add api for vuser and more

add cli with expire param
add test with vuser
improve tag gen
userctl logger prefer debug
fix list root path
lower api default storage size

Author: MenxLi

lfss/api/connector.py

@@ -379,7 +379,7 @@ def list_path(
         if path == '/':
             # handle root path separately
             my_username = self.whoami().username
-            dirnames = [f'{my_username}/'] if not my_username.startswith('.') else [] + [f'{p.username}/' for p in self.peers(AccessLevel.READ)]
+            dirnames = ([f'{my_username}/'] if not my_username.startswith('.') else []) + [f'{p.username}/' for p in self.peers(AccessLevel.READ)]
             return PathContents(
                 dirs = [DirectoryRecord(url = d) for d in dirnames], 
                 files = []
@@ -537,7 +537,7 @@ def add_user(
         username: str, 
         password: Optional[str] = None, 
         admin: bool = False, 
-        max_storage: int | str = '100G', 
+        max_storage: int | str = '10G', 
         permission: FileReadPermission | str = 'unset'
         ) -> UserRecord:
         """ Admin API: Add a new user to the system. """
@@ -552,6 +552,30 @@ def add_user(
         response = self._fetch_factory('POST', '_api/user/add', search_params=data)()
         return UserRecord(**response.json())
 
+    def add_virtual_user(
+        self, 
+        tag: str = "", 
+        peers: dict[AccessLevel, list[str]] | str = {},
+        max_storage: int | str = '1G', 
+        expire: Optional[int | str] = None, 
+        ) -> UserRecord:
+        """ Admin API: Add a new virtual (hidden) user to the system. """
+        data = {
+            'tag': tag,
+            'max_storage': str(max_storage),
+        }
+        if isinstance(peers, dict):
+            peer_strs = []
+            for level, users in peers.items():
+                peer_strs.append(f"{level.name}:{','.join(users)}")
+            data['peers'] = ';'.join(peer_strs)
+        else:
+            data['peers'] = peers
+        if expire is not None:
+            data['expire'] = str(expire)
+        response = self._fetch_factory('POST', '_api/user/add-virtual', search_params=data)()
+        return UserRecord(**response.json())
+    
     def set_user(
         self, 
         username: str, 

lfss/cli/user.py

@@ -19,9 +19,10 @@ async def _main():
     sp_add.add_argument('--max-storage', type=parse_storage_size, default="10G", help="Maximum storage size, e.g. 1G, 100M, 10K, default is 10G")
 
     sp_add_virtual = sp.add_parser('add-virtual', help="Add a virtual (hidden) user, username will be prefixed with '.v-'")
-    sp_add_virtual.add_argument('--tag', type=str, default=None, help="Tag for the virtual user, will be embedded in the username for easier identification")
+    sp_add_virtual.add_argument('--tag', type=str, default="", help="Tag for the virtual user, will be embedded in the username for easier identification")
     sp_add_virtual.add_argument('--peers', type=str, default="", help="Peer users and their access levels in the format 'READ:user1,user2;WRITE:user3'")
     sp_add_virtual.add_argument('--max-storage', type=parse_storage_size, default="1G", help="Maximum storage size for the virtual user, e.g. 1G, 100M, 10K, default is 1G")
+    sp_add_virtual.add_argument('--expire', type=str, default=None, help="Expire time in seconds or a string like '1d2h3m4s'. If not provided, the user will never expire.")
 
     sp_delete = sp.add_parser('delete')
     sp_delete.add_argument('username', type=str)
@@ -69,15 +70,16 @@ async def get_uconn():
             max_storage=args.max_storage, 
             permission=args.permission
         )
-        print('User created, credential:', user.credential)
+        print('User created. | credential:', user.credential)
 
     if args.subparser_name == 'add-virtual':
         user =  await UserCtl.add_virtual(
             tag=args.tag,
             peers=args.peers,
-            max_storage=args.max_storage
+            max_storage=args.max_storage, 
+            expire=args.expire
         )
-        print('Virtual user created, username:', user.username, ', credential:', user.credential)
+        print('Virtual user created, username:', user.username, '| credential:', user.credential)
 
     if args.subparser_name == 'delete':
         user = await UserCtl.delete(args.username)

lfss/eng/userman.py

@@ -2,7 +2,7 @@
 High level user-management API.
 """
 
-import secrets
+import secrets, random
 from typing import Optional
 from .utils import parse_storage_size, parse_sec_time, fmt_sec_time
 from .datatype import UserRecord, FileReadPermission, AccessLevel
@@ -100,7 +100,7 @@ async def add(
         if isinstance(permission, str):
             permission = parse_permission(permission)
 
-        UserCtl.logger.info(f"Creating user: {username}, admin: {admin}, max_storage: {max_storage}, permission: {permission.name}")
+        UserCtl.logger.debug(f"Creating user: {username}, admin: {admin}, max_storage: {max_storage}, permission: {permission.name}")
         async with transaction() as conn:
             uconn = UserConn(conn)
             user_id = await uconn.create_user(username, password, admin, max_storage=max_storage, permission=permission)
@@ -113,7 +113,7 @@ async def add_virtual(
         tag: str = "", 
         peers: dict[AccessLevel, list[str]] | str = {},
         max_storage: int | str = '100G', 
-        expire_seconds: Optional[int] = None, 
+        expire: Optional[int | str] = None, 
         ) -> UserRecord:
         """
         Add a new virtual (hidden) user to the system.
@@ -122,16 +122,23 @@ async def add_virtual(
         if peers is a string, it will be parsed by parse_peer_list.
         Returns the created UserRecord.
         """
+        def rnd_part(n: int) -> str:
+            base = secrets.token_urlsafe(n)
+            return base.replace('-', random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'))
+
         if tag:
-            assert tag.isalnum(), "Tag must be alphanumeric"
-            username = f"{UserCtl.virtual_prefix}{tag}-{secrets.token_urlsafe(8)}"
+            assert_or(tag.isalnum(), lambda: InvalidInputError("Tag must be alphanumeric"))
+            username = f"{UserCtl.virtual_prefix}{tag}-{rnd_part(8)}"
         else:
-            username = f"{UserCtl.virtual_prefix}{secrets.token_urlsafe(12)}"
+            username = f"{UserCtl.virtual_prefix}{rnd_part(12)}"
 
         if isinstance(peers, str):
             peers = parse_peer_list(peers)
 
