final version

2024-06-27 18:55:08 +02:00 · 2024-06-27 18:55:08 +02:00 · ac83e32a57
commit ac83e32a57
parent dcb0728d4f
4 changed files with 55 additions and 43 deletions
--- a/app.py
+++ b/app.py
@ -7,14 +7,13 @@ app = Flask(__name__)

 idp_url = "https://id.vilanet.fr/realms/vilanet"

-server_url = "http://localhost:5002"
+client_id = "dummy-server"


-@app.route("/api")
-def api():
+def api(required_role):
    callback_url = False
    auth_error = "No user identified"
-    token_data = False
+    token_data = {}
    # is it OK to use access token to check API authorization on server side
    # it is not OK to use ID token to check API authorization on server side
    access_token = False
@ -33,22 +32,36 @@ def api():
                access_token,
                key.key,
                algorithms=["RS256"],
-                audience=server_url,
-                options={'verify_signature': False, 'verify_aud': False}
+                audience=client_id,
+                options={'verify_signature': True, 'verify_aud': True}
            )
-            # TODO verify token and check role
-            auth_error = False
+            auth_error = f'Missing required role "{required_role}"'
+            if 'resource_access' in token_data:
+                if client_id in token_data['resource_access']:
+                    if 'roles' in token_data['resource_access'][client_id]:
+                        if required_role in token_data['resource_access'][client_id]['roles']:
+                            auth_error = False
        except Exception as e:
            auth_error = e
    if 'callbackUrl' in request.args:
        callback_url = request.args['callbackUrl']
    return render_template(
-        'api.html',
+        'index.html',
        callback_url=callback_url,
        auth_error=auth_error,
        token_data=token_data
    )


+@app.route("/api/v1/service1")
+def api_service1():
+    return api("service1-invoke")
+
+
+@app.route("/api/v1/service2")
+def api_service2():
+    return api("service2-invoke")
+
+
 if __name__ == "__main__":
    app.run(host='127.0.0.1', port=5002, debug=True)
--- a/templates/api.html
+++ b/templates/api.html
@ -1,31 +0,0 @@
-{% extends "base.html" %}
-
-{% block content %}
-
-    {% if auth_error %}
-        <div class="alert alert-danger" role="alert">Not authorized: {{ auth_error }}</div>
-    {% else %}
-        {% if token_data %}
-            <table class="table table-striped">
-                <thead>
-                <th>Name</th><th>Values</th>
-                </thead>
-                <tbody>
-                {% for key in token_data %}
-                    <tr>
-                        <td>{{ key }}</td>
-                        <td>{{ token_data[key] }}</td>
-                    </tr>
-                {% endfor %}
-                </tbody>
-            </table>
-        {% else %}
-            <div class="alert alert-danger" role="alert">No data</div>
-        {% endif %}
-    {% endif %}
-
-    {% if callback_url %}
-        <a href="{{ callback_url }}" class="btn btn-dark">Back</a>
-    {% endif %}
-
-{% endblock %}
--- a/templates/base.html
+++ b/templates/base.html
@ -5,9 +5,10 @@
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

-    <title>A Python dummy server</title>
+    <title>Dummy server</title>

-    <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
+<!--    <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">-->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">

    <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
@ -18,7 +19,7 @@
  </head>
  <body>
    <div class="container">
-      <h1>A Python dummy server</h1>
+      <h1>Dummy server</h1>

      {% block content %}{% endblock %}
    </div>
--- a/templates/index.html
+++ b/templates/index.html
@ -0,0 +1,29 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+    {% if auth_error %}
+        <div class="alert alert-danger" role="alert">Not authorized: {{ auth_error }}</div>
+    {% else %}
+        <div class="alert alert-success" role="alert">Your call is authorized</div>
+    {% endif %}
+
+    <table class="table table-striped">
+        <thead>
+        <th>Name</th><th>Values</th>
+        </thead>
+        <tbody>
+        {% for key in token_data %}
+            <tr>
+                <td>{{ key }}</td>
+                <td>{{ token_data[key] }}</td>
+            </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+
+    {% if callback_url %}
+        <a href="{{ callback_url }}" class="btn btn-dark">Back</a>
+    {% endif %}
+
+{% endblock %}