Compare commits
4 Commits
master
...
jwt-experi
Author | SHA1 | Date | |
---|---|---|---|
d91cd9a3da | |||
e0f57e9de6 | |||
4731b64780 | |||
e362b1484f |
@ -10,6 +10,10 @@ ENV DB_HOST="172.16.10.18"
|
||||
ENV DB_NAME="hausverwaltung"
|
||||
ENV DB_USER="hausverwaltung-ui"
|
||||
ENV DB_PASS="test123"
|
||||
ENV JWT_ISSUER='de.hottis.hausverwaltung'
|
||||
ENV JWT_SECRET='streng_geheim'
|
||||
ENV JWT_LIFETIME_SECONDS=60
|
||||
ENV JWT_ALGORITHM='HS256'
|
||||
|
||||
|
||||
RUN \
|
||||
|
1
ENV.tmpl
1
ENV.tmpl
@ -5,3 +5,4 @@ export DB_USER="hausverwaltung-ui"
|
||||
export DB_PASS="test123"
|
||||
export DB_NAME="hausverwaltung"
|
||||
|
||||
export JWT_SECRET='streng_geheim'
|
||||
|
@ -1,6 +1,8 @@
|
||||
from dbpool import getConnection, getMany, getOne
|
||||
from auth import check_scope
|
||||
|
||||
def get_mieters():
|
||||
def get_mieters(token_info):
|
||||
check_scope(token_info, [ "mieter/read", "wohnung/read", "objekt/read" ])
|
||||
return getMany("""
|
||||
SELECT m.id as id,
|
||||
o.id as objekt,
|
||||
@ -21,7 +23,8 @@ SELECT m.id as id,
|
||||
w.id = m.wohnung
|
||||
""", [], "Mieter")
|
||||
|
||||
def get_mieter(id=None):
|
||||
def get_mieter(id, token_info):
|
||||
check_scope(token_info, [ "mieter/read", "wohnung/read", "objekt/read" ])
|
||||
return getOne("""
|
||||
SELECT m.id as id,
|
||||
o.id as objekt,
|
||||
|
@ -1,8 +1,11 @@
|
||||
from dbpool import getConnection, getMany, getOne
|
||||
from auth import check_scope
|
||||
|
||||
def get_objekte():
|
||||
def get_objekte(token_info):
|
||||
check_scope(token_info, "objekt/read")
|
||||
return getMany("SELECT id, shortname, flaeche FROM objekt", [], "Objekt")
|
||||
|
||||
def get_objekt(id=None):
|
||||
def get_objekt(id, token_info):
|
||||
check_scope(token_info, "objekt/read")
|
||||
return getOne("SELECT id, shortname, flaeche FROM objekt WHERE id = ?",
|
||||
(id,), "Objekt")
|
||||
|
11
Wohnungen.py
11
Wohnungen.py
@ -1,6 +1,9 @@
|
||||
from dbpool import getConnection, getOne, getMany
|
||||
from auth import check_scope
|
||||
|
||||
def get_wohnungen():
|
||||
|
||||
def get_wohnungen(token_info):
|
||||
check_scope(token_info, "wohnung/read")
|
||||
return getMany("""
|
||||
SELECT w.id as id,
|
||||
w.objekt as objekt,
|
||||
@ -11,7 +14,8 @@ SELECT w.id as id,
|
||||
WHERE o.id = w.objekt
|
||||
""", [], "Wohnung")
|
||||
|
||||
def get_wohnung(id=None):
|
||||
def get_wohnung(id, token_info):
|
||||
check_scope(token_info, [ "wohnung/read", "objekt/read" ])
|
||||
return getOne("""
|
||||
SELECT w.id as id,
|
||||
w.objekt as objekt,
|
||||
@ -23,7 +27,8 @@ SELECT w.id as id,
|
||||
w.id = ?
