BREAKING: switch to versioned API URI scheme

doc/nginx.conf.example

@@ -3,6 +3,7 @@ server {
     location / { try_files $uri @amber; }
     location @amber {
         include uwsgi_params;
+        rewrite /api/(.*) /$1;
         uwsgi_pass amber:8080;
     }
 }

project_amber/app.py

@@ -29,21 +29,21 @@ def middleware():
         request.user = user
 
 
-app.add_url_rule("/api/login", "login", login, methods=["POST"])
-app.add_url_rule("/api/logout", "logout", logout, methods=["POST"])
-app.add_url_rule("/api/task", "task", handle_task_request, \
+app.add_url_rule("/v0/login", "login", login, methods=["POST"])
+app.add_url_rule("/v0/logout", "logout", logout, methods=["POST"])
+app.add_url_rule("/v0/task", "task", handle_task_request, \
     methods=["GET", "POST"])
-app.add_url_rule("/api/task/<task_id>", "task_id", handle_task_id_request, \
+app.add_url_rule("/v0/task/<task_id>", "task_id", handle_task_id_request, \
     methods=["GET", "PATCH", "DELETE"])
-app.add_url_rule("/api/user", "user", update_user_data, methods=["PATCH"])
+app.add_url_rule("/v0/user", "user", update_user_data, methods=["PATCH"])
 app.add_url_rule(
-    "/api/session", "session", handle_session_req, methods=["GET"]
+    "/v0/session", "session", handle_session_req, methods=["GET"]
 )
-app.add_url_rule("/api/session/<session_id>", "session_id", \
+app.add_url_rule("/v0/session/<session_id>", "session_id", \
     handle_session_id_req, methods=["GET", "DELETE"])
 
 if config["allow_signup"]:
-    app.add_url_rule("/api/signup", "signup", signup, methods=["POST"])
+    app.add_url_rule("/v0/signup", "signup", signup, methods=["POST"])
 
 
 @app.before_first_request

project_amber/const.py

@@ -16,3 +16,6 @@
 MSG_TASK_NOT_FOUND = "This task does not exist"
 MSG_TEXT_NOT_SPECIFIED = "No text specified"
 MSG_TASK_DANGEROUS = "Potentially dangerous operation"
+
+# A regex matching all paths that can be accessed without an auth token.
+PUBLIC_PATHS = r"/v\d/(login|signup)"

project_amber/helpers/__init__.py

@@ -1,11 +1,12 @@
 from time import time as time_lib
 from functools import wraps
+from re import fullmatch
 
 from flask import request
 
 from project_amber.db import db
 from project_amber.const import MSG_NO_TOKEN, MSG_INVALID_TOKEN, \
-    MSG_USER_NOT_FOUND, MSG_USER_EXISTS
+    MSG_USER_NOT_FOUND, MSG_USER_EXISTS, PUBLIC_PATHS
 from project_amber.errors import Unauthorized, BadRequest, NotFound, \
     InternalServerError, Conflict
 from project_amber.models.auth import User, Session
@@ -41,7 +42,7 @@ def middleware() -> RequestParams:
     if not request.is_json and request.method in ["POST", "PUT", "PATCH"]:
         raise BadRequest
     params = RequestParams()
-    if not request.path in ["/api/login", "/api/signup"] \
+    if not fullmatch(PUBLIC_PATHS, request.path) \
         and request.method != "OPTIONS":
         params.authenticated = True
     return params
@@ -63,9 +64,7 @@ def handleLogin() -> LoginUser:
     user = db.session.query(User).filter_by(id=user_session.user).one_or_none()
     if user is None:
         raise InternalServerError(MSG_USER_NOT_FOUND)
-    user_details = LoginUser(
-        user.name, user.id, token, user_session.login_time
-    )
+    user_details = LoginUser(user.name, user.id, token, user_session.login_time)
     return user_details