add public api views

2024-09-19 23:11:57 +00:00 · 2024-02-09 16:25:34 -05:00 · 2024-02-09 16:25:34 -05:00 · d10c864a00
parent 226f940cdc
commit d10c864a00
12 changed files with 627 additions and 23 deletions
--- a/relay/application.py
+++ b/relay/application.py
@ -20,6 +20,7 @@ from .database import get_database
 from .http_client import HttpClient
 from .misc import check_open_port
 from .views import VIEWS
+from .views.api import handle_api_path

 if typing.TYPE_CHECKING:
 	from collections.abc import Awaitable
@ -35,7 +36,11 @@ class Application(web.Application):
 	DEFAULT: Application = None

 	def __init__(self, cfgpath: str, gunicorn: bool = False):
-		web.Application.__init__(self)
+		web.Application.__init__(self,
+			middlewares = [
+				handle_api_path
+			]
+		)

 		Application.DEFAULT = self

@ -219,6 +224,6 @@ async def main_gunicorn():

 	except KeyError:
 		logging.error('Failed to set "CONFIG_FILE" environment. Trying to run without gunicorn?')
-		raise
+		raise RuntimeError from None

 	return app
--- a/relay/data/statements.sql
+++ b/relay/data/statements.sql
@ -1,47 +1,92 @@
 -- name: get-config
-SELECT * FROM config WHERE key = :key
+SELECT * FROM config WHERE key = :key;


 -- name: get-config-all
-SELECT * FROM config
+SELECT * FROM config;


 -- name: put-config
 INSERT INTO config (key, value, type)
 VALUES (:key, :value, :type)
 ON CONFLICT (key) DO UPDATE SET value = :value
-RETURNING *
+RETURNING *;


 -- name: del-config
 DELETE FROM config
-WHERE key = :key
+WHERE key = :key;


 -- name: get-inbox
-SELECT * FROM inboxes WHERE domain = :value or inbox = :value or actor = :value
+SELECT * FROM inboxes WHERE domain = :value or inbox = :value or actor = :value;


 -- name: put-inbox
 INSERT INTO inboxes (domain, actor, inbox, followid, software, created)
 VALUES (:domain, :actor, :inbox, :followid, :software, :created)
 ON CONFLICT (domain) DO UPDATE SET followid = :followid
-RETURNING *
+RETURNING *;


 -- name: del-inbox
 DELETE FROM inboxes
-WHERE domain = :value or inbox = :value or actor = :value
+WHERE domain = :value or inbox = :value or actor = :value;
+
+
+-- name: get-user
+SELECT * FROM users
+WHERE username = :value or handle = :value;
+
+
+-- name: get-user-by-token
+SELECT * FROM users
+WHERE username = (
+	SELECT user FROM tokens
+	WHERE code = :code
+);
+
+
+-- name: put-user
+INSERT INTO users (username, hash, handle, created)
+VALUES (:username, :hash, :handle, :created)
+RETURNING *;
+
+
+-- name: del-user
+DELETE FROM users
+WHERE username = :value or handle = :value;
+
+
+-- name: get-token
+SELECT * FROM tokens
+WHERE code = :code;
+
+
+-- name: put-token
+INSERT INTO tokens (code, user, created)
+VALUES (:code, :user, :created)
+RETURNING *;
+
+
+-- name: del-token
+DELETE FROM tokens
+WHERE code = :code;
+
+
+-- name: del-token-user
+DELETE FROM tokens
+WHERE user = :username


 -- name: get-software-ban
-SELECT * FROM software_bans WHERE name = :name
+SELECT * FROM software_bans WHERE name = :name;


 -- name: put-software-ban
 INSERT INTO software_bans (name, reason, note, created)
 VALUES (:name, :reason, :note, :created)
-RETURNING *
+RETURNING *;


 -- name: del-software-ban
--- a/relay/database/init.py
+++ b/relay/database/init.py
@ -52,14 +52,10 @@ def get_database(config: Config, migrate: bool = True) -> tinysql.Database:
 		if (schema_ver := conn.get_config('schema-version')) < get_default_value('schema-version'):
 			logging.info("Migrating database from version '%i'", schema_ver)

