From 48779ec845e69da3f6fa5d14717fe5bba59106e9 Mon Sep 17 00:00:00 2001
From: Wu Clan <jianhengwu0407@gmail.com>
Date: Fri, 7 Jul 2023 08:53:43 +0800
Subject: [PATCH 1/2] Add demo site mode

---
 backend/app/core/conf.py       | 11 +++++++++++
 backend/app/core/registrar.py  |  7 +++++--
 backend/app/utils/demo_site.py | 15 +++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 backend/app/utils/demo_site.py

diff --git a/backend/app/core/conf.py b/backend/app/core/conf.py
index 85f1c8e5..61a26ccf 100644
--- a/backend/app/core/conf.py
+++ b/backend/app/core/conf.py
@@ -49,6 +49,15 @@ def validator_api_url(cls, values):
             values['OPENAPI_URL'] = None
         return values
 
+    # Demo mode
+    # Only GET, OPTIONS requests are allowed
+    DEMO_MODE: bool = True
+    DEMO_MODE_EXCLUDE: set[tuple[str, str]] = {
+        ('POST', f'{API_V1_STR}/auth/login'),
+        ('POST', f'{API_V1_STR}/auth/logout'),
+        ('GET', f'{API_V1_STR}/auth/captcha'),
+    }
+
     # Uvicorn
     UVICORN_HOST: str = '127.0.0.1'
     UVICORN_PORT: int = 8000
@@ -109,6 +118,7 @@ def validator_api_url(cls, values):
     CASBIN_EXCLUDE: set[tuple[str, str]] = {
         ('POST', f'{API_V1_STR}/auth/swagger_login'),
         ('POST', f'{API_V1_STR}/auth/login'),
+        ('POST', f'{API_V1_STR}/auth/logout'),
         ('POST', f'{API_V1_STR}/auth/register'),
         ('GET', f'{API_V1_STR}/auth/captcha'),
     }
@@ -118,6 +128,7 @@ def validator_api_url(cls, values):
     MENU_EXCLUDE: list[str] = [
         'auth:swagger_login',
         'auth:login',
+        'auth:logout',
         'auth:register',
         'auth:captcha',
     ]
diff --git a/backend/app/core/registrar.py b/backend/app/core/registrar.py
index 6dcc69c9..65aa989c 100644
--- a/backend/app/core/registrar.py
+++ b/backend/app/core/registrar.py
@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 from contextlib import asynccontextmanager
 
-from fastapi import FastAPI
+from fastapi import FastAPI, Depends
 from fastapi_limiter import FastAPILimiter
 from fastapi_pagination import add_pagination
 from starlette.middleware.authentication import AuthenticationMiddleware
@@ -15,6 +15,7 @@
 from backend.app.database.db_mysql import create_table
 from backend.app.middleware.jwt_auth_middleware import JwtAuthMiddleware
 from backend.app.middleware.opera_log_middleware import OperaLogMiddleware
+from backend.app.utils.demo_site import demo_site
 from backend.app.utils.health_check import ensure_unique_route_names
 from backend.app.utils.openapi import simplify_operation_ids
 
@@ -135,8 +136,10 @@ def register_router(app: FastAPI):
     :param app: FastAPI
     :return:
     """
+    dependencies = [Depends(demo_site)] if settings.DEMO_MODE else None
+
     # API
-    app.include_router(v1)
+    app.include_router(v1, dependencies=dependencies)
 
     # Extra
     ensure_unique_route_names(app)
diff --git a/backend/app/utils/demo_site.py b/backend/app/utils/demo_site.py
new file mode 100644
index 00000000..6a91fe19
--- /dev/null
+++ b/backend/app/utils/demo_site.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from fastapi import Request
+
+from backend.app.common.exception import errors
+from backend.app.core.conf import settings
+
+
+async def demo_site(request: Request):
+    """演示站点"""
+
+    method = request.method
+    path = request.url.path
+    if settings.DEMO_MODE and method != 'GET' and method != 'OPTIONS' and (method, path) not in settings.CASBIN_EXCLUDE:
+        raise errors.ForbiddenError(msg='演示环境下禁止执行此操作')

From 16cd531ea7be8e509ba22887184b398566365a12 Mon Sep 17 00:00:00 2001
From: Wu Clan <jianhengwu0407@gmail.com>
Date: Fri, 7 Jul 2023 17:49:57 +0800
Subject: [PATCH 2/2] fix demo site whitelist

---
 backend/app/utils/demo_site.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/app/utils/demo_site.py b/backend/app/utils/demo_site.py
index 6a91fe19..648a7936 100644
--- a/backend/app/utils/demo_site.py
+++ b/backend/app/utils/demo_site.py
@@ -11,5 +11,10 @@ async def demo_site(request: Request):
 
     method = request.method
     path = request.url.path
-    if settings.DEMO_MODE and method != 'GET' and method != 'OPTIONS' and (method, path) not in settings.CASBIN_EXCLUDE:
+    if (
+        settings.DEMO_MODE
+        and method != 'GET'
+        and method != 'OPTIONS'
+        and (method, path) not in settings.DEMO_MODE_EXCLUDE
+    ):
         raise errors.ForbiddenError(msg='演示环境下禁止执行此操作')