From 8e6f4ee3a95fbb6d4c5ae9b0a698c5fa3ea73cf4 Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Sun, 15 May 2022 13:28:06 -0500 Subject: graphql: T3993: use existing key auth from REST framework --- src/services/api/graphql/graphql/mutations.py | 10 ++++++++++ src/services/api/graphql/graphql/queries.py | 10 ++++++++++ .../api/graphql/graphql/schema/config_file.graphql | 2 ++ .../api/graphql/graphql/schema/dhcp_server.graphql | 1 + .../api/graphql/graphql/schema/firewall_group.graphql | 6 ++++++ src/services/api/graphql/graphql/schema/image.graphql | 2 ++ .../graphql/graphql/schema/interface_ethernet.graphql | 1 + src/services/api/graphql/graphql/schema/show.graphql | 1 + .../api/graphql/graphql/schema/show_config.graphql | 1 + src/services/api/graphql/key_auth.py | 18 ++++++++++++++++++ 10 files changed, 52 insertions(+) create mode 100644 src/services/api/graphql/key_auth.py (limited to 'src') diff --git a/src/services/api/graphql/graphql/mutations.py b/src/services/api/graphql/graphql/mutations.py index 0c3eb702a..93e046319 100644 --- a/src/services/api/graphql/graphql/mutations.py +++ b/src/services/api/graphql/graphql/mutations.py @@ -20,6 +20,7 @@ from graphql import GraphQLResolveInfo from makefun import with_signature from .. import state +from .. import key_auth from api.graphql.recipes.session import Session mutation = ObjectType("Mutation") @@ -53,6 +54,15 @@ def make_mutation_resolver(mutation_name, class_name, session_func): } data = kwargs['data'] + key = data['key'] + + auth = key_auth.auth_required(key) + if auth is None: + return { + "success": False, + "errors": ['invalid API key'] + } + session = state.settings['app'].state.vyos_session # one may override the session functions with a local subclass diff --git a/src/services/api/graphql/graphql/queries.py b/src/services/api/graphql/graphql/queries.py index e1868091e..ed94e4338 100644 --- a/src/services/api/graphql/graphql/queries.py +++ b/src/services/api/graphql/graphql/queries.py @@ -20,6 +20,7 @@ from graphql import GraphQLResolveInfo from makefun import with_signature from .. import state +from .. import key_auth from api.graphql.recipes.session import Session query = ObjectType("Query") @@ -53,6 +54,15 @@ def make_query_resolver(query_name, class_name, session_func): } data = kwargs['data'] + key = data['key'] + + auth = key_auth.auth_required(key) + if auth is None: + return { + "success": False, + "errors": ['invalid API key'] + } + session = state.settings['app'].state.vyos_session # one may override the session functions with a local subclass diff --git a/src/services/api/graphql/graphql/schema/config_file.graphql b/src/services/api/graphql/graphql/schema/config_file.graphql index 31ab26b9e..a7263114b 100644 --- a/src/services/api/graphql/graphql/schema/config_file.graphql +++ b/src/services/api/graphql/graphql/schema/config_file.graphql @@ -1,4 +1,5 @@ input SaveConfigFileInput { + key: String! fileName: String } @@ -13,6 +14,7 @@ type SaveConfigFileResult { } input LoadConfigFileInput { + key: String! fileName: String! } diff --git a/src/services/api/graphql/graphql/schema/dhcp_server.graphql b/src/services/api/graphql/graphql/schema/dhcp_server.graphql index 25f091bfa..345c349ac 100644 --- a/src/services/api/graphql/graphql/schema/dhcp_server.graphql +++ b/src/services/api/graphql/graphql/schema/dhcp_server.graphql @@ -1,4 +1,5 @@ input DhcpServerConfigInput { + key: String! sharedNetworkName: String subnet: String defaultRouter: String diff --git a/src/services/api/graphql/graphql/schema/firewall_group.graphql b/src/services/api/graphql/graphql/schema/firewall_group.graphql index d89904b9e..9454d2997 100644 --- a/src/services/api/graphql/graphql/schema/firewall_group.graphql +++ b/src/services/api/graphql/graphql/schema/firewall_group.graphql @@ -1,4 +1,5 @@ input CreateFirewallAddressGroupInput { + key: String! name: String! address: [String] } @@ -15,6 +16,7 @@ type CreateFirewallAddressGroupResult { } input UpdateFirewallAddressGroupMembersInput { + key: String! name: String! address: [String!]! } @@ -31,6 +33,7 @@ type UpdateFirewallAddressGroupMembersResult { } input RemoveFirewallAddressGroupMembersInput { + key: String! name: String! address: [String!]! } @@ -47,6 +50,7 @@ type RemoveFirewallAddressGroupMembersResult { } input CreateFirewallAddressIpv6GroupInput { + key: String! name: String! address: [String] } @@ -63,6 +67,7 @@ type CreateFirewallAddressIpv6GroupResult { } input UpdateFirewallAddressIpv6GroupMembersInput { + key: String! name: String! address: [String!]! } @@ -79,6 +84,7 @@ type UpdateFirewallAddressIpv6GroupMembersResult { } input RemoveFirewallAddressIpv6GroupMembersInput { + key: String! name: String! address: [String!]! } diff --git a/src/services/api/graphql/graphql/schema/image.graphql b/src/services/api/graphql/graphql/schema/image.graphql index 7d1b4f9d0..485033875 100644 --- a/src/services/api/graphql/graphql/schema/image.graphql +++ b/src/services/api/graphql/graphql/schema/image.graphql @@ -1,4 +1,5 @@ input AddSystemImageInput { + key: String! location: String! } @@ -14,6 +15,7 @@ type AddSystemImageResult { } input DeleteSystemImageInput { + key: String! name: String! } diff --git a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql index 32438b315..8a17d919f 100644 --- a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql +++ b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql @@ -1,4 +1,5 @@ input InterfaceEthernetConfigInput { + key: String! interface: String address: String replace: Boolean = true diff --git a/src/services/api/graphql/graphql/schema/show.graphql b/src/services/api/graphql/graphql/schema/show.graphql index c7709e48b..278ed536b 100644 --- a/src/services/api/graphql/graphql/schema/show.graphql +++ b/src/services/api/graphql/graphql/schema/show.graphql @@ -1,4 +1,5 @@ input ShowInput { + key: String! path: [String!]! } diff --git a/src/services/api/graphql/graphql/schema/show_config.graphql b/src/services/api/graphql/graphql/schema/show_config.graphql index 34afd2aa9..fd54036a4 100644 --- a/src/services/api/graphql/graphql/schema/show_config.graphql +++ b/src/services/api/graphql/graphql/schema/show_config.graphql @@ -5,6 +5,7 @@ JSON-serialize in case of JSON output. scalar Generic input ShowConfigInput { + key: String! path: [String!]! configFormat: String } diff --git a/src/services/api/graphql/key_auth.py b/src/services/api/graphql/key_auth.py new file mode 100644 index 000000000..f756ed6d8 --- /dev/null +++ b/src/services/api/graphql/key_auth.py @@ -0,0 +1,18 @@ + +from . import state + +def check_auth(key_list, key): + if not key_list: + return None + key_id = None + for k in key_list: + if k['key'] == key: + key_id = k['id'] + return key_id + +def auth_required(key): + api_keys = None + api_keys = state.settings['app'].state.vyos_keys + key_id = check_auth(api_keys, key) + state.settings['app'].state.vyos_id = key_id + return key_id -- cgit v1.2.3