-			for ver, func in VERSIONS:
+			for ver, func in VERSIONS.items():
 				if schema_ver < ver:
-					conn.begin()
-
 					func(conn)
-
 					conn.put_config('schema-version', ver)
-					conn.commit()

 		if (privkey := conn.get_config('private-key')):
 			conn.app.signer = privkey
--- a/relay/database/config.py
+++ b/relay/database/config.py
@ -11,8 +11,9 @@ if typing.TYPE_CHECKING:


 CONFIG_DEFAULTS: dict[str, tuple[str, Any]] = {
-	'schema-version': ('int', 20240119),
+	'schema-version': ('int', 20240206),
 	'log-level': ('loglevel', logging.LogLevel.INFO),
+	'name': ('str', 'ActivityRelay'),
 	'note': ('str', 'Make a note about your instance here.'),
 	'private-key': ('str', None),
 	'whitelist-enabled': ('bool', False)
--- a/relay/database/connection.py
+++ b/relay/database/connection.py
@ -3,8 +3,10 @@ from __future__ import annotations
 import tinysql
 import typing

+from argon2 import PasswordHasher
 from datetime import datetime, timezone
 from urllib.parse import urlparse
+from uuid import uuid4

 from .config import CONFIG_DEFAULTS, get_default_type, get_default_value, serialize, deserialize

@ -28,6 +30,10 @@ RELAY_SOFTWARE = [


 class Connection(tinysql.Connection):
+	hasher = PasswordHasher(
+		encoding = 'utf-8'
+	)
+
 	@property
 	def app(self) -> Application:
 		return get_app()
@ -162,6 +168,59 @@ class Connection(tinysql.Connection):
 			return cur.modified_row_count == 1


+	def get_user(self, value: str) -> Row:
+		with self.exec_statement('get-user', {'value': value}) as cur:
+			return cur.one()
+
+
+	def get_user_by_token(self, code: str) -> Row:
+		with self.exec_statement('get-user-by-token', {'code': code}) as cur:
+			return cur.one()
+
+
+	def put_user(self, username: str, password: str, handle: str | None = None) -> Row:
+		data = {
+			'username': username,
+			'hash': self.hasher.hash(password),
+			'handle': handle,
+			'created': datetime.now(tz = timezone.utc)
+		}
+
+		with self.exec_statement('put-user', data) as cur:
+			return cur.one()
+
+
+	def del_user(self, username: str) -> None:
+		user = self.get_user(username)
+
+		with self.exec_statement('del-user', {'value': user['username']}):
+			pass
+
+		with self.exec_statement('del-token-user', {'username': user['username']}):
+			pass
+
+
+	def get_token(self, code: str) -> Row:
+		with self.exec_statement('get-token', {'code': code}) as cur:
+			return cur.one()
+
+
+	def put_token(self, username: str) -> Row:
+		data = {
+			'code': uuid4().hex,
+			'user': username,
+			'created': datetime.now(tz = timezone.utc)
+		}
+
+		with self.exec_statement('put-token', data) as cur:
+			return cur.one()
+
+
+	def del_token(self, code: str) -> None:
+		with self.exec_statement('del-token', {'code': code}):
+			pass
+
+
 	def get_domain_ban(self, domain: str) -> Row:
 		if domain.startswith('http'):
 			domain = urlparse(domain).netloc
--- a/relay/database/schema.py
+++ b/relay/database/schema.py
@ -10,7 +10,7 @@ if typing.TYPE_CHECKING:
 	from collections.abc import Callable


-VERSIONS: list[Callable] = []
+VERSIONS: dict[int, Callable] = {}
 TABLES: list[Table] = [
 	Table(
 		'config',
@ -45,12 +45,25 @@ TABLES: list[Table] = [
 		Column('reason', 'text'),
 		Column('note', 'text'),
 		Column('created', 'timestamp', nullable = False)
+	),
+	Table(
+		'users',
+		Column('username', 'text', primary_key = True, unique = True, nullable = False),
+		Column('hash', 'text', nullable = False),
+		Column('handle', 'text'),
+		Column('created', 'timestamp', nullable = False)
+	),
+	Table(
+		'tokens',
+		Column('code', 'text', primary_key = True, unique = True, nullable = False),
+		Column('user', 'text', nullable = False),
+		Column('created', 'timestmap', nullable = False)
 	)
 ]


