T4758: Fix conflicts op-mode-standardized

author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-11-02 14:55:27 +0200
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-11-02 12:59:57 +0000
commit: 46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7 (patch)
tree: 852b802c592919fec3fe66c14dd2f4aaaf8fd7ed /src/services/api/graphql/libs/token_auth.py
parent: 738641a6c66d22c09b8c028ee3d8a90527d9701f (diff)
parent: f2ec92a78c4ee2a35e7d071387460fc6ce360740 (diff)
download: vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.tar.gz
vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/src/services/api/graphql/libs/token_auth.py b/src/services/api/graphql/libs/token_auth.py
new file mode 100644
index 000000000..3ecd8b855
--- /dev/null
+++ b/src/services/api/graphql/libs/token_auth.py
@@ -0,0 +1,68 @@
+import jwt
+import uuid
+import pam
+from secrets import token_hex
+
+from .. import state
+
+def _check_passwd_pam(username: str, passwd: str) -> bool:
+    if pam.authenticate(username, passwd):
+        return True
+    return False
+
+def init_secret():
+    length = int(state.settings['app'].state.vyos_secret_len)
+    secret = token_hex(length)
+    state.settings['secret'] = secret
+
+def generate_token(user: str, passwd: str, secret: str, exp: int) -> dict:
+    if user is None or passwd is None:
+        return {}
+    if _check_passwd_pam(user, passwd):
+        app = state.settings['app']
+        try:
+            users = app.state.vyos_token_users
+        except AttributeError:
+            app.state.vyos_token_users = {}
+            users = app.state.vyos_token_users
+        user_id = uuid.uuid1().hex
+        payload_data = {'iss': user, 'sub': user_id, 'exp': exp}
+        secret = state.settings.get('secret')
+        if secret is None:
+            return {
+                    "success": False,
+                    "errors": ['failed secret generation']
+                   }
+        token = jwt.encode(payload=payload_data, key=secret, algorithm="HS256")
+
+        users |= {user_id: user}
+        return {'token': token}
+
+def get_user_context(request):
+    context = {}
+    context['request'] = request
+    context['user'] = None
+    if 'Authorization' in request.headers:
+        auth = request.headers['Authorization']
+        scheme, token = auth.split()
+        if scheme.lower() != 'bearer':
+            return context
+
+        try:
+            secret = state.settings.get('secret')
+            payload = jwt.decode(token, secret, algorithms=["HS256"])
+            user_id: str = payload.get('sub')
+            if user_id is None:
+                return context
+        except jwt.PyJWTError:
+            return context
+        try:
+            users = state.settings['app'].state.vyos_token_users
+        except AttributeError:
+            return context
+
+        user = users.get(user_id)
+        if user is not None:
+            context['user'] = user
+
+    return context
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-11-02 14:55:27 +0200
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-11-02 12:59:57 +0000
commit	46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7 (patch)
tree	852b802c592919fec3fe66c14dd2f4aaaf8fd7ed /src/services/api/graphql/libs/token_auth.py
parent	738641a6c66d22c09b8c028ee3d8a90527d9701f (diff)
parent	f2ec92a78c4ee2a35e7d071387460fc6ce360740 (diff)
download	vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.tar.gz vyos-1x-46eda54c88ae96ed1f4aaa9ce56c505ed837f3d7.zip