From 99f02077ed897b73fb9f452926e8f3f1fed72358 Mon Sep 17 00:00:00 2001
From: Kristofer Hallin <kristofer@sunet.se>
Date: Fri, 8 Oct 2021 14:17:43 +0200
Subject: First draft implementation on JWT.

---
 src/db.py         |  4 +++-
 src/middleware.py | 24 ++++++++++++++++++++++++
 src/wsgi.py       |  9 +++++++--
 3 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 src/middleware.py

(limited to 'src')

diff --git a/src/db.py b/src/db.py
index f9d0da1..f4f9bc1 100755
--- a/src/db.py
+++ b/src/db.py
@@ -89,10 +89,12 @@ class DictDB():
             selector = {"selector": {}}
 
             for key in kwargs:
+                if kwargs[key] is None:
+                    continue
                 if kwargs[key].isnumeric():
                     kwargs[key] = int(kwargs[key])
                 selector['selector'][key] = {'$eq': kwargs[key]}
-
+        print(selector)
         for doc in self.couchdb.find(selector):
             data.append(doc)
 
diff --git a/src/middleware.py b/src/middleware.py
new file mode 100644
index 0000000..2e38190
--- /dev/null
+++ b/src/middleware.py
@@ -0,0 +1,24 @@
+from falcon_auth import FalconAuthMiddleware, JWTAuthBackend
+
+
+TEMPORARY_SECRET_KEY_TO_BE_CHANGED = 'testing123'
+TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED = 'HS256'
+
+
+def user_check(credential):
+    return {'user': credential['sub'], 'role': credential['role'], 'domains': credential['domains']}
+
+
+jwt_auth = JWTAuthBackend(
+    user_loader=user_check,
+    secret_key=TEMPORARY_SECRET_KEY_TO_BE_CHANGED,
+    algorithm=TEMPORARY_JWT_ALGORITHM_TO_BE_CHANGED,
+    auth_header_prefix='Bearer',
+    leeway=600,
+    expiration_delta=900,
+    audience='localhost'
+)
+
+middleware_jwt = [
+    FalconAuthMiddleware(jwt_auth)
+]
diff --git a/src/wsgi.py b/src/wsgi.py
index 54d18d3..701f77d 100755
--- a/src/wsgi.py
+++ b/src/wsgi.py
@@ -10,6 +10,7 @@ import falcon
 from db import DictDB
 from base64 import b64decode
 from wsgiref.simple_server import make_server
+from middleware import middleware_jwt
 
 try:
     database = os.environ['COUCHDB_NAME']
@@ -52,7 +53,10 @@ class EPGet(CollectorResource):
 
         resp.status = falcon.HTTP_200
         resp.content_type = falcon.MEDIA_JSON
-        orgs = self.user_auth(req.auth, self._users.read_perms)
+
+        print(req.context)
+        if 'domains' in req.context['user']:
+            orgs = req.context['user']['domains']
 
         if not orgs:
             resp.status = falcon.HTTP_401
@@ -133,7 +137,8 @@ def main(port=8000, wsgi_helper=False):
         ('/sc/v0/add', EPAdd(db, users)),
         ('/sc/v0/get', EPGet(db, users))
     ]
-    app = falcon.App(cors_enable=True)
+
+    app = falcon.App(cors_enable=True, middleware=middleware_jwt)
 
     for url, res in resources_map:
         app.add_route(url, res)
-- 
cgit v1.1