def _decorator(request, *args, **kwargs):
need_auth = AuthApi.need_auth(AUTH_TYPES['SSO'])
available_groups = []
if need_auth:
access_token = request.META.get('HTTP_ACCESS_TOKEN', 'unknown')
valid, username, available_groups = AuthApi.verify_token(
access_token)
if not valid:
return render_json_response(401, 'app', None,
"unauthorized : don't have the access to the operation", reverse('api_docs'))
else:
AuthApi.operater = username
request.META['LAIN_AUTH_TYPE'] = AUTH_TYPES['SSO']
request.META['SSO_GROUPS'] = available_groups
else:
AuthApi.operater = "unknown"
request.META['LAIN_AUTH_TYPE'] = None
if permission == permissions['MAINTAIN']:
appname = args[0]
if not AppApi.check_app_exist(appname):
return render_json_response(404, 'app', None,
'app with appname %s not exist, has not been reposited yet' % appname, reverse('api_repos'))
if need_auth and not AuthApi.verify_app_access(available_groups, appname):
return render_json_response(403, 'maintainer', None,
"forbidden : don't have the access to app %s" % appname, reverse('api_docs'))
return fun(request, *args, **kwargs)
def _decorator(request, *args, **kwargs):
need_auth = AuthApi.need_auth(AUTH_TYPES['SSO'])
available_groups = []
if need_auth:
access_token = request.META.get('HTTP_ACCESS_TOKEN', 'unknown')
valid, username, available_groups = AuthApi.verify_token(access_token)
if not valid:
return render_json_response(401, 'app', None,
"unauthorized : don't have the access to the operation", reverse('api_docs'))
else:
AuthApi.operater = username
request.META['LAIN_AUTH_TYPE'] = AUTH_TYPES['SSO']
request.META['SSO_GROUPS'] = available_groups
else:
AuthApi.operater = "unknown"
request.META['LAIN_AUTH_TYPE'] = None
if permission == permissions['MAINTAIN']:
appname = args[0]
if not AppApi.check_app_exist(appname):
return render_json_response(404, 'app', None,
'app with appname %s not exist, has not been reposited yet' % appname, reverse('api_repos'))
if need_auth and not AuthApi.verify_app_access(available_groups, appname):
return render_json_response(403, 'maintainer', None,
"forbidden : don't have the access to app %s" % appname, reverse('api_docs'))
return fun(request, *args, **kwargs)
def api_authorize(request):
try:
code = request.GET['code']
except Exception:
return render_json_response(400, 'auth', None, 'invalid request: should be json body with sso code(string)', reverse('api_docs'))
else:
success, token_json = AuthApi.get_sso_access_token(code)
if not success:
return render_json_response(401, 'auth', None, "unauthorized : don't have the access to console", reverse('api_docs'))
else:
return AuthApi.redirect_to_ui(token_json)
def api_authorize(request):
try:
code = request.GET['code']
except Exception:
return render_json_response(400, 'auth', None, 'invalid request: should be json body with sso code(string)', reverse('api_docs'))
else:
success, token_json = AuthApi.get_sso_access_token(code)
if not success:
return render_json_response(401, 'auth', None, "unauthorized : don't have the access to console", reverse('api_docs'))
else:
return AuthApi.redirect_to_ui(token_json)
def api_maintainer(request, appname, username):
if not AuthApi.need_auth(AUTH_TYPES['SSO']):
return render_json_response(
403, 'maintainer', None,
'maintainer service not provided, try to open console auth first',
reverse('api_docs'))
return api_maintainer_high_permit(request, appname, username)
def api_authorize_status(request):
if request.method == 'GET':
auth_status = AuthApi.get_auth_status(AUTH_TYPES['SSO'])
return render_json_response(200, 'auth', auth_status,
'get auth status success',
reverse("api_authorize_status"))
else:
return _invalid_request_method('auth', request.method)
def api_authorize_registry(request):
success, result = AuthApi.authorize_registry(request)
if success:
return JsonResponse({'token': result}, status=200)
else:
return HttpResponse(result, content_type="text/plain", status=401)
def api_authorize_status(request):
if request.method == 'GET':
auth_status = AuthApi.get_auth_status(AUTH_TYPES['SSO'])
return render_json_response(200, 'auth', auth_status, 'get auth status success', reverse("api_authorize_status"))
else:
return _invalid_request_method('auth', request.method)
def api_maintainer(request, appname, username):
if not AuthApi.need_auth(AUTH_TYPES['SSO']):
return render_json_response(403, 'maintainer', None, 'maintainer service not provided, try to open console auth first', reverse('api_docs'))
return api_maintainer_high_permit(request, appname, username)
def api_authorize_registry(request):
success, result = AuthApi.authorize_registry(request)
if success:
return JsonResponse({'token': result}, status=200)
else:
return HttpResponse(result, content_type="text/plain", status=401)