feat(api): pin response_model on dict-returning mutation routes
Every mutation route that returned an untyped dict now declares
response_model at the decorator. MessageResponse covers the eight
{"message": ...} envelopes (change-password, mutate-decky, mutate-
interval, update-deployment-limit, update-global-mutation-interval,
delete-user, update-user-role, reset-user-password). Purpose-built
models cover the richer shapes (DeployResponse for /deckies/deploy,
PurgeResponse for /config/reinit, ReapReportResponse for /reap-orphans,
UserResponse for /config/users). 204-No-Content and Response/
ORJSONResponse routes stay as-is.
The wire shape for clients is unchanged — the envelopes already only
shipped a message field. What changes is that a handler which
accidentally returns a richer dict (e.g. a full user row including
password_hash) would be silently stripped to the declared fields at
serialization time.
Also flips F4/D "expensive LIKE" to accepted (new DA-09) — the /logs
and /attackers search routes LIKE-scan unbounded columns, but both are
admin-gated, limit-capped, and operator rate-limit scope per DA-04.
FTS5 stays a performance TODO, not a security blocker.
This commit is contained in:
@@ -11,6 +11,9 @@ from ._base import (
|
||||
_BIG_TEXT,
|
||||
_normalize_null,
|
||||
)
|
||||
from .common import (
|
||||
MessageResponse,
|
||||
)
|
||||
from .auth import (
|
||||
AdminConfigResponse,
|
||||
ChangePasswordRequest,
|
||||
@@ -34,7 +37,9 @@ from .attackers import (
|
||||
)
|
||||
from .deploy import (
|
||||
DeployIniRequest,
|
||||
DeployResponse,
|
||||
MutateIntervalRequest,
|
||||
PurgeResponse,
|
||||
)
|
||||
from .health import (
|
||||
ComponentHealth,
|
||||
@@ -82,6 +87,7 @@ from .topology import (
|
||||
NextIPResponse,
|
||||
NextSubnetResponse,
|
||||
NotEditableResponse,
|
||||
ReapReportResponse,
|
||||
ServiceCatalogResponse,
|
||||
Topology,
|
||||
TopologyDecky,
|
||||
@@ -120,6 +126,8 @@ __all__ = [
|
||||
"NullableString",
|
||||
"_BIG_TEXT",
|
||||
"_normalize_null",
|
||||
# common
|
||||
"MessageResponse",
|
||||
# auth
|
||||
"AdminConfigResponse",
|
||||
"ChangePasswordRequest",
|
||||
@@ -141,7 +149,9 @@ __all__ = [
|
||||
"SmtpTarget",
|
||||
# deploy
|
||||
"DeployIniRequest",
|
||||
"DeployResponse",
|
||||
"MutateIntervalRequest",
|
||||
"PurgeResponse",
|
||||
# health
|
||||
"ComponentHealth",
|
||||
"HealthResponse",
|
||||
@@ -185,6 +195,7 @@ __all__ = [
|
||||
"NextIPResponse",
|
||||
"NextSubnetResponse",
|
||||
"NotEditableResponse",
|
||||
"ReapReportResponse",
|
||||
"ServiceCatalogResponse",
|
||||
"Topology",
|
||||
"TopologyDecky",
|
||||
|
||||
15
decnet/web/db/models/common.py
Normal file
15
decnet/web/db/models/common.py
Normal file
@@ -0,0 +1,15 @@
|
||||
"""Generic response shapes used across multiple router domains."""
|
||||
from __future__ import annotations
|
||||
|
||||
from pydantic import BaseModel
|
||||
|
||||
|
||||
class MessageResponse(BaseModel):
|
||||
"""Standard envelope for mutations whose only payload is a status message.
|
||||
|
||||
Pinning the wire shape at the decorator (``response_model=MessageResponse``)
|
||||
prevents a handler that accidentally returns a richer dict — e.g. a user
|
||||
row with ``password_hash`` — from leaking extra fields to the client.
|
||||
"""
|
||||
|
||||
message: str
|
||||
@@ -17,3 +17,13 @@ class DeployIniRequest(BaseModel):
