diff --git a/README.md b/README.md index 7cf569f..f83e55d 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,8 @@ THe following table lists all available configuration parameters: | `--base-url` | `DOORIS_BASE_URL` | Yes | *None* | | `--serve-static` | `DOORIS_SERVE_STATIC` | No | *None* | | `--ccujack-url` | `DOORIS_CCUJACK_URL` | No | `https://hmdooris-ccu.ccchh.net:2122` | -| `--ccujack-mqtt` | `DOORIS_CCUJACK_MQTT` | No | `hmdooris-ccu.ccchh.net:1883` | | `--ccujack-user` | `DOORIS_CCUJACK_USER` | Yes | *None* | | `--ccujack-password` | `DOORIS_CCUJACK_PASSWORD` | Yes | *None* | -| `--static-api-tokens` | `DOORIS_STATIC_API_TOKENS` | No | *None* | ## API Development diff --git a/api/src/dooris_api/__init__.py b/api/src/dooris_api/__init__.py index cdf4d67..618ce97 100644 --- a/api/src/dooris_api/__init__.py +++ b/api/src/dooris_api/__init__.py @@ -78,10 +78,9 @@ def main(): required=False, nargs=1, action="append", - default=[i for i in os.environ.get("DOORIS_STATIC_API_TOKENS", "").split(",") if bool(i)], + default=[], ) args = argp.parse_args() - print(args.static_api_tokens) # setup logging logging.basicConfig( diff --git a/api/src/dooris_api/deps.py b/api/src/dooris_api/deps.py index b82ae05..c611b5d 100644 --- a/api/src/dooris_api/deps.py +++ b/api/src/dooris_api/deps.py @@ -1,12 +1,11 @@ -from typing import Annotated, Optional +from typing import Annotated, Optional, Tuple import logging from datetime import datetime, UTC, timedelta -from fastapi import Request, Depends, Response, Header -from fastapi.security import APIKeyHeader +from fastapi import Request, Depends, Response from simple_openid_connect.data import TokenSuccessResponse from simple_openid_connect.client import OpenidClient +from simple_openid_connect.exceptions import ValidationError -from dooris_api import app_config from dooris_api import models, exceptions from dooris_api.ccujack import CCUJackClient @@ -14,9 +13,6 @@ from dooris_api.ccujack import CCUJackClient logger = logging.getLogger(__name__) -api_key_security_scheme = APIKeyHeader(name="Authorization", scheme_name="Static-Token", auto_error=False) - - async def get_oidc_client(req: Request) -> OpenidClient: return req.app.extra["oidc_client"] @@ -133,39 +129,13 @@ def clear_oidc_auth_state(resp: Response): resp.set_cookie("auth_start_time", "", max_age=0) -def get_logged_in_token_user(req: Request, token: Optional[str]): - if not token or not token.startswith("Static-Token "): - logger.debug("No valid API-Token was provided") - return None - - token = token.removeprefix("Static-Token ") - valid_tokens = app_config.get().static_api_tokens - - if any((i == token for i in valid_tokens)): - logger.debug("Successfully authenticated a static API-Token") - return models.ApiUser( - is_anonymous=False, - is_ccchh_user=False, - is_token_user=True, - may_operate_locks=True, - username="static-token", - guaranteed_session_until=None, - raw_id_token=None, - ) - - return None - - async def get_api_user( - req: Request, resp: Response, oidc_client: OpenidClient, token: Annotated[Optional[str], Depends(api_key_security_scheme)] = None + req: Request, resp: Response, oidc_client: OpenidClient ) -> models.ApiUser: oidc_user = await get_logged_in_oidc_user(req, resp, oidc_client) - token_user = get_logged_in_token_user(req, token) - + # TODO: Implement API user based on static tokens if oidc_user is not None: return oidc_user - elif token_user is not None: - return token_user else: return models.ApiUser( is_anonymous=True,