api: Restrict API scopes

This change adds support for restricting API scopes in the OpenDC API
server. This is necessary to make a distinction between runners and
regular users.

1 files changed, 13 insertions, 2 deletions

diff --git a/opendc-web/opendc-web-api/conftest.py b/opendc-web/opendc-web-api/conftest.py
index 430262f1..958a5894 100644
--- a/opendc-web/opendc-web-api/conftest.py
+++ b/opendc-web/opendc-web-api/conftest.py
@@ -8,7 +8,7 @@ from flask import _request_ctx_stack, g
 from opendc.database import Database
 
 
-def decorator(f):
+def requires_auth_mock(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
         _request_ctx_stack.top.current_user = {'sub': 'test'}
@@ -16,13 +16,24 @@ def decorator(f):
     return decorated_function
 
 
+def requires_scope_mock(required_scope):
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            return f(*args, **kwargs)
+        return decorated_function
+    return decorator
+
+
 @pytest.fixture
 def client():
     """Returns a Flask API client to interact with."""
 
     # Disable authorization for test API endpoints
     from opendc import exts
-    exts.requires_auth = decorator
+    exts.requires_auth = requires_auth_mock
+    exts.requires_scope = requires_scope_mock
+    exts.has_scope = lambda x: False
 
     from app import create_app