Add route based authorisation for services

inventory_provider/__init__.py

@@ -3,7 +3,7 @@ automatically invoked app factory
 """
 import logging
 import os
-from flask import Flask
+from flask import g, Flask, request, jsonify
 from flask_cors import CORS
 
 from inventory_provider import environment
@@ -54,7 +54,24 @@ def create_app(setup_logging=True):
     @auth.login_required
     def secure_before_request():
         """Enforces authentication for all routes"""
-        pass
+        client = g.get("auth_service")
+
+        if not client:
+            # This allows clients to access any resource without providing an API key
+            # TODO: Only for testing, should be removed in Production
+            return
+            # return jsonify({"error": "Unauthorized"}), 403
+
+        CLIENT_PERMISSIONS = {
+            "serviceA": ["msr"],
+            "serviceB": ["testing"],
+        }
+
+        allowed_routes = CLIENT_PERMISSIONS.get(client, [])
+        route = request.path.strip("/").split("/")[0]
+
+        if route not in allowed_routes:
+            return jsonify({"error": "Forbidden"}), 403
 
     # IMS based routes
 

inventory_provider/auth.py

-from flask import Blueprint, current_app
+from flask import Blueprint, current_app, g
 from flask_httpauth import HTTPTokenAuth
 
 auth = HTTPTokenAuth(scheme="ApiKey")
@@ -12,6 +12,7 @@ def verify_api_key(api_key):
 
     for service, details in config['api-keys'].items():
         if details.get('api-key') == api_key:
+            g.auth_service = service
             return service
     return None