Django backend for custos portal

[Dinuka De Silva <l....@gmail.com>]

Hi Everyone,

I'm working on securing the Custos frontend portal by adding a Django
layer. So, I would like to share my current progress here to get your
opinion.

The following diagram describes the new architecture of how the new
frontend portal is going to talk with the Custos endpoints securely while
following its protocol. With this approach, we are exposing only the
"seesionId" to the browser and everything else is in the Django layer.

[image: image.png]

Current progress

   1. Marcus worked on adding the Django layer and building the development
   environment
   https://github.com/apache/airavata-custos-portal/pull/160#issuecomment-1306169660
   2. I worked on adding endpoints for managing sessions for authorized
   users.
   https://github.com/dinukadesilva/airavata-custos-portal/tree/gh-160-adding-django-layer
   1. "api/config" - Returns necessary configurations to the frontend.
      2. "/api/auth" - Redirects the user to CILogon and redirect back to
      "/api/callback" on successful authentication.
      3. "api/userinfo" - The endpoint to get the currently logged in user
      4. "api/custos/{custos-resource-path}" - The endpoint for custos
      resources.

N
<https://github.com/dinukadesilva/airavata-custos-portal/tree/gh-160-adding-django-layer>
otes

   - Currently, the implementation does not use the custos Python SDK.
   Instead, the Django API works as a worker/proxy which adds the access token
   to the requests and sends it to the custos services.
   -
   - eg: If the Django layer gets a hit to
   "/api/custos/tenant-management/v1.0.0/oauth2/tenant?client_id=custos-s3mnbiw3bknntqdopemp-10000101"
   the django layer first authorize the session and if it's valid, send a
   request to "
   https://prod.custos.usecustos.org/apiserver/api/tenant-management/v1.0.0/oauth2/tenant?client_id=custos-s3mnbiw3bknntqdopemp-10000101"
   with Authorization header added.

[image: image.png]


Thanks & Regards,
Dinuka