1 files changed, 25 insertions, 14 deletions

diff --git a/auth-server-poc/src/app.py b/auth-server-poc/src/app.py
index 443eded..c7ba0d1 100644
--- a/auth-server-poc/src/app.py
+++ b/auth-server-poc/src/app.py
@@ -3,40 +3,51 @@ from flask_restful import Api, Resource
 from flask_jwt_extended import create_access_token, JWTManager
 from flask_cors import CORS
 
+import authn
+
 app = Flask(__name__)
 cors = CORS(
     app,
     resources={r"/api/*": {"origins": "*"}},
     expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
 )
-api = Api(app, prefix='/api/v1.0')
+api = Api(app, prefix="/api/v1.0")
 jwt = JWTManager(app)
 
-PEM_PRIVATE = '/opt/auth-server-poc/cert/private.pem'
-PEM_PUBLIC = '/opt/auth-server-poc/cert/public.pem'
+PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
+PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"
 
-app.config['JWT_PRIVATE_KEY'] = open(PEM_PRIVATE).read()
-app.config['JWT_PUBLIC_KEY'] = open(PEM_PUBLIC).read()
-app.config['JWT_ALGORITHM'] = 'ES256'
-app.config['JWT_IDENTITY_CLAIM'] = 'sub'
-app.config['JWT_ACCESS_TOKEN_EXPIRES'] = False
+app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
+app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
+app.config["JWT_ALGORITHM"] = "ES256"
+app.config["JWT_IDENTITY_CLAIM"] = "sub"
+app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False
 
 
 class AuthApi(Resource):
     def post(self):
-        additional_claims = {"type": "access", "domains": ["sunet.se"]}
+
+        identity = request.environ.get("REMOTE_USER")
+        db = authn.UserDB("userdb.yaml")
+        additional_claims = {
+            "type": "access",
+            "read": db.read_perms(identity),
+            "write": db.write_perms(identity),
+        }
+
         access_token = create_access_token(
-            identity=request.environ.get('REMOTE_USER'),
+            identity=identity,
             additional_claims=additional_claims,
         )
-        return {'access_token': access_token}, 200
+
+        return {"access_token": access_token}, 200
 
 
-@app.route('/')
+@app.route("/")
 def index():
     return "<p>Username: {}</p><p>Auth type: {}</p>".format(
-        request.environ.get('REMOTE_USER'), request.environ.get('AUTH_TYPE')
+        request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE")
     )
 
 
-api.add_resource(AuthApi, '/auth')
+api.add_resource(AuthApi, "/auth")