-def version(func: Callable) -> Callable:
-	ver = int(func.replace('migrate_', ''))
+def migration(func: Callable) -> Callable:
+	ver = int(func.__name__.replace('migrate_', ''))
 	VERSIONS[ver] = func
 	return func

@ -58,3 +71,8 @@ def version(func: Callable) -> Callable:
 def migrate_0(conn: Connection) -> None:
 	conn.create_tables(TABLES)
 	conn.put_config('schema-version', get_default_value('schema-version'))
+
+
+@migration
+def migrate_20240206(conn: Connection) -> None:
+	conn.create_tables(TABLES)
--- a/relay/manage.py
+++ b/relay/manage.py
@ -370,6 +370,116 @@ def cli_config_set(ctx: click.Context, key: str, value: Any) -> None:
 	print(f'{key}: {repr(new_value)}')


+@cli.group('user')
+def cli_user() -> None:
+	'Manage local users'
+
+
+@cli_user.command('list')
+@click.pass_context
+def cli_user_list(ctx: click.Context) -> None:
+	'List all local users'
+
+	click.echo('Users:')
+
+	with ctx.obj.database.connection() as conn:
+		for user in conn.execute('SELECT * FROM users'):
+			click.echo(f'- {user["username"]}')
+
+
+@cli_user.command('create')
+@click.argument('username')
+@click.argument('handle', required = False)
+@click.pass_context
+def cli_user_create(ctx: click.Context, username: str, handle: str) -> None:
+	'Create a new local user'
+
+	with ctx.obj.database.connection() as conn:
+		if conn.get_user(username):
+			click.echo(f'User already exists: {username}')
+			return
+
+		while True:
+			password = click.prompt('New password', hide_input = True)
+
+			if not password:
+				click.echo('No password provided')
+				continue
+
+			password2 = click.prompt('New password again', hide_input = True)
+
+			if password != password2:
+				click.echo('Passwords do not match')
+				continue
+
+			break
+
+		conn.put_user(username, password, handle)
+
+	click.echo(f'Created user "{username}"')
+
+
+@cli_user.command('delete')
+@click.argument('username')
+@click.pass_context
+def cli_user_delete(ctx: click.Context, username: str) -> None:
+	'Delete a local user'
+
+	with ctx.obj.database.connection() as conn:
+		if not conn.get_user(username):
+			click.echo(f'User does not exist: {username}')
+			return
+
+		conn.del_user(username)
+
+	click.echo(f'Deleted user "{username}"')
+
+
+@cli_user.command('list-tokens')
+@click.argument('username')
+@click.pass_context
+def cli_user_list_tokens(ctx: click.Context, username: str) -> None:
+	'List all API tokens for a user'
+
+	click.echo(f'Tokens for "{username}":')
+
+	with ctx.obj.database.connection() as conn:
+		for token in conn.execute('SELECT * FROM tokens WHERE user = :user', {'user': username}):
+			click.echo(f'- {token["code"]}')
+
+
+@cli_user.command('create-token')
+@click.argument('username')
+@click.pass_context
+def cli_user_create_token(ctx: click.Context, username: str) -> None:
+	'Create a new API token for a user'
+
+	with ctx.obj.database.connection() as conn:
+		if not (user := conn.get_user(username)):
+			click.echo(f'User does not exist: {username}')
+			return
+
+		token = conn.put_token(user['username'])
+
+	click.echo(f'New token for "{username}": {token["code"]}')
+
+
+@cli_user.command('delete-token')
+@click.argument('code')
+@click.pass_context
+def cli_user_delete_token(ctx: click.Context, code: str) -> None:
+	'Delete an API token'
+
+	with ctx.obj.database.connection() as conn:
+		if not (conn.get_token(code)):
+			click.echo('Token does not exist')
+			return
+
+		conn.del_token(code)
+
+	click.echo('Deleted token')
+
+
@cli.group('inbox')
 def cli_inbox() -> None:
 	'Manage the inboxes in the database'
--- a/relay/misc.py
+++ b/relay/misc.py
@ -199,7 +199,7 @@ class Response(AiohttpResponse):
 		if isinstance(body, bytes):
 			kwargs['body'] = body

