Compare commits

..

No commits in common. "99668e2a33f9188dd2284424ad1c8ee7b261e98f" and "63a9485209ec291402337ea0aa7d089960ffc78f" have entirely different histories.

3 changed files with 6 additions and 39 deletions

View file

@ -26,10 +26,8 @@ THe following table lists all available configuration parameters:
| `--base-url` | `DOORIS_BASE_URL` | Yes | *None* |
| `--serve-static` | `DOORIS_SERVE_STATIC` | No | *None* |
| `--ccujack-url` | `DOORIS_CCUJACK_URL` | No | `https://hmdooris-ccu.ccchh.net:2122` |
| `--ccujack-mqtt` | `DOORIS_CCUJACK_MQTT` | No | `hmdooris-ccu.ccchh.net:1883` |
| `--ccujack-user` | `DOORIS_CCUJACK_USER` | Yes | *None* |
| `--ccujack-password` | `DOORIS_CCUJACK_PASSWORD` | Yes | *None* |
| `--static-api-tokens` | `DOORIS_STATIC_API_TOKENS` | No | *None* |
## API Development

View file

@ -78,10 +78,9 @@ def main():
required=False,
nargs=1,
action="append",
default=[i for i in os.environ.get("DOORIS_STATIC_API_TOKENS", "").split(",") if bool(i)],
default=[],
)
args = argp.parse_args()
print(args.static_api_tokens)
# setup logging
logging.basicConfig(

View file

@ -1,12 +1,11 @@
from typing import Annotated, Optional
from typing import Annotated, Optional, Tuple
import logging
from datetime import datetime, UTC, timedelta
from fastapi import Request, Depends, Response, Header
from fastapi.security import APIKeyHeader
from fastapi import Request, Depends, Response
from simple_openid_connect.data import TokenSuccessResponse
from simple_openid_connect.client import OpenidClient
from simple_openid_connect.exceptions import ValidationError
from dooris_api import app_config
from dooris_api import models, exceptions
from dooris_api.ccujack import CCUJackClient
@ -14,9 +13,6 @@ from dooris_api.ccujack import CCUJackClient
logger = logging.getLogger(__name__)
api_key_security_scheme = APIKeyHeader(name="Authorization", scheme_name="Static-Token", auto_error=False)
async def get_oidc_client(req: Request) -> OpenidClient:
return req.app.extra["oidc_client"]
@ -133,39 +129,13 @@ def clear_oidc_auth_state(resp: Response):
resp.set_cookie("auth_start_time", "", max_age=0)
def get_logged_in_token_user(req: Request, token: Optional[str]):
if not token or not token.startswith("Static-Token "):
logger.debug("No valid API-Token was provided")
return None
token = token.removeprefix("Static-Token ")
valid_tokens = app_config.get().static_api_tokens
if any((i == token for i in valid_tokens)):
logger.debug("Successfully authenticated a static API-Token")
return models.ApiUser(
is_anonymous=False,
is_ccchh_user=False,
is_token_user=True,
may_operate_locks=True,
username="static-token",
guaranteed_session_until=None,
raw_id_token=None,
)
return None
async def get_api_user(
req: Request, resp: Response, oidc_client: OpenidClient, token: Annotated[Optional[str], Depends(api_key_security_scheme)] = None
req: Request, resp: Response, oidc_client: OpenidClient
) -> models.ApiUser:
oidc_user = await get_logged_in_oidc_user(req, resp, oidc_client)
token_user = get_logged_in_token_user(req, token)
# TODO: Implement API user based on static tokens
if oidc_user is not None:
return oidc_user
elif token_user is not None:
return token_user
else:
return models.ApiUser(
is_anonymous=True,