auth-server-poc/src/app.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

from flask import Flask, request
from flask_restful import Api, Resource
from flask_jwt_extended import create_access_token, JWTManager
from flask_cors import CORS

import authn

app = Flask(__name__)
cors = CORS(
    app,
    resources={r"/api/*": {"origins": "*"}},
    expose_headers=["Content-Type", "Authorization", "X-Total-Count"],
)
api = Api(app, prefix="/api/v1.0")
jwt = JWTManager(app)

PEM_PRIVATE = "/opt/auth-server-poc/cert/private.pem"
PEM_PUBLIC = "/opt/auth-server-poc/cert/public.pem"

app.config["JWT_PRIVATE_KEY"] = open(PEM_PRIVATE).read()
app.config["JWT_PUBLIC_KEY"] = open(PEM_PUBLIC).read()
app.config["JWT_ALGORITHM"] = "ES256"
app.config["JWT_IDENTITY_CLAIM"] = "sub"
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = False


class AuthApi(Resource):
    def post(self):

        identity = request.environ.get("REMOTE_USER")
        db = authn.UserDB("userdb.yaml")
        additional_claims = {
            "type": "access",
            "read": db.read_perms(identity),
            "write": db.write_perms(identity),
        }

        access_token = create_access_token(
            identity=identity,
            additional_claims=additional_claims,
        )

        return {"access_token": access_token}, 200


@app.route("/")
def index():
    return "<p>Username: {}</p><p>Auth type: {}</p>".format(
        request.environ.get("REMOTE_USER"), request.environ.get("AUTH_TYPE")
    )


api.add_resource(AuthApi, "/auth")