api layer v0.3.2 - /settings

Signed-off-by: jokob-sk <jokob.sk@gmail.com>
2025-12-06 17:15:38 -08:00 · 2025-08-31 09:54:56 +10:00
parent 7c9b37d827
commit fd3f1fc929
2 changed files with 65 additions and 0 deletions
--- a/server/api_server/api_server_start.py
+++ b/server/api_server/api_server_start.py
@@ -34,6 +34,7 @@ CORS(
        r"/history/*": {"origins": "*"},
        r"/nettools/*": {"origins": "*"},
        r"/sessions/*": {"origins": "*"},
+        r"/settings/*": {"origins": "*"},
        r"/dbquery/*": {"origins": "*"},
        r"/events/*": {"origins": "*"}
    },
@@ -77,6 +78,17 @@ def graphql_endpoint():

    return jsonify(response)

+# --------------------------
+# Settings Endpoints
+# --------------------------
+
+@app.route("/settings/<setKey>", methods=["GET"])
+def api_get_setting(setKey):
+    if not is_authorized():
+        return jsonify({"error": "Forbidden"}), 403
+    value = get_setting_value(setKey)
+    return jsonify({"success": True, "value": value})
+
 # --------------------------
 # Device Endpoints
 # --------------------------
--- a/test/test_settings_endpoints.py
+++ b/test/test_settings_endpoints.py
@@ -0,0 +1,53 @@
+import sys
+import pathlib
+import sqlite3
+import random
+import string
+import uuid
+import pytest
+from datetime import datetime, timedelta
+
+INSTALL_PATH = "/app"
+sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"])
+
+from helper import timeNowTZ, get_setting_value
+from api_server.api_server_start import app
+
+@pytest.fixture(scope="session")
+def api_token():
+    return get_setting_value("API_TOKEN")
+
+@pytest.fixture
+def client():
+    with app.test_client() as client:
+        yield client
+
+@pytest.fixture
+def test_mac():
+    # Generate a unique MAC for each test run
+    return "AA:BB:CC:" + ":".join(f"{random.randint(0,255):02X}" for _ in range(3))
+
+def auth_headers(token):
+    return {"Authorization": f"Bearer {token}"}
+
+def test_get_setting_unauthorized(client):
+    resp = client.get("/settings/API_TOKEN")  # no auth header
+    assert resp.status_code == 403
+    assert resp.json.get("error") == "Forbidden"
+
+
+def test_get_setting_valid_key(client, api_token):
+    # We know API_TOKEN exists in settings
+    resp = client.get("/settings/API_TOKEN", headers=auth_headers(api_token))
+    assert resp.status_code == 200
+    assert resp.json.get("success") is True
+    # The value should equal the token itself
+    assert resp.json.get("value") == api_token
+
+
+def test_get_setting_invalid_key(client, api_token):
+    resp = client.get("/settings/DOES_NOT_EXIST", headers=auth_headers(api_token))
+    assert resp.status_code == 200
+    assert resp.json.get("success") is True
+    # Depending on implementation, might be None or ""
+    assert resp.json.get("value") in (None, "")