From 38656a35bc6e2b7720554ebb28cfdeb283fcc60a Mon Sep 17 00:00:00 2001 From: Oriol Lopez-Doriga Date: Fri, 26 Jul 2024 11:36:04 +0200 Subject: [PATCH 1/4] limiting request parameters to the sets accepted --- beacon/request/model.py | 135 +++++++++++++++++++++++++++++++++++++--- requirements.txt | 2 +- 2 files changed, 128 insertions(+), 9 deletions(-) diff --git a/beacon/request/model.py b/beacon/request/model.py index ed22de97..706fd10d 100644 --- a/beacon/request/model.py +++ b/beacon/request/model.py @@ -1,12 +1,18 @@ import logging from typing_extensions import Self -from pydantic import BaseModel +from pydantic import ( + BaseModel, + ValidationError, + field_validator, + Field, + PrivateAttr) from strenum import StrEnum from typing import List, Optional, Union from beacon import conf from humps.main import camelize from aiohttp.web_request import Request from aiohttp import web +import html LOG = logging.getLogger(__name__) @@ -83,25 +89,138 @@ class RequestQuery(CamelModel): scope: str = None +class RequestParams(CamelModel): + meta: RequestMeta = RequestMeta() + query: RequestQuery = RequestQuery() + +class SequenceQuery(BaseModel): + referenceName: Union[str,int] + start: int + alternateBases:str + referenceBases: str + clinicalRelevance: Optional[str] =None + mateName: Optional[str] =None + assemblyId: Optional[str] =None + +class RangeQuery(BaseModel): + referenceName: Union[str,int] + start: int + end: int + variantType: Optional[str] =None + alternateBases: Optional[str] =None + aminoacidChange: Optional[str] =None + variantMinLength: Optional[int] =None + variantMaxLength: Optional[int] =None + clinicalRelevance: Optional[str] =None + mateName: Optional[str] =None + assemblyId: Optional[str] =None + +class GeneIdQuery(BaseModel): + geneId: str + variantType: Optional[str] =None + alternateBases: Optional[str] =None + aminoacidChange: Optional[str] =None + variantMinLength: Optional[int] =None + variantMaxLength: Optional[int] =None + assemblyId: Optional[str] =None + +class BracketQuery(BaseModel): + referenceName: Union[str,int] + start: list + end: list + variantType: Optional[str] =None + clinicalRelevance: Optional[str] =None + mateName: Optional[str] =None + assemblyId: Optional[str] =None + @field_validator('start') + @classmethod + def start_must_be_array_of_integers(cls, v: list) -> list: + for num in v: + if isinstance(num, int): + pass + else: + raise ValueError + @field_validator('end') + @classmethod + def end_must_be_array_of_integers(cls, v: list) -> list: + for num in v: + if isinstance(num, int): + pass + else: + raise ValueError + +class GenomicAlleleQuery(BaseModel): + genomicAlleleShortForm: str + assemblyId: Optional[str] =None + +class AminoacidChangeQuery(BaseModel): + aminoacidChange: str + geneId: str + assemblyId: Optional[str] =None + class RequestParams(CamelModel): meta: RequestMeta = RequestMeta() query: RequestQuery = RequestQuery() def from_request(self, request: Request) -> Self: - if request.method != "POST" or not request.has_body or not request.can_read_body: + request_params={} + if request.method != "POST" or not request.has_body or not request.can_read_body: for k, v in request.query.items(): if k == "requestedSchema": - self.meta.requested_schemas = [v] + self.meta.requested_schemas = [html.escape(v)] # comprovar si és la sanitització recomanada elif k == "skip": - self.query.pagination.skip = int(v) + self.query.pagination.skip = int(html.escape(v)) elif k == "limit": - self.query.pagination.limit = int(v) + self.query.pagination.limit = int(html.escape(v)) elif k == "includeResultsetResponses": - self.query.include_resultset_responses = IncludeResultsetResponses(v) - elif k == 'filters' or k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]: - self.query.request_parameters[k] = v + self.query.include_resultset_responses = IncludeResultsetResponses(html.escape(v)) + elif k == 'filters': + self.query.request_parameters[k] = html.escape(v) + elif k in ["start", "end", "assemblyId", "referenceName", "referenceBases", "alternateBases", "variantType","variantMinLength","variantMaxLength","geneId","genomicAlleleShortForm","aminoacidChange","clinicalRelevance", "mateName"]: + try: + if ',' in v: + v_splitted = v.split(',') + request_params[k]=[int(v) for v in v_splitted] + else: + request_params[k]=int(v) + except Exception as e: + request_params[k]=v + self.query.request_parameters[k] = html.escape(v) else: raise web.HTTPBadRequest(text='request parameter introduced is not allowed') + if request_params != {}: + LOG.debug(request_params) + try: + RangeQuery(**request_params) + return self + except Exception as e: + pass + try: + SequenceQuery(**request_params) + return self + except Exception as e: + pass + try: + BracketQuery(**request_params) + return self + except Exception as e: + pass + try: + GeneIdQuery(**request_params) + return self + except Exception as e: + pass + try: + AminoacidChangeQuery(**request_params) + return self + except Exception as e: + pass + try: + GenomicAlleleQuery(**request_params) + return self + except Exception as e: + pass + raise web.HTTPBadRequest(text='set of parameters not allowed') return self def summary(self): diff --git a/requirements.txt b/requirements.txt index 00a0cd5a..610ab6a0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,7 +17,7 @@ dataclasses-json~=0.5.6 StrEnum~=0.4.7 # Only until Python 3.11 is released (we can use the built-in StrEnum) owlready2~=0.36 tqdm~=4.62.3 -pydantic~=1.9.0 +pydantic~=2.6.2 pyhumps progressbar~=2.5 #requests From 1e1befcae76ce34ad81b4ab70abe4ee34643dc1f Mon Sep 17 00:00:00 2001 From: API version update Date: Fri, 26 Jul 2024 09:37:05 +0000 Subject: [PATCH 2/4] api version automatically generated --- beacon/api_version.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beacon/api_version.yml b/beacon/api_version.yml index 4dfb580f..cc310506 100644 --- a/beacon/api_version.yml +++ b/beacon/api_version.yml @@ -1 +1 @@ -api_version: v2.0-39cc125 +api_version: v2.0-2e81a7e From bc94401d97bdf86ff30b701b77dbb30d48a37da7 Mon Sep 17 00:00:00 2001 From: Oriol Lopez-Doriga Date: Tue, 27 Aug 2024 09:49:43 +0200 Subject: [PATCH 3/4] uncommenting loading an ontology automatically in get_descendants.py --- beacon/db/get_descendants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beacon/db/get_descendants.py b/beacon/db/get_descendants.py index 59af06e8..a31b999e 100644 --- a/beacon/db/get_descendants.py +++ b/beacon/db/get_descendants.py @@ -99,7 +99,7 @@ def get_descendants_and_similarities(): array_of_ontologies.append(ft_doc["id"]) for ontology in array_of_ontologies: ontology_list = ontology.split(':') - #load_ontology(ontology_list[0]) + load_ontology(ontology_list[0]) url = "/beacon/beacon/db/ontologies/{}.obo".format(ontology_list[0].lower()) list_of_cousins = [] list_of_brothers = [] From ba1e385750059cbc9098d5c67f92dbe24afe68b7 Mon Sep 17 00:00:00 2001 From: Oriol Lopez-Doriga Date: Tue, 27 Aug 2024 10:06:29 +0200 Subject: [PATCH 4/4] fixing .env issues in AuthContext.js and auth.py files --- frontend/src/components/context/AuthContext.js | 2 +- permissions/auth.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/src/components/context/AuthContext.js b/frontend/src/components/context/AuthContext.js index 7a244102..6f3cf79a 100644 --- a/frontend/src/components/context/AuthContext.js +++ b/frontend/src/components/context/AuthContext.js @@ -104,7 +104,7 @@ function AuthProviderWrapper (props) { const response = await fetch( configData.KEYCLOAK_URL + - '/auth/realms/Beacon/protocol/openid-connect/token', + '/auth/realms/' + process.env.REACT_APP_KEYCLOAK_CLIENT_REALM + '/protocol/openid-connect/token', { method: 'POST', headers: { diff --git a/permissions/auth.py b/permissions/auth.py index 7f3cb331..362b9f46 100644 --- a/permissions/auth.py +++ b/permissions/auth.py @@ -73,7 +73,7 @@ async def get_user_info(access_token): user_info='' idp_issuer=None for env_filename in glob.glob("/beacon/permissions/idp_providers/*.env"): - load_dotenv(env_filename) + load_dotenv(env_filename, override=True) IDP_ISSUER = os.getenv('ISSUER') LOG.error(IDP_ISSUER) if issuer == IDP_ISSUER: