First draft implementation on JWT.

author: Kristofer Hallin <kristofer@sunet.se> 2021-10-08 14:17:43 +0200
committer: Kristofer Hallin <kristofer@sunet.se> 2021-10-08 14:17:43 +0200
commit: 99f02077ed897b73fb9f452926e8f3f1fed72358 (patch)
tree: 96520ef7bc3446a3501f8f23d796d9ea931c74ef /src
parent: 446d9f04be3602d395407e79e781b7c591b45ad5 (diff)
3 files changed, 34 insertions, 3 deletions
diff --git a/src/db.py b/src/db.py
index f9d0da1..f4f9bc1 100755
--- a/src/db.py
+++ b/src/db.py
@@ -89,10 +89,12 @@ class DictDB():
             selector = {"selector": {}}
 
             for key in kwargs:
+                if kwargs[key] is None:
+                    continue
                 if kwargs[key].isnumeric():
                     kwargs[key] = int(kwargs[key])
                 selector['selector'][key] = {'$eq': kwargs[key]}
-
+        print(selector)
         for doc in self.couchdb.find(selector):
             data.append(doc)
 
diff --git a/src/middleware.py b/src/middleware.py
new file mode 100644
index 0000000..2e38190
--- /dev/null
+++ b/src/middleware.py
@@ -0,0 +1,24 @@
+from falcon_auth import FalconAuthMiddleware, JWTAuthBackend
+
+
+TEMPORARY_SECRET_KEY_TO_BE_CHANGED = 'testing123'
+TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED = 'HS256'
+
+
+def user_check(credential):
+    return {'user': credential['sub'], 'role': credential['role'], 'domains': credential['domains']}
+
+
+jwt_auth = JWTAuthBackend(
+    user_loader=user_check,
+    secret_key=TEMPORARY_SECRET_KEY_TO_BE_CHANGED,
+    algorithm=TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED,
+    auth_header_prefix='Bearer',
+    leeway=600,
+    expiration_delta=900,
+    audience='localhost'
+)
+
+middleware_jwt = [
+    FalconAuthMiddleware(jwt_auth)
+]
diff --git a/src/wsgi.py b/src/wsgi.py
index 54d18d3..701f77d 100755
--- a/src/wsgi.py
+++ b/src/wsgi.py
@@ -10,6 +10,7 @@ import falcon
 from db import DictDB
 from base64 import b64decode
 from wsgiref.simple_server import make_server
+from middleware import middleware_jwt
 
 try:
     database = os.environ['COUCHDB_NAME']
@@ -52,7 +53,10 @@ class EPGet(CollectorResource):
 
         resp.status = falcon.HTTP_200
         resp.content_type = falcon.MEDIA_JSON
-        orgs = self.user_auth(req.auth, self._users.read_perms)
+
+        print(req.context)
+        if 'domains' in req.context['user']:
+            orgs = req.context['user']['domains']
 
         if not orgs:
             resp.status = falcon.HTTP_401
@@ -133,7 +137,8 @@ def main(port=8000, wsgi_helper=False):
         ('/sc/v0/add', EPAdd(db, users)),
         ('/sc/v0/get', EPGet(db, users))
     ]
-    app = falcon.App(cors_enable=True)
+
+    app = falcon.App(cors_enable=True, middleware=middleware_jwt)
 
     for url, res in resources_map:
         app.add_route(url, res)
author	Kristofer Hallin <kristofer@sunet.se>	2021-10-08 14:17:43 +0200
committer	Kristofer Hallin <kristofer@sunet.se>	2021-10-08 14:17:43 +0200
commit	99f02077ed897b73fb9f452926e8f3f1fed72358 (patch)
tree	96520ef7bc3446a3501f8f23d796d9ea931c74ef /src
parent	446d9f04be3602d395407e79e781b7c591b45ad5 (diff)