-		elif isinstance(body, dict) and ctype in {'json', 'activity'}:
+		elif isinstance(body, (dict, list, tuple, set)) and ctype in {'json', 'activity'}:
 			kwargs['text'] = json.dumps(body)

 		else:
--- a/relay/views/init.py
+++ b/relay/views/init.py
@ -1,4 +1,4 @@
 from __future__ import annotations

-from . import activitypub, frontend, misc
+from . import activitypub, api, frontend, misc
 from .base import VIEWS
--- a/relay/views/api.py
+++ b/relay/views/api.py
@ -0,0 +1,338 @@
+from __future__ import annotations
+
+import typing
+
+from aiohttp import web
+from argon2.exceptions import VerifyMismatchError
+from datetime import datetime, timezone
+
+from .base import View, register_route
+
+from .. import __version__
+from ..database.config import CONFIG_DEFAULTS
+from ..misc import Response
+
+if typing.TYPE_CHECKING:
+	from aiohttp.web import Request
+	from collections.abc import Coroutine
+	from ..database.connection import Connection
+
+
+CONFIG_IGNORE = (
+	'schema-version',
+	'private-key'
+)
+
+CONFIG_VALID = {key for key in CONFIG_DEFAULTS if key not in CONFIG_IGNORE}
+
+PUBLIC_API_PATHS: tuple[tuple[str, str]] = (
+	('GET', '/api/v1/relay'),
+	('POST', '/api/v1/token')
+)
+
+
+def check_api_path(method: str, path: str) -> bool:
+	for m, p in PUBLIC_API_PATHS:
+		if m == method and p == path:
+			return False
+
+	return path.startswith('/api')
+
+
+@web.middleware
+async def handle_api_path(request: web.Request, handler: Coroutine) -> web.Response:
+	try:
+		request['token'] = request.headers['Authorization'].replace('Bearer', '').strip()
+
+		with request.app.database.connection() as conn:
+			request['user'] = conn.get_user_by_token(request['token'])
+
+	except (KeyError, ValueError):
+		request['token'] = None
+		request['user'] = None
+
+	if check_api_path(request.method, request.path):
+		if not request['token']:
+			return Response.new_error(401, 'Missing token', 'json')
+
+		if not request['user']:
+			return Response.new_error(401, 'Invalid token', 'json')
+
+	return await handler(request)
+
+
+# pylint: disable=no-self-use,unused-argument
+
+@register_route('/api/v1/token')
+class Login(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		return Response.new({'message': 'Token valid :3'})
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['username', 'password'], [])
+
+		if isinstance(data, Response):
+			return data
+
+		if not (user := conn.get_user(data['username'])):
+			return Response.new_error(401, 'User not found', 'json')
+
+		try:
+			conn.hasher.verify(user['hash'], data['password'])
+
+		except VerifyMismatchError:
+			return Response.new_error(401, 'Invalid password', 'json')
+
+		token = conn.put_token(data['username'])
+		return Response.new({'token': token['code']}, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection) -> Response:
+		conn.del_token(request['token'])
+		return Response.new({'message': 'Token revoked'}, ctype = 'json')
+
+
+@register_route('/api/v1/relay')
+class RelayInfo(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		config = conn.get_config_all()
+		inboxes = [row['domain'] for row in conn.execute('SELECT * FROM inboxes')]
+
+		data = {
+			'domain': self.config.domain,
+			'name': config['name'],
+			'description': config['note'],
+			'version': __version__,
+			'whitelist_enabled': config['whitelist-enabled'],
+			'email': None,
+			'admin': None,
+			'icon': None,
+			'instances': inboxes
+		}
+
+		return Response.new(data, ctype = 'json')
+
+
+@register_route('/api/v1/config')
+class Config(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		data = conn.get_config_all()
+		data['log-level'] = data['log-level'].name
+
+		for key in CONFIG_IGNORE:
+			del data[key]
+
+		return Response.new(data, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['key', 'value'], [])
+
+		if isinstance(data, Response):
+			return data
+
+		if data['key'] not in CONFIG_VALID:
+			return Response.new_error(400, 'Invalid key', 'json')
+
+		conn.put_config(data['key'], data['value'])
+		return Response.new({'message': 'Updated config'}, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['key'], [])
+
+		if isinstance(data, Response):
+			return data
+
+		if data['key'] not in CONFIG_VALID:
+			return Response.new_error(400, 'Invalid key', 'json')
+
+		conn.put_config(data['key'], CONFIG_DEFAULTS[data['key']][1])
+		return Response.new({'message': 'Updated config'}, ctype = 'json')
+
+
+@register_route('/api/v1/inbox')
+class Inbox(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		data = []
+
+		for inbox in conn.execute('SELECT * FROM inboxes'):
+			try:
+				created = datetime.fromtimestamp(inbox['created'], tz = timezone.utc)
+
+			except TypeError:
+				created = datetime.fromisoformat(inbox['created'])
+
+			inbox['created'] = created.isoformat()
+			data.append(inbox)
+
+		return Response.new(data, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['domain', 'inbox', 'actor'], ['software'])
+
+		if isinstance(data, Response):
+			return data
+
+		if conn.get_inbox(data['domain']):
+			return Response.new_error(404, 'Inbox already in database', 'json')
+
+		row = conn.put_inbox(**data)
