rdpds/sac4cps-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ff20935fc9c67eede11bc6f7b9459f284a0ca21
sac4cps-backend/microservices/api-gateway/auth_middleware.py
rafaeldpsilva 8ff20935fc Refactor auth middleware and update service config usage 
- Remove redundant comments and docstrings in auth_middleware.py - Use
TOKEN_SERVICE_URL env variable for AuthMiddleware - Fix sensor service
proxy path in main.py - Use datetime.now() for request_stats start_time
2025-10-08 14:04:50 +01:00

83 lines
3.2 KiB
Python
Raw Blame History

"""
Authentication middleware for API Gateway
"""
import aiohttp
from fastapi import HTTPException, Request
from typing import Optional, Dict, Any
import logging
logger = logging.getLogger(__name__)
class AuthMiddleware:
def __init__(self, token_service_url: str = "http://localhost:8001"):
self.token_service_url = token_service_url
logger.info(f"Initialized AuthMiddleware with token service URL: {self.token_service_url}")
async def verify_token(self, request: Request) -> Optional[Dict[str, Any]]:
"""
Verify authentication token from request headers
Returns token payload if valid, raises HTTPException if invalid
"""
auth_header = request.headers.get("Authorization")
if not auth_header:
raise HTTPException(status_code=401, detail="Authorization header required")
if not auth_header.startswith("Bearer "):
raise HTTPException(status_code=401, detail="Bearer token required")
token = auth_header.split(" ")[1].strip() # Remove "Bearer " prefix
try:
async with aiohttp.ClientSession() as session:
async with session.post(
f"{self.token_service_url}/tokens/validate",
json={'token': token},
timeout=aiohttp.ClientTimeout(total=5)
) as response:
if response.status != 200:
raise HTTPException(status_code=401, detail="Token validation failed")
token_data = await response.json()
if not token_data.get("valid"):
error_msg = token_data.get("error", "Invalid token")
raise HTTPException(status_code=401, detail=error_msg)
return token_data.get("decoded")
except aiohttp.ClientError as e:
logger.error(f"Token service connection error: {e}")
raise HTTPException(status_code=503, detail="Authentication service unavailable")
except HTTPException:
raise
except Exception as e:
logger.error(f"Token verification error: {e}")
raise HTTPException(status_code=500, detail="Authentication error")
async def check_permissions(self, token_payload: Dict[str, Any], required_resources: list) -> bool:
"""
Check if token has required permissions for specific resources
"""
if not token_payload:
return False
token_resources = token_payload.get("list_of_resources", [])
for resource in required_resources:
if resource not in token_resources:
return False
return True
def extract_user_info(self, token_payload: Dict[str, Any]) -> Dict[str, Any]:
"""Extract user information from token payload"""
return {
"name": token_payload.get("name"),
"resources": token_payload.get("list_of_resources", []),
"data_aggregation": token_payload.get("data_aggregation", False),
"time_aggregation": token_payload.get("time_aggregation", False),
"embargo": token_payload.get("embargo", 0),
"expires_at": token_payload.get("exp")
}
Reference in New Issue View Git Blame Copy Permalink