You are viewing a plain text version of this content. The canonical link for it is here.
Posted to custos@airavata.apache.org by "dinukadesilva (via GitHub)" <gi...@apache.org> on 2023/02/09 20:51:17 UTC
[GitHub] [airavata-custos-portal] dinukadesilva commented on a diff in pull request #167: gh-160: Adding Django layer
dinukadesilva commented on code in PR #167:
URL: https://github.com/apache/airavata-custos-portal/pull/167#discussion_r1102010593
##########
airavata_custos_portal/apps/api/views.py:
##########
@@ -0,0 +1,197 @@
+from django.conf import settings
+from django.http import HttpResponse
+from rest_framework.decorators import api_view
+from rest_framework.response import Response
+
+from django.shortcuts import redirect, render
+import requests
+import base64
+import jwt
+
+import os
+import environ
+
+env = environ.Env()
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+environ.Env.read_env('.env')
+
+CUSTOS_CLIENT_ID = env("CUSTOS_CLIENT_ID")
+CUSTOS_CLIENT_SEC = env("CUSTOS_CLIENT_SEC")
+CUSTOS_API_URL = env("CUSTOS_API_URL")
+CUSTOS_SUPER_CLIENT_ID = env("CUSTOS_SUPER_CLIENT_ID")
+UNDER_MAINTENANCE = env("UNDER_MAINTENANCE")
+
+ENDPOINTS = {
+ "IDENTITY": "identity-management/v1.0.0",
+ "USERS": "user-management/v1.0.0",
+ "GROUPS": "group-management/v1.0.0",
+ "TENANTS": "tenant-management/v1.0.0",
+ "SHARING": "sharing-management/v1.0.0",
+ "SECRETS": "resource-secret-management/v1.0.0"
+}
+
+
+# Create your views here.
+@api_view()
+def get_config(request):
+ # Just a simple REST API view to show how to access VUE_APP_* settings
+ return Response({
+ "VUE_APP_CLIENT_ID": CUSTOS_CLIENT_ID,
+ "VUE_APP_CUSTOS_API_URL": request.build_absolute_uri('/api/custos'),
+ "VUE_APP_SUPER_CLIENT_ID": CUSTOS_SUPER_CLIENT_ID
+ })
+
+
+@api_view()
+def get_userinfo(request):
+ if 'access_token' not in request.session:
+ return HttpResponse('Unauthorized', status=401)
+ else:
+ payload = jwt.decode(jwt=request.session['access_token'], verify=False)
+ return Response(payload)
+
+
+def get_client_sec(request, client_id):
+ response = requests.get(
+ url=f"{CUSTOS_API_URL}/{ENDPOINTS['IDENTITY']}/credentials",
+ params={'client_id': client_id},
+ headers={
+ 'Accept': '*/*',
+ 'Content-Type': 'application/json',
+ 'Authorization': f"Bearer {request.session['access_token']}"
+ }
+ )
+
+ response_json = response.json()
+ client_sec = response_json["custos_client_secret"]
+
+ return client_sec
+
+
+def get_client_auth_base64(request, client_id=None, client_sec=None):
+ if client_id is None and client_sec is None:
+ client_id = CUSTOS_CLIENT_ID
+ client_sec = CUSTOS_CLIENT_SEC
+ elif client_id is not None and client_sec is None:
+ client_sec = get_client_sec(request, client_id)
+
+ client_auth_base64 = f"{client_id}:{client_sec}"
+ client_auth_base64 = client_auth_base64.encode("utf-8")
+ client_auth_base64 = base64.b64encode(client_auth_base64).decode('utf-8')
+ client_auth_base64 = f"Bearer {client_auth_base64}"
+
+ return client_auth_base64
+
+
+@api_view()
+def get_auth_callback(request):
+ CUSTOS_REDIRECT_URI = request.build_absolute_uri('/api/callback')
+ code = request.GET.get("code", None)
+
+ client_auth_base64 = get_client_auth_base64(request)
+
+ response = requests.post(
+ url=f"{CUSTOS_API_URL}/{ENDPOINTS['IDENTITY']}/token",
+ json={'code': code, 'redirect_uri': CUSTOS_REDIRECT_URI,
+ 'grant_type': 'authorization_code'},
+ headers={
+ 'Accept': '*/*',
+ 'Content-Type': 'application/json',
+ 'Authorization': client_auth_base64
+ }
+ )
+
+ set_token_response_session(request, response)
+
+ return redirect("/")
+
+
+def set_token_response_session(request, response):
+ response_json = response.json()
+ request.session.set_expiry(response_json["expires_in"])
+ request.session['access_token'] = response_json["access_token"]
+ request.session['refresh_token'] = response_json["refresh_token"]
+ request.session['id_token'] = response_json["id_token"]
+
+
+def remove_token_response_session(request):
+ del request.session['access_token']
+ del request.session['refresh_token']
+ del request.session['id_token']
+
+
+custos_resource_map = {
+ "credentials": f"{ENDPOINTS['IDENTITY']}/credentials"
+}
+
+
+@api_view(["GET", "POST", "PUT", "DELETE"])
+def get_custos_api(request, endpoint_path=""):
+ CUSTOS_REDIRECT_URI = request.build_absolute_uri('/api/callback')
+
+ client_auth_base64 = get_client_auth_base64(request)
+ client_auth_cases_map = {
+ "token_password": endpoint_path == f"{ENDPOINTS['IDENTITY']}/token" and "grant_type" in request.data
+ and request.data["grant_type"] == "password",
+ "token_refresh_token": endpoint_path == f"{ENDPOINTS['IDENTITY']}/token" and "grant_type" in request.data
+ and request.data["grant_type"] == "refresh_token",
+ "token_authorization_code": endpoint_path == f"{ENDPOINTS['IDENTITY']}/token" and "grant_type" in request.data
+ and request.data["grant_type"] == "authorization_code",
+ "token_openid-configuration": endpoint_path == f"{ENDPOINTS['IDENTITY']}/.well-known/openid-configuration",
+ "logout": endpoint_path == f"{ENDPOINTS['IDENTITY']}/user/logout",
+ "tenant_create": endpoint_path == f"{ENDPOINTS['TENANTS']}/oauth2/tenant" and request.method == "POST"
+ }
+
+ authorization_header = None
+ if True in client_auth_cases_map.values():
+ authorization_header = client_auth_base64
+ elif "access_token" in request.session:
+ authorization_header = f"Bearer {request.session['access_token']}"
+
+ if client_auth_cases_map["tenant_create"] and "parent_client_id" in request.data:
+ if request.data["parent_client_id"] == CUSTOS_SUPER_CLIENT_ID:
+ authorization_header = None
Review Comment:
Yes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: custos-unsubscribe@airavata.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org