|
||||
""", (id, ), "Wohnung")
|
||||
|
||||
def get_wohnungen_by_objekt(id):
|
||||
def get_wohnungen_by_objekt(id, token_info):
|
||||
check_scope(token_info, [ "wohnung/read", "objekt/read" ])
|
||||
return getMany("""
|
||||
SELECT w.id as id,
|
||||
w.objekt as objekt,
|
||||
|
@ -2,8 +2,10 @@ from dbpool import getConnection, getOne, getMany, putOne
|
||||
import datetime
|
||||
import decimal
|
||||
import dateparser
|
||||
from auth import check_scope
|
||||
|
||||
def get_zahlungen_by_mieter(mieter_id):
|
||||
def get_zahlungen_by_mieter(mieter_id, token_info):
|
||||
check_scope(token_info, "zahlung/read")
|
||||
return getMany("""
|
||||
SELECT id,
|
||||
mieter,
|
||||
@ -28,7 +30,8 @@ SELECT id,
|
||||
""", [ id ], "Zahlung")
|
||||
|
||||
|
||||
def get_forderungen_by_mieter(mieter_id):
|
||||
def get_forderungen_by_mieter(mieter_id, token_info):
|
||||
check_scope(token_info, "forderung/read")
|
||||
return getMany("""
|
||||
SELECT id,
|
||||
mieter,
|
||||
@ -40,7 +43,8 @@ SELECT id,
|
||||
WHERE mieter = ?
|
||||
""", [ mieter_id ], "Forderung")
|
||||
|
||||
def get_forderung(id):
|
||||
def get_forderung(id, token_info):
|
||||
check_scope(token_info, "forderung/read")
|
||||
return getOne("""
|
||||
SELECT id,
|
||||
mieter,
|
||||
@ -52,7 +56,8 @@ SELECT id,
|
||||
WHERE id = ?
|
||||
""", [ id ], "Forderung")
|
||||
|
||||
def get_zahlungforderung_by_mieter_and_year(mieter_id, year):
|
||||
def get_zahlungforderung_by_mieter_and_year(mieter_id, year, token_info):
|
||||
check_scope(token_info, [ "forderung/read", "zahlung/read", "mieter/read" ])
|
||||
if year == 0:
|
||||
year = datetime.datetime.now().year
|
||||
start_date = "{}-01-01".format(year)
|
||||
@ -72,7 +77,8 @@ WHERE mieter = ? AND
|
||||
datum_soll BETWEEN ? AND ?
|
||||
""", [mieter_id, start_date, end_date], "ZahlungForderung")
|
||||
|
||||
def get_saldo_by_mieter_and_year(mieter_id, year):
|
||||
def get_saldo_by_mieter_and_year(mieter_id, year, token_info):
|
||||
check_scope(token_info, [ "forderung/read", "zahlung/read", "mieter/read" ])
|
||||
if year == 0:
|
||||
year = datetime.datetime.now().year
|
||||
start_date = "{}-01-01".format(year)
|
||||
@ -106,7 +112,8 @@ WHERE mieter = ? AND
|
||||
"zahlungen": float(sumZ)
|
||||
}
|
||||
|
||||
def put_zahlung(zahlung):
|
||||
def put_zahlung(zahlung, token_info):
|
||||
check_scope(token_info, "zahlung/write")
|
||||
print("Input of put_zahlung: {} {}".format(type(zahlung), zahlung))
|
||||
datum_soll = dateparser.parse(zahlung["datum_soll"], languages=["de"])
|
||||
datum_ist = dateparser.parse(zahlung["datum_ist"], languages=["de"])
|
||||
|
44
auth.py
Executable file
44
auth.py
Executable file
@ -0,0 +1,44 @@
|
||||
import time
|
||||
import connexion
|
||||
from werkzeug.exceptions import Unauthorized, Forbidden
|
||||
from jose import JWTError, jwt
|
||||
import os
|
||||
|
||||
JWT_SECRET = os.environ['JWT_SECRET']
|
||||
|
||||
|
||||
|
||||
def decode_token(token):
|
||||
try:
|
||||
print("DEBUG decode_token: try to decode")
|
||||
token_info = jwt.decode(token, JWT_SECRET)
|
||||
print("DEBUG decode_token: token_info: {}".format(token_info))
|
||||
return token_info
|
||||
except JWTError as e:
|
||||
print("ERROR decode_token: error when decoding token: {}".format(e))
|
||||
raise Unauthorized()
|
||||
|
||||
def check_token(token, key, value):
|
||||
if (key in token) and ((token[key] == value) or (isinstance(token[key], list) and (value in token[key]))):
|
||||
return True
|
||||
print("WARN: check_token: {} -> {} required but not granted".format(key, value))
|
||||
raise Forbidden()
|
||||
|
||||
def check_scope(token, value):
|
||||
if isinstance(value, list):
|
||||
for v in value:
|
||||
check_token(token, "x-scope", v)
|
||||
else:
|
||||
check_token(token, "x-scope", value)
|
||||
|
||||
def get_secret(user, token_info) -> str:
|
||||
return '''
|
||||
You are user_id {user} and the secret is 'wbevuec'.