-        UserCtl.logger.info(f"Creating virtual user: {username}, expire in {expire_seconds} seconds, peers: {peers}")
+        if isinstance(expire, str):
+            expire = parse_sec_time(expire)
+        
+        UserCtl.logger.debug(f"Creating virtual user: {username}, expire in {expire} seconds, peers: {peers}")
         async with transaction() as conn:
             uconn = UserConn(conn)
             if isinstance(max_storage, str):
@@ -144,8 +151,8 @@ async def add_virtual(
                 permission=FileReadPermission.UNSET,
                 _validate = False
             )
-            if expire_seconds is not None:
-                await uconn.set_user_expire(user_id, expire_seconds)
+            if expire is not None:
+                await uconn.set_user_expire(user_id, expire)
             for level, user_list in peers.items():
                 if isinstance(level, str):
                     level = parse_access_level(level)
@@ -165,7 +172,7 @@ async def set_expire(username: str, expire_seconds: Optional[int | str]):
         if isinstance(expire_seconds, str):
             expire_seconds = parse_sec_time(expire_seconds)
         user = await _get_user__check(username)
-        UserCtl.logger.info(
+        UserCtl.logger.debug(
             f"Setting user expire: {username} to "
             f"{fmt_sec_time(expire_seconds) if expire_seconds is not None else 'never'}"
             )
@@ -181,7 +188,7 @@ async def delete(username: str) -> UserRecord:
         """ Delete a user from the system"""
         await _get_user__check(username)
 
-        UserCtl.logger.info(f"Deleting user: {username}")
+        UserCtl.logger.debug(f"Deleting user: {username}")
         return await Database().delete_user(username)
 
     @staticmethod

lfss/svc/app_native_user.py

@@ -93,6 +93,23 @@ async def add_user(
         permission=permission
         )
 
+@router_user.post("/add-virtual")
+@handle_exception
+async def add_virtual_user(
+    tag: str = "",
+    peers: str = "",
+    max_storage: str = '1G',
+    expire: Optional[int | str] = None,
+    _: UserRecord = Depends(admin_user), 
+    ):
+    # not desensitized
+    return await UserCtl.add_virtual(
+        tag=tag,
+        peers=peers,
+        max_storage=max_storage, 
+        expire=expire
+        )
+
 @router_user.post("/update")
 @handle_exception
 async def update_user(

test/cases/common.py

@@ -6,6 +6,8 @@
 
 def get_conn(username, password = 'test'):
     return Client(f"http://localhost:{SERVER_PORT}", token=hash_credential(username, password))
+def get_conn_bytoken(token):
+    return Client(f"http://localhost:{SERVER_PORT}", token=token)
 
 def create_server_context():
     # clear environment variables

test/cases/test_14_virtual_user.py

@@ -0,0 +1,57 @@
+
+import subprocess
+import pytest
+from lfss.api import AccessLevel
+from .common import create_server_context, get_conn, get_conn_bytoken, get_conn
+from ..config import SANDBOX_DIR
+
+server = create_server_context()
+v0_name = ""
+v0_token = ""
+v1_name = ""
+v1_token = ""
+
+
+def test_init_user_creation(server):
+    global v0_token, v1_token, v0_name, v1_name
+    subprocess.check_output(['lfss-user', 'add', 'u0', 'test', "--admin"], cwd=SANDBOX_DIR)
+
+    u0 = get_conn('u0')
+    u0.add_user('u1', 'test', permission='public')
+
+    v0 = u0.add_virtual_user(tag="session1", peers={AccessLevel.READ: ['u1']}, expire='10d')
+    v0_token = v0.credential
+    v0_name = v0.username
+
+    v1 = u0.add_virtual_user(peers=f"write:u1,{v0_name}")
+    v1_token = v1.credential
+    v1_name = v1.username
+
+def test_v1_put(server):
+    v1 = get_conn_bytoken(v1_token)
+
+    with pytest.raises(Exception, match="403"):
+        v1.put_json(f'{v1_name}/data.json', {'message': 'Hello from v0'})
+    
+    with pytest.raises(Exception, match="403"):
+        v1.put_json(f'{v0_name}/data.json', {'message': 'Hello from v0'})
+    
+    v1.put_json('u1/data_from_v1.json', {'message': 'Hello from v1'})
+
+def test_admin_put(server):
+    u0 = get_conn('u0')
+    with pytest.raises(Exception, match="403"):
+        u0.put_json(f'{v0_name}/data.json', {'message': 'Hello from admin to v0'})
+
+def test_expire(server):
+    u0 = get_conn('u0')
+    v3_info = u0.add_virtual_user(tag="toexpire", expire='2s', peers={AccessLevel.WRITE: ['u1']}, max_storage=10240)
+
+    v3 = get_conn_bytoken(v3_info.credential)
+    v3.put_json(f'u1/data.json', {'message': 'Hello from v3'})
+
+    import time
+    time.sleep(2)
+
+    with pytest.raises(Exception, match="401"):
+        v3.put_json(f'u1/data.json', {'message': 'Hello from v3'})