|
||||
# This field now enforces strict INI structure during Pydantic initialization.
|
||||
# The OpenAPI schema correctly shows it as a required string.
|
||||
ini_content: IniContent = PydanticField(..., description="A valid INI formatted string")
|
||||
|
||||
|
||||
class DeployResponse(BaseModel):
|
||||
message: str
|
||||
mode: str
|
||||
|
||||
|
||||
class PurgeResponse(BaseModel):
|
||||
message: str
|
||||
deleted: dict[str, int]
|
||||
|
||||
@@ -420,3 +420,11 @@ class DeployAcceptedResponse(BaseModel):
|
||||
topology_id: str
|
||||
status: str
|
||||
dry_run: bool = False
|
||||
|
||||
|
||||
class ReapReportResponse(BaseModel):
|
||||
live_prefixes: list[str]
|
||||
orphan_prefixes: list[str]
|
||||
containers_removed: list[str]
|
||||
networks_removed: list[str]
|
||||
errors: list[str]
|
||||
|
||||
@@ -5,7 +5,7 @@ from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.web.auth import ahash_password, averify_password
|
||||
from decnet.web.dependencies import get_current_user_unchecked, invalidate_user_cache, repo
|
||||
from decnet.web.db.models import ChangePasswordRequest
|
||||
from decnet.web.db.models import ChangePasswordRequest, MessageResponse
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -13,6 +13,7 @@ router = APIRouter()
|
||||
@router.post(
|
||||
"/auth/change-password",
|
||||
tags=["Authentication"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
|
||||
@@ -8,8 +8,9 @@ from decnet.web.dependencies import require_admin, invalidate_user_cache, repo
|
||||
from decnet.web.router.config.api_get_config import invalidate_list_users_cache
|
||||
from decnet.web.db.models import (
|
||||
CreateUserRequest,
|
||||
UpdateUserRoleRequest,
|
||||
MessageResponse,
|
||||
ResetUserPasswordRequest,
|
||||
UpdateUserRoleRequest,
|
||||
UserResponse,
|
||||
)
|
||||
|
||||
@@ -19,6 +20,7 @@ router = APIRouter()
|
||||
@router.post(
|
||||
"/config/users",
|
||||
tags=["Configuration"],
|
||||
response_model=UserResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
@@ -56,6 +58,7 @@ async def api_create_user(
|
||||
@router.delete(
|
||||
"/config/users/{user_uuid}",
|
||||
tags=["Configuration"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
401: {"description": "Could not validate credentials"},
|
||||
403: {"description": "Admin access required / cannot delete self"},
|
||||
@@ -81,6 +84,7 @@ async def api_delete_user(
|
||||
@router.put(
|
||||
"/config/users/{user_uuid}/role",
|
||||
tags=["Configuration"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
@@ -111,6 +115,7 @@ async def api_update_user_role(
|
||||
@router.put(
|
||||
"/config/users/{user_uuid}/reset-password",
|
||||
tags=["Configuration"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
|
||||
@@ -2,6 +2,7 @@ from fastapi import APIRouter, Depends, HTTPException
|
||||
|
||||
from decnet.env import DECNET_DEVELOPER
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.web.db.models import PurgeResponse
|
||||
from decnet.web.dependencies import require_admin, repo
|
||||
|
||||
router = APIRouter()
|
||||
@@ -10,6 +11,7 @@ router = APIRouter()
|
||||
@router.delete(
|
||||
"/config/reinit",
|
||||
tags=["Configuration"],
|
||||
response_model=PurgeResponse,
|
||||
responses={
|
||||
401: {"description": "Could not validate credentials"},
|
||||
403: {"description": "Admin access required or developer mode not enabled"},
|
||||
|
||||
@@ -2,7 +2,7 @@ from fastapi import APIRouter, Depends
|
||||
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.web.dependencies import require_admin, repo
|
||||
from decnet.web.db.models import DeploymentLimitRequest, GlobalMutationIntervalRequest
|
||||
from decnet.web.db.models import DeploymentLimitRequest, GlobalMutationIntervalRequest, MessageResponse
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -10,6 +10,7 @@ router = APIRouter()
|
||||
@router.put(
|
||||
"/config/deployment-limit",
|
||||
tags=["Configuration"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
@@ -29,6 +30,7 @@ async def api_update_deployment_limit(
|
||||
@router.put(
|
||||
"/config/global-mutation-interval",
|
||||
tags=["Configuration"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
|
||||
@@ -9,7 +9,7 @@ from decnet.engine import deploy as _deploy
|
||||
from decnet.ini_loader import load_ini_from_string
|
||||
from decnet.network import detect_interface, detect_subnet, get_host_ip
|
||||
from decnet.web.dependencies import require_admin, repo
|
||||
from decnet.web.db.models import DeployIniRequest
|
||||
from decnet.web.db.models import DeployIniRequest, DeployResponse
|
||||
from decnet.web.router.swarm.api_deploy_swarm import dispatch_decnet_config
|
||||
|
||||
log = get_logger("api")
|
||||
@@ -20,6 +20,7 @@ router = APIRouter()
|
||||
@router.post(
|
||||
"/deckies/deploy",
|
||||
tags=["Fleet Management"],
|
||||
response_model=DeployResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
|
||||
@@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException, Path
|
||||
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.mutator import mutate_decky
|
||||
from decnet.web.db.models import MessageResponse
|
||||
from decnet.web.dependencies import require_admin, repo
|
||||
|
||||
router = APIRouter()
|
||||
@@ -11,6 +12,7 @@ router = APIRouter()
|
||||
@router.post(
|
||||
"/deckies/{decky_name}/mutate",
|
||||
tags=["Fleet Management"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
401: {"description": "Could not validate credentials"},
|
||||
403: {"description": "Insufficient permissions"},
|
||||
|
||||
@@ -3,7 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.config import DecnetConfig
|
||||
from decnet.web.dependencies import require_admin, repo
|
||||
from decnet.web.db.models import MutateIntervalRequest
|
||||
from decnet.web.db.models import MessageResponse, MutateIntervalRequest
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -17,6 +17,7 @@ def _parse_duration(s: str) -> int:
|
||||
|
||||
|
||||
@router.put("/deckies/{decky_name}/mutate-interval", tags=["Fleet Management"],
|
||||
response_model=MessageResponse,
|
||||
responses={
|
||||
400: {"description": "Bad Request (e.g. malformed JSON)"},
|
||||
401: {"description": "Could not validate credentials"},
|
||||
|
||||
@@ -18,6 +18,7 @@ from fastapi import APIRouter, Depends
|
||||
|
||||
from decnet.engine.reaper import reap_orphan_topology_resources
|
||||
from decnet.telemetry import traced as _traced
|
||||
from decnet.web.db.models import ReapReportResponse
|
||||
from decnet.web.dependencies import repo, require_admin
|
||||
|
||||
router = APIRouter()
|
||||
@@ -26,6 +27,7 @@ router = APIRouter()
|
||||
@router.post(
|
||||
"/reap-orphans",
|
||||
tags=["MazeNET Topologies"],
|
||||
response_model=ReapReportResponse,
|
||||
responses={
|
||||
401: {"description": "Missing or invalid credentials"},
|
||||
403: {"description": "Insufficient permissions"},
|
||||
|
||||
Reference in New Issue
Block a user