diff options
| -rw-r--r-- | requirements.txt | 2 | ||||
| -rw-r--r-- | src/middleware.py | 24 | ||||
| -rwxr-xr-x | src/wsgi.py | 71 |
3 files changed, 67 insertions, 30 deletions
diff --git a/requirements.txt b/requirements.txt index 2447183..0d9a610 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ falcon pyyaml requests +falcon-auth +PyJWT diff --git a/src/middleware.py b/src/middleware.py new file mode 100644 index 0000000..2e38190 --- /dev/null +++ b/src/middleware.py @@ -0,0 +1,24 @@ +from falcon_auth import FalconAuthMiddleware, JWTAuthBackend + + +TEMPORARY_SECRET_KEY_TO_BE_CHANGED = 'testing123' +TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED = 'HS256' + + +def user_check(credential): + return {'user': credential['sub'], 'role': credential['role'], 'domains': credential['domains']} + + +jwt_auth = JWTAuthBackend( + user_loader=user_check, + secret_key=TEMPORARY_SECRET_KEY_TO_BE_CHANGED, + algorithm=TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED, + auth_header_prefix='Bearer', + leeway=600, + expiration_delta=900, + audience='localhost' +) + +middleware_jwt = [ + FalconAuthMiddleware(jwt_auth) +] diff --git a/src/wsgi.py b/src/wsgi.py index 8ab178a..0aff8f4 100755 --- a/src/wsgi.py +++ b/src/wsgi.py @@ -10,6 +10,7 @@ import falcon from db import DictDB from base64 import b64decode from wsgiref.simple_server import make_server +from middleware import middleware_jwt try: database = os.environ['COUCHDB_NAME'] @@ -52,41 +53,51 @@ class EPGet(CollectorResource): out = list() selectors = dict() - limit = 25 - skip = 0 - orgs = self.user_auth(req.auth, self._users.read_perms) +<< << << < HEAD + resp.status = falcon.HTTP_200 + resp.content_type = falcon.MEDIA_JSON - if not orgs: - resp.status = falcon.HTTP_401 - resp.text = json.dumps({ - 'status': 'error', - 'message': 'Invalid username or password\n' - }) - return + print(req.context) + if 'domains' in req.context['user']: + orgs = req.context['user']['domains'] +== == == = + limit = 25 + skip = 0 - if key: - out = self._db.get(key) - resp.text = json.dumps({'status': 'success', 'data': out}) - return + orgs = self.user_auth(req.auth, self._users.read_perms) +>>>>>> > main - for param in req.params: - if param == 'limit': - limit = req.params['limit'] - elif param == 'skip': - skip = req.params['skip'] - for i in index.indexes: - for j in i['index']['fields']: - if j == param: - selectors[param] = req.params[param] - - for org in orgs: - selectors['domain'] = org - data = self._db.search(**selectors, limit=limit, skip=skip) - if data: - out += data + if not orgs: + resp.status = falcon.HTTP_401 + resp.text = json.dumps({ + 'status': 'error', + 'message': 'Invalid username or password\n' + }) + return + if key: + out = self._db.get(key) resp.text = json.dumps({'status': 'success', 'data': out}) + return + + for param in req.params: + if param == 'limit': + limit = req.params['limit'] + elif param == 'skip': + skip = req.params['skip'] + for i in index.indexes: + for j in i['index']['fields']: + if j == param: + selectors[param] = req.params[param] + + for org in orgs: + selectors['domain'] = org + data = self._db.search(**selectors, limit=limit, skip=skip) + if data: + out += data + + resp.text = json.dumps({'status': 'success', 'data': out}) class EPAdd(CollectorResource): @@ -145,7 +156,7 @@ def main(port=8000, wsgi_helper=False): db = DictDB(database, hostname, username, password) users = authn.UserDB('wsgi_demo_users.yaml') - app = falcon.App(cors_enable=True) + app = falcon.App(cors_enable=True, middleware=middleware_jwt) app.add_route('/sc/v0/add', EPAdd(db, users)) app.add_route('/sc/v0/get', EPGet(db, users)) app.add_route('/sc/v0/get/{key}', EPGet(db, users)) |