chore: authz plugin dynamic import setup

bento-platform · Oct 11, 2024 · 877e741 · 877e741
1 parent 411f1d2
commit 877e741
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -167,3 +167,6 @@ cython_debug/
 
 # tds-db
 pg_data
+
+# TDS custom authz module
+lib/*
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -10,6 +10,8 @@ services:
       - DATABASE_URI=postgres://tds_user:tds_password@tds-db:5432/tds_db
       - CORS_ORIGINS="*"
       - BENTO_AUTHZ_SERVICE_URL=""
+    volumes:
+      - $PWD/lib:/tds/lib
     ports:
       - "5000:5000"
 

diff --git a/etc/bento.authz.module.py b/etc/bento.authz.module.py
@@ -0,0 +1,15 @@
+from fastapi import Request
+from bento_lib.auth.middleware.fastapi import FastApiAuthMiddleware
+
+from transcriptomics_data_service.config import get_config
+from transcriptomics_data_service.logger import get_logger
+
+config = get_config()
+logger = get_logger(config)
+
+bento_authz = FastApiAuthMiddleware.build_from_pydantic_config(config, logger)
+
+async def get_current_user_authorization(req: Request):
+    # TODO use as a propper middleware, or simply as an injectable with method calls?
+    print("************ This middleware performs authz checks for Bento")
+    return True
diff --git a/etc/example.authz.module.py b/etc/example.authz.module.py
@@ -0,0 +1,5 @@
+from fastapi import Depends, Request
+
+async def get_current_user_authorization(request: Request):
+    print("****************** This is a dynamically imported module function")
+    return True
diff --git a/transcriptomics_data_service/authz/__init__.py b/transcriptomics_data_service/authz/__init__.py
diff --git a/transcriptomics_data_service/authz/plugin.py b/transcriptomics_data_service/authz/plugin.py
@@ -0,0 +1,23 @@
+import importlib.util
+import sys
+
+from fastapi import Depends, Request
+
+__all__ = ["get_request_authorization"]
+
+
+def import_module_from_path(path):
+    spec = importlib.util.spec_from_file_location("authz_plugin", path)
+    module = importlib.util.module_from_spec(spec)
+    spec.loader.exec_module(module)
+    return module
+
+
+# TODO find a way to allow plugin writers to specify additional dependencies to be installed
+
+AUTHZ_MODULE_PATH = "/tds/lib/authz.module.py"
+authz_plugin = import_module_from_path(AUTHZ_MODULE_PATH)
+
+
+async def get_request_authorization(req: Request):
+    return await authz_plugin.get_current_user_authorization(req)
diff --git a/transcriptomics_data_service/routers/ingest.py b/transcriptomics_data_service/routers/ingest.py
@@ -1,10 +1,11 @@
-from fastapi import APIRouter, File, UploadFile, status
+from fastapi import APIRouter, File, Request, UploadFile, status
 import csv
 import json
 from io import StringIO
 
 from transcriptomics_data_service.db import DatabaseDependency
 from transcriptomics_data_service.models import ExperimentResult, GeneExpression
+from transcriptomics_data_service.authz.plugin import get_request_authorization
 
 __all__ = ["ingest_router"]
 
@@ -18,18 +19,22 @@
     status_code=status.HTTP_200_OK,
 )
 async def ingest(
+    request: Request,
     db: DatabaseDependency,
     experiment_result_id: str,
     assembly_name: str,
     assembly_id: str,
     rcm_file: UploadFile = File(...),
 ):
+    # TODO make injectable
+    authorized = await get_request_authorization(request)
+
     # Read and process rcm file
     file_bytes = rcm_file.file.read()
     buffer = StringIO(file_bytes.decode("utf-8"))
     rcm = {}
     for row in csv.DictReader(buffer):
-        print(row)
+        # print(row)
         rcm[row[GENE_ID_KEY]] = row
     # rcm["WASH6P"]  would return something like:
     # {'GeneID': 'WASH6P', '<BIOSAMPLE_ID_1>': '63', '<BIOSAMPLE_ID_2>: '0', ...}
-Original file line number
+Diff line change
@@ Expand Up / @@ -167,3 +167,6 @@ cython_debug/ @@
     # tds-db
     pg_data
+    # TDS custom authz module
+    lib/*