add common authentication functions

3e6e67dd · istmxrein · c751dad7 · 3e6e67dd · 3e6e67dd · 3e6e67dd
Commit 3e6e67dd authored 2 years ago by istmxrein
--- a/.gitignore
+++ b/.gitignore
+**/.idea
+**/pilab.egg-info
\ No newline at end of file
--- a/pilab/auth.py
+++ b/pilab/auth.py
+import logging
+from typing import Optional, List, Dict
+from fastapi import Header, HTTPException
+
+logger = logging.getLogger(__name__)
+
+ADMIN_GROUPS = ["/admin"]
+
+CUBE_ACCESS_LIST: Dict[int, List[str]] = {}
+
+
+def is_admin(x_forwarded_groups: str):
+    admin = False
+    if x_forwarded_groups and x_forwarded_groups is not None:
+        for group in ADMIN_GROUPS:
+            if group in x_forwarded_groups:
+                admin = True
+    return admin
+
+
+def get_username(usernames: List[str]):
+    for name in usernames:
+        if name and name is not None:
+            return name
+    return None
+
+
+async def get_user(x_forwarded_user: Optional[str] = Header(None),
+                   x_forwarded_preferred_username: Optional[str] = Header(None),
+                   x_forwarded_groups: Optional[str] = Header(None)):
+    """
+    Extract the username and admin status from the http headers oauth2-proxy provides
+    """
+    logger.debug(["X-Forwarded-Preferred-Username: " + x_forwarded_preferred_username if x_forwarded_preferred_username else ""] +
+                 ["X-Forwarded-User: " + x_forwarded_user if x_forwarded_user else ""] +
+                 ["X-Forwarded-Groups: " + x_forwarded_groups if x_forwarded_groups else ""])
+
+    admin = is_admin(x_forwarded_groups)
+    username = get_username([x_forwarded_preferred_username, x_forwarded_user])
+    return username, admin
+
+
+async def verify_user(cube_id: int, x_forwarded_preferred_username: Optional[str] = Header(None),
+                      x_forwarded_user: Optional[str] = Header(None),
+                      x_forwarded_groups: Optional[str] = Header(None)):
+
+    admin = is_admin(x_forwarded_groups)
+    username = get_username([x_forwarded_preferred_username, x_forwarded_user])
+    if admin:
+        return True
+    if username is not None and CUBE_ACCESS_LIST.get(cube_id) is not None:
+        if username in CUBE_ACCESS_LIST.get(cube_id):
+            return True
+
+    raise HTTPException(status_code=401, detail="Unauthorized")
--- a/setup.py
+++ b/setup.py
@@ -2,14 +2,14 @@ from setuptools import setup, find_packages

 setup(
    name='pilab',
-    version='0.1.0',    
+    version='0.2.0',
    description='Shared-Libs for the pi-lab microservices',
    url='https://code.fbi.h-da.de/api/v4/projects/27896/packages/pypi/pilab',
    author='Max Reinheimer',
    author_email='maximilian.reinheimer@stud.h-da.de',
    license='MIT',
    packages=find_packages(),
-    install_requires=['pika'],
+    install_requires=['pika', 'fastapi'],
    classifiers=[
        'Development Status :: 3 - Alpha',
        'Operating System :: POSIX :: Linux',