Add authentication

2020-08-23 22:07:20 +02:00 · 2020-08-23 22:07:20 +02:00 · 08da7a23f4
commit 08da7a23f4
parent 57c4a7767d
3 changed files with 44 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,12 @@
 # Entities Service

 Query and manipulate the Netz39 entities database.
+
+## Running the Service
+
+### Configuration
+
+The service is configured via the following environment variables:
+* `PORT`: Service port. defaults to 8080
+* `AUTH`: Authentication tokens, defaults to None. Example Configuration : `AUTH={"token_1": "user_1", "token_2": "user_2"}`
+
--- a/app.py
+++ b/app.py
@ -11,6 +11,7 @@ import isodate
 import json

 import util
+from auth import AuthProvider


 startup_timestamp = datetime.now()
@ -68,7 +69,7 @@ class Oas3Handler(tornado.web.RequestHandler, metaclass=ABCMeta):
        self.finish()


-def make_app():
+def make_app(_auth_provider=None):
    version_path = r"/v[0-9]"
    return tornado.web.Application([
        (version_path + r"/health", HealthHandler),
@ -80,8 +81,9 @@ def main():
    port = util.load_env('PORT', 8080)

    # Setup
+    auth_provider = AuthProvider.from_environment()

-    util.run_tornado_server(make_app(),
+    util.run_tornado_server(make_app(auth_provider),
                            server_port=port)

    # Teardown
--- a/auth.py
+++ b/auth.py
@ -0,0 +1,31 @@
+import json
+from util import load_env
+
+
+class AuthProvider(object):
+    @staticmethod
+    def from_environment():
+        auth = load_env("AUTH", None)
+
+        return AuthProvider(auth)
+
+    def __init__(self, auth_token_config):
+        if auth_token_config == "":
+            self.auth_token_pool = []
+            print("Service started without Authentication")
+            return
+
+        try:
+            self.auth_token_pool = json.loads(auth_token_config)
+        except ValueError as e:
+            raise ValueError("Authentication configuration could not be parsed") from e
+
+    def validate_token(self, token):
+        """Validate a token for fabrication functions"""
+        if token in self.auth_token_pool or not self.auth_token_pool:
+            return True
+
+        return False
+
+    def user_for_token(self, token):
+        return self.auth_token_pool.get(token)