From 5e963f87fa416a914b4f9044d37a764c01e3f329 Mon Sep 17 00:00:00 2001 From: Bruce Schultz Date: Mon, 25 Mar 2024 12:15:33 +0100 Subject: [PATCH] feat(auth): add token to API GUI --- gateway/auth.py | 7 ++++++- gateway/routers/hub.py | 5 +++-- gateway/routers/kong.py | 4 ++-- gateway/routers/podorc.py | 4 ++-- gateway/routers/results.py | 4 ++-- gateway/server.py | 19 +++++++++++++------ 6 files changed, 28 insertions(+), 15 deletions(-) diff --git a/gateway/auth.py b/gateway/auth.py index 7549169..61b3569 100644 --- a/gateway/auth.py +++ b/gateway/auth.py @@ -2,7 +2,7 @@ import requests from fastapi import Security, HTTPException -from fastapi.security import OAuth2AuthorizationCodeBearer, OAuth2PasswordBearer +from fastapi.security import OAuth2AuthorizationCodeBearer, OAuth2PasswordBearer, HTTPBearer from jose import jwt, JOSEError from starlette import status from starlette.datastructures import MutableHeaders @@ -31,6 +31,11 @@ idp_oauth2_scheme_pass = OAuth2PasswordBearer(tokenUrl=realm_idp_settings.token_url) +httpbearer = HTTPBearer( + scheme_name="JWT", + description="Pass a valid JWT here for authentication. Can be obtained from /token endpoint." +) + # Debugging methods async def get_idp_public_key() -> str: diff --git a/gateway/routers/hub.py b/gateway/routers/hub.py index ad71058..0cf98c7 100644 --- a/gateway/routers/hub.py +++ b/gateway/routers/hub.py @@ -7,7 +7,7 @@ from starlette.requests import Request from starlette.responses import Response -from gateway.auth import add_hub_jwt, verify_idp_token, idp_oauth2_scheme_pass +from gateway.auth import add_hub_jwt, verify_idp_token, idp_oauth2_scheme_pass, httpbearer from gateway.conf import gateway_settings from gateway.core import route from gateway.models.hub import Project, AllProjects, ApprovalStatus, AnalysisOrProjectNode, ListAnalysisOrProjectNodes, \ @@ -15,7 +15,8 @@ from gateway.models.k8s import ImageDataResponse, ContainerResponse hub_router = APIRouter( - dependencies=[Security(verify_idp_token), Depends(add_hub_jwt), Security(idp_oauth2_scheme_pass)], + dependencies=[Security(verify_idp_token), Depends(add_hub_jwt), Security(idp_oauth2_scheme_pass), + Security(httpbearer)], tags=["Hub"], responses={404: {"description": "Not found"}}, ) diff --git a/gateway/routers/kong.py b/gateway/routers/kong.py index e201b7b..105a8d4 100644 --- a/gateway/routers/kong.py +++ b/gateway/routers/kong.py @@ -9,13 +9,13 @@ from kong_admin_client.rest import ApiException from starlette import status -from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass +from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass, httpbearer from gateway.conf import gateway_settings from gateway.models.kong import ServiceRequest, HttpMethodCode, ProtocolCode, LinkDataStoreProject, \ Disconnect, LinkProjectAnalysis kong_router = APIRouter( - dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass)], + dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass), Security(httpbearer)], tags=["Kong"], responses={404: {"description": "Not found"}}, ) diff --git a/gateway/routers/podorc.py b/gateway/routers/podorc.py index 92c4651..c1d9aea 100644 --- a/gateway/routers/podorc.py +++ b/gateway/routers/podorc.py @@ -7,12 +7,12 @@ from starlette.requests import Request from starlette.responses import Response -from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass +from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass, httpbearer from gateway.conf import gateway_settings from gateway.core import route po_router = APIRouter( - dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass)], + dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass), Security(httpbearer)], tags=["PodOrc"], responses={404: {"description": "Not found"}}, ) diff --git a/gateway/routers/results.py b/gateway/routers/results.py index 498fc19..faac307 100644 --- a/gateway/routers/results.py +++ b/gateway/routers/results.py @@ -6,13 +6,13 @@ from starlette.requests import Request from starlette.responses import Response -from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass +from gateway.auth import verify_idp_token, idp_oauth2_scheme_pass, httpbearer from gateway.conf import gateway_settings from gateway.core import route from gateway.models.results import ResultsUploadResponse results_router = APIRouter( - dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass)], + dependencies=[Security(verify_idp_token), Security(idp_oauth2_scheme_pass), Security(httpbearer)], tags=["Results"], responses={404: {"description": "Not found"}}, ) diff --git a/gateway/server.py b/gateway/server.py index 7c53da7..17397bd 100644 --- a/gateway/server.py +++ b/gateway/server.py @@ -7,8 +7,7 @@ import requests import uvicorn -from fastapi import FastAPI, Depends, HTTPException -from fastapi.security import OAuth2PasswordRequestForm +from fastapi import FastAPI, HTTPException, Query from starlette import status from starlette.middleware.cors import CORSMiddleware @@ -55,7 +54,12 @@ async def lifespan(app: FastAPI): # Auth fill client ID for the docs with the below value "clientId": realm_idp_settings.client_id, # default client-id is Keycloak }, - lifespan=lifespan + lifespan=lifespan, + license_info={ + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html", + "identifier": "Apache-2.0", + }, ) app.add_middleware( @@ -96,11 +100,14 @@ def get_health() -> HealthCheck: status_code=status.HTTP_200_OK, response_model=Token, ) -def get_token(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]) -> Token: +def get_token( + username: Annotated[str, Query()], + password: Annotated[str, Query()], +) -> Token: """Get a token from the IDP.""" payload = { - "username": form_data.username, - "password": form_data.password, + "username": username, + "password": password, "client_id": realm_idp_settings.client_id, "client_secret": realm_idp_settings.client_secret, "grant_type": "password",