from flask import Flask, request
from flask_restful import Api, Resource
from flask_jwt_extended import create_access_token, JWTManager
from flask_cors import CORS
import authn
app = Flask(__name__)
cors = CORS(
app,
resources={r"/api/*": {"origins": "*"}},
expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
)
api = Api(app, prefix="/api/v1.0")
jwt = JWTManager(app)
PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"
app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
app.config["JWT_ALGORITHM"] = "ES256"
app.config["JWT_IDENTITY_CLAIM"] = "sub"
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False
class AuthApi(Resource):
def post(self):
identity = request.environ.get("REMOTE_USER")
db = authn.UserDB("userdb.yaml")
additional_claims = {
"type": "access",
"read": db.read_perms(identity),
"write": db.write_perms(identity),
}
access_token = create_access_token(
identity=identity,
additional_claims=additional_claims,
)
return {"access_token": access_token}, 200
@app.route("/")
def index():
return "Username: {}
Auth type: {}
".format(
request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE")
)
api.add_resource(AuthApi, "/auth")