depends(get_redis)):
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}/deploy")
+@api_with_auth.post("/frames/{id:int}/deploy")
 async def api_frame_deploy_event(id: int, redis: Redis = Depends(get_redis)):
     try:
         from app.tasks import deploy_frame
@@ -319,7 +320,7 @@ async def api_frame_deploy_event(id: int, redis: Redis = Depends(get_redis)):
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.post("/frames/{id:int}")
+@api_with_auth.post("/frames/{id:int}")
 async def api_frame_update_endpoint(
     id: int,
     data: FrameUpdateRequest,
@@ -356,7 +357,7 @@ async def api_frame_update_endpoint(
     return {"message": "Frame updated successfully"}
 
 
-@private_api.post("/frames/new", response_model=FrameResponse)
+@api_with_auth.post("/frames/new", response_model=FrameResponse)
 async def api_frame_new(data: FrameCreateRequest, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
     try:
         frame = await new_frame(db, redis, data.name, data.frame_host, data.server_host, data.device, data.interval)
@@ -365,7 +366,7 @@ async def api_frame_new(data: FrameCreateRequest, db: Session = Depends(get_db),
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail=str(e))
 
 
-@private_api.delete("/frames/{frame_id}")
+@api_with_auth.delete("/frames/{frame_id}")
 async def api_frame_delete(
     frame_id: int,
     db: Session = Depends(get_db),
@@ -378,7 +379,7 @@ async def api_frame_delete(
         raise HTTPException(status_code=404, detail="Frame not found")
 
 
-@private_api.get("/frames/{id:int}/metrics", response_model=FrameMetricsResponse)
+@api_with_auth.get("/frames/{id:int}/metrics", response_model=FrameMetricsResponse)
 async def api_frame_metrics(id: int, db: Session = Depends(get_db)):
     frame = db.get(Frame, id)
     if frame is None:

backend/app/api/log.py

@@ -7,9 +7,9 @@
 from app.models.log import process_log
 from app.schemas.log import LogRequest, LogResponse
 from app.redis import get_redis
-from . import public_api
+from . import api_public
 
-@public_api.post("/log", response_model=LogResponse)
+@api_public.post("/log", response_model=LogResponse)
 async def post_api_log(
     data: LogRequest,
     db: Session = Depends(get_db),

backend/app/api/repositories.py

@@ -15,13 +15,13 @@
     RepositoryResponse,
     RepositoriesListResponse
 )
-from . import private_api
+from . import api_with_auth
 
 FRAMEOS_SAMPLES_URL = "https://repo.frameos.net/samples/repository.json"
 FRAMEOS_GALLERY_URL = "https://repo.frameos.net/gallery/repository.json"
 
 
-@private_api.post("/repositories", response_model=RepositoryResponse, status_code=201)
+@api_with_auth.post("/repositories", response_model=RepositoryResponse, status_code=201)
 async def create_repository(data: RepositoryCreateRequest, db: Session = Depends(get_db)):
     url = data.url
     if not url:
@@ -41,7 +41,7 @@ async def create_repository(data: RepositoryCreateRequest, db: Session = Depends
         logging.error(f'Database error: {e}')
         raise HTTPException(status_code=500, detail="Database error")
 
-@private_api.get("/repositories", response_model=RepositoriesListResponse)
+@api_with_auth.get("/repositories", response_model=RepositoriesListResponse)
 async def get_repositories(db: Session = Depends(get_db)):
     try:
         # Remove old repo if it exists
@@ -75,7 +75,7 @@ async def get_repositories(db: Session = Depends(get_db)):
         logging.error(f'Database error: {e}')
         raise HTTPException(status_code=500, detail="Database error")
 
-@private_api.get("/repositories/{repository_id}", response_model=RepositoryResponse)
+@api_with_auth.get("/repositories/{repository_id}", response_model=RepositoryResponse)
 async def get_repository(repository_id: str, db: Session = Depends(get_db)):
     try:
         repository = db.get(Repository, repository_id)
@@ -87,7 +87,7 @@ async def get_repository(repository_id: str, db: Session = Depends(get_db)):
         logging.error(f'Database error: {e}')
         raise HTTPException(status_code=500, detail="Database error")
 
-@private_api.patch("/repositories/{repository_id}", response_model=RepositoryResponse)
+@api_with_auth.patch("/repositories/{repository_id}", response_model=RepositoryResponse)
 async def update_repository(repository_id: str, data: RepositoryUpdateRequest, db: Session = Depends(get_db)):
     try:
         repository = db.get(Repository, repository_id)
@@ -106,7 +106,7 @@ async def update_repository(repository_id: str, data: RepositoryUpdateRequest, d
         logging.error(f'Database error: {e}')
         raise HTTPException(status_code=500, detail="Database error")
 
-@private_api.delete("/repositories/{repository_id}")
+@api_with_auth.delete("/repositories/{repository_id}")
 async def delete_repository(repository_id: str, db: Session = Depends(get_db)):
     try:
         repository = db.get(Repository, repository_id)

backend/app/api/settings.py

@@ -6,13 +6,13 @@
 from app.database import get_db
 from app.models.settings import get_settings_dict, Settings
 from app.schemas.settings import SettingsResponse, SettingsUpdateRequest
-from . import private_api
+from . import api_with_auth
 
-@private_api.get("/settings", response_model=SettingsResponse)
+@api_with_auth.get("/settings", response_model=SettingsResponse)
 async def get_settings(db: Session = Depends(get_db)):
     return get_settings_dict(db)
 
-@private_api.post("/settings", response_model=SettingsResponse)
+@api_with_auth.post("/settings", response_model=SettingsResponse)
 async def set_settings(data: SettingsUpdateRequest, db: Session = Depends(get_db)):
     payload = data.to_dict()
     if not payload:

backend/app/api/ssh.py

@@ -1,10 +1,10 @@
 from fastapi import HTTPException
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives import serialization
-from . import private_api
+from . import api_with_auth
 from app.schemas.ssh import SSHKeyResponse
 
-@private_api.post("/generate_ssh_keys", response_model=SSHKeyResponse)
+@api_with_auth.post("/generate_ssh_keys", response_model=SSHKeyResponse)
 async def generate_ssh_keys():
     try:
         private_key = rsa.generate_private_key(