Add optional token based authentication

158a3313 · Adeel Ahmad · fedb7e54 · 158a3313 · 158a3313 · 158a3313
Unverified Commit 158a3313 authored 1 month ago by Adeel Ahmad
--- a/.gitignore
+++ b/.gitignore
@@ -10,5 +10,6 @@ coverage.xml
 htmlcov
 dist
 venv
+.venv
 .vscode
 docs/build
--- a/docs/source/configuration.rst
+++ b/docs/source/configuration.rst
@@ -54,7 +54,7 @@ This module has been tested in the following execution environments:
  .. code-block:: bash

     $ export FLASK_APP=app.py
-     $ export SETTINGS_FILENAME=settings.cfg
+     $ export FLASK_SETTINGS_FILENAME=settings.cfg
     $ flask run

 * As an Apache/`mod_wsgi` service.

--- a/inventory_provider/__init__.py
+++ b/inventory_provider/__init__.py
@@ -7,6 +7,7 @@ from flask import Flask
 from flask_cors import CORS

 from inventory_provider import environment
+from inventory_provider.auth import auth


 def create_app(setup_logging=True):
@@ -48,6 +49,13 @@ def create_app(setup_logging=True):

    app.config['INVENTORY_PROVIDER_CONFIG'] = inventory_provider_config

+    # Apply authentication globally to all routes
+    @app.before_request
+    @auth.login_required
+    def secure_before_request():
+        """Enforces authentication for all routes"""
+        pass
+
    # IMS based routes

    from inventory_provider.routes import lg

--- a/inventory_provider/auth.py
+++ b/inventory_provider/auth.py
+from flask import Blueprint, current_app
+from flask_httpauth import HTTPTokenAuth
+
+auth = HTTPTokenAuth(scheme="ApiKey")
+
+@auth.verify_token
+def verify_api_key(api_key):
+    config = current_app.config["INVENTORY_PROVIDER_CONFIG"]
+    # This is to enable anonymous access for testing.
+    if not api_key:
+        return "test"
+
+    for service, details in config['api-keys'].items():
+        if details.get('api-key') == api_key:
+            return service
+    return None
+
--- a/inventory_provider/config.py
+++ b/inventory_provider/config.py
@@ -10,6 +10,24 @@ CONFIG_SCHEMA = {
            'maximum': 60,  # sanity
            'exclusiveMinimum': 0
        },
+        "api-keys-credentials": {
+            "type": "object",
+            "patternProperties": {
+                "^[a-zA-Z0-9-_]+$": {
+                    "type": "object",
+                    "properties": {
+                        "api-key": {
+                            "type": "string",
+                            # "minLength": 32,
+                            # "description": "API key (Base64, UUID, or Hexadecimal format)"
+                        }
+                    },
+                    "required": ["api-key"],
+                    "additionalProperties": False
+                }
+            },
+            "additionalProperties": False
+        },
        'ssh-credentials': {
            'type': 'object',
            'properties': {
@@ -235,6 +253,7 @@ CONFIG_SCHEMA = {

    'type': 'object',
    'properties': {
+        'api-keys': {'$ref': '#/definitions/api-keys-credentials'},
        'ssh': {'$ref': '#/definitions/ssh-credentials'},
        'nokia-ssh': {'$ref': '#/definitions/nokia-ssh-credentials'},
        'redis': {'$ref': '#/definitions/redis-credentials'},

--- a/requirements.txt
+++ b/requirements.txt
@@ -16,6 +16,7 @@ lxml==4.9.4
 requests
 netifaces
 tree-format
+Flask-HTTPAuth

 pytest
 pytest-mock