+		return Response.new(row.to_json(), ctype = 'json')
+
+
+@register_route('/api/v1/inbox/{domain}')
+class InboxSingle(View):
+	async def get(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not (row := conn.get_inbox(domain)):
+			return Response.new_error(404, 'Inbox with domain not found', 'json')
+
+		row['created'] = datetime.fromtimestamp(row['created'], tz = timezone.utc).isoformat()
+		return Response.new(row, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not conn.get_inbox(domain):
+			return Response.new_error(404, 'Inbox with domain not found', 'json')
+
+		conn.del_inbox(domain)
+		return Response.new({'message': 'Deleted inbox'}, ctype = 'json')
+
+
+@register_route('/api/v1/domain_ban')
+class DomainBan(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		bans = conn.execute('SELECT * FROM domain_bans').all()
+		return Response.new(bans, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['domain'], ['note', 'reason'])
+
+		if isinstance(data, Response):
+			return data
+
+		if conn.get_domain_ban(data['domain']):
+			return Response.new_error(400, 'Domain already banned', 'json')
+
+		ban = conn.put_domain_ban(**data)
+		return Response.new(ban, ctype = 'json')
+
+
+@register_route('/api/v1/domain_ban/{domain}')
+class DomainBanSingle(View):
+	async def get(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not (ban := conn.get_domain_ban(domain)):
+			return Response.new_error(404, 'Domain ban not found', 'json')
+
+		return Response.new(ban, ctype = 'json')
+
+
+	async def patch(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not conn.get_domain_ban(domain):
+			return Response.new_error(404, 'Domain not banned', 'json')
+
+		data = await self.get_data(['domain'], ['note', 'reason'])
+
+		if isinstance(data, Response):
+			return data
+
+		ban = conn.update_domain_ban(**data)
+		return Response.new(ban, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not conn.get_domain_ban(domain):
+			return Response.new_error(404, 'Domain not banned', 'json')
+
+		conn.del_domain_ban(domain)
+		return Response.new({'message': 'Unbanned domain'}, ctype = 'json')
+
+
+@register_route('/api/v1/software_ban')
+class SoftwareBan(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		bans = conn.execute('SELECT * FROM software_bans').all()
+		return Response.new(bans, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['name'], ['note', 'reason'])
+
+		if isinstance(data, Response):
+			return data
+
+		if conn.get_software_ban(data['name']):
+			return Response.new_error(400, 'Domain already banned', 'json')
+
+		ban = conn.put_software_ban(**data)
+		return Response.new(ban, ctype = 'json')
+
+
+@register_route('/api/v1/software_ban/{name}')
+class SoftwareBanSingle(View):
+	async def get(self, request: Request, conn: Connection, name: str) -> Response:
+		if not (ban := conn.get_software_ban(name)):
+			return Response.new_error(404, 'Software ban not found', 'json')
+
+		return Response.new(ban, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection, name: str) -> Response:
+		if not conn.get_software_ban(name):
+			return Response.new_error(404, 'Software not banned', 'json')
+
+		data = await self.get_data(['name'], ['note', 'reason'])
+
+		if isinstance(data, Response):
+			return data
+
+		ban = conn.update_software_ban(**data)
+		return Response.new(ban, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not conn.get_software_ban(domain):
+			return Response.new_error(404, 'Software not banned', 'json')
+
+		conn.del_software_ban(domain)
+		return Response.new({'message': 'Unbanned software'}, ctype = 'json')
+
+
+@register_route('/api/v1/whitelist')
+class Whitelist(View):
+	async def get(self, request: Request, conn: Connection) -> Response:
+		items = conn.execute('SELECT * FROM whitelist').all()
+		return Response.new(items, ctype = 'json')
+
+
+	async def post(self, request: Request, conn: Connection) -> Response:
+		data = await self.get_data(['domain'])
+
+		if isinstance(data, Response):
+			return data
+
+		if conn.get_domain_whitelist(data['domain']):
+			return Response.new_error(400, 'Domain already added to whitelist', 'json')
+
+		item = conn.put_domain_whitelist(**data)
+		return Response.new(item, ctype = 'json')
+
+
+@register_route('/api/v1/domain/{domain}')
+class WhitelistSingle(View):
+	async def get(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not (item := conn.get_domain_whitelist(domain)):
+			return Response.new_error(404, 'Domain not in whitelist', 'json')
+
+		return Response.new(item, ctype = 'json')
+
+
+	async def delete(self, request: Request, conn: Connection, domain: str) -> Response:
+		if not conn.get_domain_whitelist(domain):
+			return Response.new_error(404, 'Domain not in whitelist', 'json')
+
+		conn.del_domain_whitelist(domain)
+		return Response.new({'message': 'Removed domain from whitelist'}, ctype = 'json')
--- a/relay/views/base.py
+++ b/relay/views/base.py
@ -6,6 +6,9 @@ from aiohttp.abc import AbstractView
 from aiohttp.hdrs import METH_ALL as METHODS
 from aiohttp.web import HTTPMethodNotAllowed
 from functools import cached_property
+from json.decoder import JSONDecodeError
+
+from ..misc import Response