|
||||
Decoded token claims: {token_info}.
|
||||
'''.format(user=user, token_info=token_info)
|
||||
|
||||
|
||||
|
||||
def _current_timestamp() -> int:
|
||||
return int(time.time())
|
||||
|
@ -3,6 +3,9 @@ info:
|
||||
title: Hausverwaltung
|
||||
version: "0.1"
|
||||
|
||||
security:
|
||||
- jwt: []
|
||||
|
||||
paths:
|
||||
/hv/objekte:
|
||||
get:
|
||||
@ -126,6 +129,9 @@ paths:
|
||||
description: No Mieter available
|
||||
500:
|
||||
description: Some server error
|
||||
security:
|
||||
- jwt: ['secret']
|
||||
|
||||
/hv/mieter/{id}:
|
||||
get:
|
||||
tags: [ "Mieter" ]
|
||||
@ -296,24 +302,43 @@ paths:
|
||||
description: Neither Forderungen nor Zahlungen available
|
||||
500:
|
||||
description: Some server error
|
||||
# /hv/zahlung:
|
||||
# post:
|
||||
# tags: [ "Zahlung" ]
|
||||
# operationId: ZahlungenForderungen.put_zahlung
|
||||
# summary: Inserts a new Zahlung
|
||||
# parameters:
|
||||
# - name: zahlung
|
||||
# in: body
|
||||
# schema:
|
||||
# $ref: '#/components/schemas/Zahlung'
|
||||
# responses:
|
||||
# 202:
|
||||
# description: Zahlung successfully inserted
|
||||
# 500:
|
||||
# description: Some server or database error
|
||||
/hv/zahlung:
|
||||
post:
|
||||
tags: [ "Zahlung" ]
|
||||
operationId: ZahlungenForderungen.put_zahlung
|
||||
summary: Inserts a new Zahlung
|
||||
requestBody:
|
||||
content:
|
||||
'application/json':
|
||||
schema:
|
||||
$ref: '#/components/schemas/Zahlung'
|
||||
responses:
|
||||
202:
|
||||
description: Zahlung successfully inserted
|
||||
500:
|
||||
description: Some server or database error
|
||||
/secret:
|
||||
get:
|
||||
tags: [ "JWT" ]
|
||||
summary: Return secret string
|
||||
operationId: auth.get_secret
|
||||
responses:
|
||||
'200':
|
||||
description: secret response
|
||||
content:
|
||||
'text/plain':
|
||||
schema:
|
||||
type: string
|
||||
|
||||
|
||||
|
||||
components:
|
||||
securitySchemes:
|
||||
jwt:
|
||||
type: http
|
||||
scheme: bearer
|
||||
bearerFormat: JWT
|
||||
x-bearerInfoFunc: auth.decode_token
|
||||
schemas:
|
||||
Objekt:
|
||||
description: Objekt type
|
4
run.sh
4
run.sh
@ -15,4 +15,8 @@ docker run \
|
||||
-e DB_USER=$DB_USER \
|
||||
-e DB_PASS=$DB_PASS \
|
||||
-e DB_NAME=$DB_NAME \
|
||||
-e JWT_ISSUER=$JWT_ISSUER \
|
||||
-e JWT_SECRET=$JWT_SECRET \
|
||||
-e JWT_LIFETIME_SECONDS=$JWT_LIFETIME_SECONDS \
|
||||
-e JWT_ALGORITHM=$JWT_ALGORITHM
|
||||
${IMAGE_NAME}:${VERSION}
|
||||
|
Loading…
x
Reference in New Issue
Block a user