openclimatefix · AndrewLester · Apr 13, 2023 · Apr 13, 2023 · Apr 17, 2023 · Apr 14, 2023
diff --git a/poetry.lock b/poetry.lock
diff --git a/pv_site_api/_db_helpers.py b/pv_site_api/_db_helpers.py
@@ -13,17 +13,26 @@
 
 import sqlalchemy as sa
 import structlog
+from fastapi import Depends
 from pvsite_datamodel.read.generation import get_pv_generation_by_sites
-from pvsite_datamodel.sqlmodels import ForecastSQL, ForecastValueSQL, SiteSQL
+from pvsite_datamodel.sqlmodels import (
+    ClientSQL,
+    ForecastSQL,
+    ForecastValueSQL,
+    InverterSQL,
+    SiteSQL,
+)
 from sqlalchemy.orm import Session, aliased
 
 from .pydantic_models import (
     Forecast,
     MultiplePVActual,
     PVActualValue,
+    PVClientMetadata,
     PVSiteMetadata,
     SiteForecastValues,
 )
+from .session import get_session
 
 logger = structlog.stdlib.get_logger()
 
@@ -228,9 +237,28 @@ def site_to_pydantic(site: SiteSQL) -> PVSiteMetadata:
     return pv_site
 
 
+def client_to_pydantic(client: ClientSQL) -> PVClientMetadata:
+    """Converts a ClientSQL object into a PVClientMetadata object."""
+    pv_client = PVClientMetadata(
+        client_uuid=str(client.client_uuid), client_name=client.client_name
+    )
+    return pv_client
+
+
 def does_site_exist(session: Session, site_uuid: str) -> bool:
     """Checks if a site exists."""
     return (
         session.execute(sa.select(SiteSQL).where(SiteSQL.site_uuid == site_uuid)).one_or_none()
         is not None
     )
+
+
+def get_inverters_for_site(
+    site_uuid: str, session: Session = Depends(get_session)
+) -> list[Row] | None:
+    """Path dependency to get a list of inverters for a site, or None if the site doesn't exist"""
+    if not does_site_exist(session, site_uuid):
+        return None
+
+    query = session.query(InverterSQL).filter(InverterSQL.site_uuid == site_uuid)
+    return query.all()
diff --git a/pv_site_api/auth.py b/pv_site_api/auth.py
@@ -1,6 +1,10 @@
 import jwt
 from fastapi import Depends, HTTPException
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from pvsite_datamodel.sqlmodels import ClientSQL
+from sqlalchemy.orm import Session
+
+from .session import get_session
 
 token_auth_scheme = HTTPBearer()
 
@@ -15,7 +19,11 @@ def __init__(self, domain: str, api_audience: str, algorithm: str):
 
         self._jwks_client = jwt.PyJWKClient(f"https://{domain}/.well-known/jwks.json")
 
-    def __call__(self, auth_credentials: HTTPAuthorizationCredentials = Depends(token_auth_scheme)):
+    def __call__(
+        self,
+        auth_credentials: HTTPAuthorizationCredentials = Depends(token_auth_scheme),
+        session: Session = Depends(get_session),
+    ):
         token = auth_credentials.credentials
 
         try:
@@ -24,7 +32,7 @@ def __call__(self, auth_credentials: HTTPAuthorizationCredentials = Depends(toke
             raise HTTPException(status_code=401, detail=str(e))
 
         try:
-            payload = jwt.decode(
+            jwt.decode(
                 token,
                 signing_key,
                 algorithms=self._algorithm,
@@ -34,4 +42,11 @@ def __call__(self, auth_credentials: HTTPAuthorizationCredentials = Depends(toke
         except Exception as e:
             raise HTTPException(status_code=401, detail=str(e))
 
-        return payload
+        if session is None:
+            return None
+
+        # @TODO: get client corresponding to auth
+        # See: https://github.com/openclimatefix/pv-site-api/issues/90
+        client = session.query(ClientSQL).first()
+        assert client is not None
+        return client
diff --git a/pv_site_api/cache.py b/pv_site_api/cache.py
@@ -6,6 +6,8 @@
 
 import structlog
 
+from ._db_helpers import client_to_pydantic
+
 logger = structlog.stdlib.get_logger()
 
 CACHE_TIME_SECONDS = 120
@@ -43,6 +45,11 @@ def wrapper(*args, **kwargs):  # noqa
             if var in route_variables:
                 route_variables.pop(var)
 
+        # translate authenticated client to serializable type
+        route_variables["auth"] = (
+            route_variables["auth"] and client_to_pydantic(route_variables["auth"]).json()
+        )
+
         # make into string
         route_variables = json.dumps(route_variables)
         args_as_json = json.dumps(args)

diff --git a/pv_site_api/enode_auth.py b/pv_site_api/enode_auth.py
@@ -0,0 +1,53 @@
+from typing import Optional
+
+import httpx
+
+
+class EnodeAuth(httpx.Auth):
+    def __init__(
+        self, client_id: str, client_secret: str, token_url: str, access_token: Optional[str] = None
+    ):
+        self._client_id = client_id
+        self._client_secret = client_secret
+        self._token_url = token_url
+        self._access_token = access_token
+
+    def sync_auth_flow(self, request: httpx.Request):
+        # Add the Authorization header to the request using the current access token
+        request.headers["Authorization"] = f"Bearer {self._access_token}"
+        response = yield request
+
+        if response.status_code == 401:
+            # The access token is no longer valid, refresh it
+            token_response = yield self._build_refresh_request()
+            token_response.read()
+            self._update_access_token(token_response)
+            # Update the request's Authorization header with the new access token
+            request.headers["Authorization"] = f"Bearer {self._access_token}"
+            # Resend the request with the new access token
+            yield request
+
+    async def async_auth_flow(self, request: httpx.Request):
+        # Add the Authorization header to the request using the current access token
+        request.headers["Authorization"] = f"Bearer {self._access_token}"
+        response = yield request
+
+        if response.status_code == 401:
+            # The access token is no longer valid, refresh it
+            token_response = yield self._build_refresh_request()
+            await token_response.aread()
+            self._update_access_token(token_response)
+            # Update the request's Authorization header with the new access token
+            request.headers["Authorization"] = f"Bearer {self._access_token}"
+            # Resend the request with the new access token
+            yield request
+
+    def _build_refresh_request(self):
+        basic_auth = httpx.BasicAuth(self._client_id, self._client_secret)
+
+        data = {"grant_type": "client_credentials"}
+        request = next(basic_auth.auth_flow(httpx.Request("POST", self._token_url, data=data)))
+        return request
+
+    def _update_access_token(self, response):
+        self._access_token = response.json()["access_token"]