 if typing.TYPE_CHECKING:
 	from collections.abc import Callable, Coroutine, Generator
@ -14,7 +17,6 @@ if typing.TYPE_CHECKING:
 	from ..cache import Cache
 	from ..config import Config
 	from ..http_client import HttpClient
-	from ..misc import Response


 VIEWS = []
@ -91,3 +93,32 @@ class View(AbstractView):
 	@property
 	def database(self) -> Database:
 		return self.app.database
+
+
+	async def get_data(self, required: list[str], optional: list[str]) -> dict[str, str] | Response:
+		if self.request.content_type in {'x-www-form-urlencoded', 'multipart/form-data'}:
+			post_data = await self.request.post()
+
+		elif self.request.content_type == 'application/json':
+			try:
+				post_data = await self.request.json()
+
+			except JSONDecodeError:
+				return Response.new_error(400, 'Invalid JSON data', 'json')
+
+		else:
+			post_data = self.request.query
+
+		data = {}
+
+		try:
+			for key in required:
+				data[key] = post_data[key]
+
+		except KeyError as e:
+			return Response.new_error(400, f'Missing {str(e)} pararmeter', 'json')
+
+		for key in optional:
+			data[key] = post_data.get(key)
+
+		return data
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,6 @@
 aiohttp>=3.9.1
 aputils@https://git.barkshark.xyz/barkshark/aputils/archive/0.1.6a.tar.gz
+argon2-cffi==23.1.0
 click>=8.1.2
 gunicorn==21.1.0
 hiredis==2.3.2