async def get_auth_token(Authorization: str = Header(...)): if Authorization == "": raise HTTPException(status_code=400, detail="Authorization Token Required")
async def list_services( # pylint: disable=too-many-arguments user_id: PositiveInt, details: Optional[bool] = True, director_client: DirectorApi = Depends(get_director_api), groups_repository: GroupsRepository = Depends( get_repository(GroupsRepository)), services_repo: ServicesRepository = Depends( get_repository(ServicesRepository)), x_simcore_products_name: str = Header(...), ): # get user groups user_groups = await groups_repository.list_user_groups(user_id) if not user_groups: # deny access raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You have unsufficient rights to access the services", ) # now get the executable services executable_services: Set[Tuple[str, str]] = { (service.key, service.version) for service in await services_repo.list_services( gids=[group.gid for group in user_groups], execute_access=True, product_name=x_simcore_products_name, ) } # get the writable services _services = await services_repo.list_services( gids=[group.gid for group in user_groups], write_access=True, product_name=x_simcore_products_name, ) writable_services: Set[Tuple[str, str]] = {(service.key, service.version) for service in _services} visible_services = executable_services | writable_services if not details: # only return a stripped down version services = [ ServiceOut( key=key, version=version, name="nodetails", description="nodetails", type=ServiceType.COMPUTATIONAL, authors=[{ "name": "nodetails", "email": "*****@*****.**" }], contact="*****@*****.**", inputs={}, outputs={}, ) for key, version in visible_services ] return services # get the services from the registry and filter them out frontend_services = [ s.dict(by_alias=True) for s in get_frontend_services() ] registry_services = await director_client.get("/services") data = frontend_services + registry_services services: List[ServiceOut] = [] for x in data: try: service = ServiceOut.parse_obj(x) if not (service.key, service.version) in visible_services: # no access to that service continue # we have write access for that service, fill in the service rights access_rights: List[ ServiceAccessRightsAtDB] = await services_repo.get_service_access_rights( service.key, service.version, product_name=x_simcore_products_name) service.access_rights = { rights.gid: rights for rights in access_rights } # access is allowed, override some of the values with what is in the db service_in_db: Optional[ ServiceMetaDataAtDB] = await services_repo.get_service( service.key, service.version) if not service_in_db: logger.error( "The service %s:%s is not in the database", service.key, service.version, ) continue service = service.copy(update=service_in_db.dict( exclude_unset=True, exclude={"owner"})) # the owner shall be converted to an email address if service_in_db.owner: service.owner = await groups_repository.get_user_email_from_gid( service_in_db.owner) services.append(service) # services = parse_obj_as(List[ServiceOut], data) this does not work since if one service has an issue it fails except ValidationError as exc: logger.warning( "skip service %s:%s that has invalid fields\n%s", x["key"], x["version"], exc, ) return services
def stream(filename: Optional[str] = '', folder: Optional[str] = '', id: Optional[str] = None, range: str = Header('bytes=0-')): try: def iterfile(file, chunk_size, start, size): bytes_read = 0 file.seek(start) while bytes_read < size: bytes_to_read = min(chunk_size, size - bytes_read) yield file.read(bytes_to_read) bytes_read += bytes_to_read if id: media = Media.objects.get(id=id) else: media = Media.objects.get(folder=folder, filename=filename) if not media.file: raise DoesNotExist start_byte = int(range.split('=')[-1].split('-')[0]) chunk_size = FileSettings.MAX_STREAM_CHUNK_SIZE size = media.file.length if start_byte + chunk_size > size: chunk_size = size - 1 - start_byte return StreamingResponse( content=iterfile( #media.file.read(), media.file, chunk_size, start_byte, size ), status_code=206, headers={ 'Accept-Ranges': 'bytes', 'Content-Range': f'bytes {start_byte}-{start_byte+chunk_size}/{size - 1}', 'Content-Type': media.file.content_type, 'Content-Disposition': f'inline; filename="{media.filename.rsplit(".", 1)[0]}"' }, media_type=media.file.content_type ) except DoesNotExist: raise NotFoundError().http_exception except SchemaValidationError: raise SchemaValidationError().http_exception except Exception as e: raise e
async def verify_key(x_key: str = Header(...)): if x_key != "fake-super-secret-key": raise HTTPException(status_code=400, detail="X-Key header invalid") return x_key
async def get_service( # pylint: disable=too-many-arguments user_id: int, service_key: constr(regex=KEY_RE), service_version: constr(regex=VERSION_RE), director_client: DirectorApi = Depends(get_director_api), groups_repository: GroupsRepository = Depends( get_repository(GroupsRepository)), services_repo: ServicesRepository = Depends( get_repository(ServicesRepository)), x_simcore_products_name: str = Header(None), ): # check the service exists services_in_registry = await director_client.get( f"/services/{urllib.parse.quote_plus(service_key)}/{service_version}") service = ServiceOut.parse_obj(services_in_registry[0]) # the director client already raises an exception if not found # get the user groups user_groups = await groups_repository.list_user_groups(user_id) if not user_groups: # deny access raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You have unsufficient rights to access the service", ) # check the user has access to this service and to which extent service_in_db = await services_repo.get_service( service_key, service_version, gids=[group.gid for group in user_groups], write_access=True, product_name=x_simcore_products_name, ) if service_in_db: # we have full access, let's add the access to the output service_access_rights: List[ ServiceAccessRightsAtDB] = await services_repo.get_service_access_rights( service.key, service.version, product_name=x_simcore_products_name) service.access_rights = { rights.gid: rights for rights in service_access_rights } else: # check if we have executable rights service_in_db = await services_repo.get_service( service_key, service_version, gids=[group.gid for group in user_groups], execute_access=True, product_name=x_simcore_products_name, ) if not service_in_db: # we have no access here raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You have insufficient rights to access the service", ) # access is allowed, override some of the values with what is in the db service = service.copy( update=service_in_db.dict(exclude_unset=True, exclude={"owner"})) # the owner shall be converted to an email address if service_in_db.owner: service.owner = await groups_repository.get_user_email_from_gid( service_in_db.owner) return service
async def get_user(user_id: int, db_session: Session = Depends(get_db_session), content_type: Optional[str] = Header(None), user_agent: Optional[str] = Header(None), host: Optional[str] = Header(None)): return db_session.query(User).get(user_id)
async def user_logout(x_token: List[str] = Header(None)) -> Any: print(x_token) # TODO 这里配置一个销毁方法,暂时把token放到临时表中,如果下次有这个token登录则阻拦 return {'code': 20000, 'message': '退出成功!'}
def ingest_feature_set( project: str, name: str, reference: str, ingest_parameters: Optional[ schemas.FeatureSetIngestInput ] = schemas.FeatureSetIngestInput(), username: str = Header(None, alias="x-remote-user"), auth_verifier: deps.AuthVerifierDep = Depends(deps.AuthVerifierDep), db_session: Session = Depends(deps.get_db_session), ): mlrun.api.utils.clients.opa.Client().query_project_resource_permissions( mlrun.api.schemas.AuthorizationResourceTypes.feature_set, project, name, mlrun.api.schemas.AuthorizationAction.update, auth_verifier.auth_info, ) mlrun.api.utils.clients.opa.Client().query_project_resource_permissions( mlrun.api.schemas.AuthorizationResourceTypes.run, project, "", mlrun.api.schemas.AuthorizationAction.create, auth_verifier.auth_info, ) data_source = data_targets = None if ingest_parameters.source: data_source = DataSource.from_dict(ingest_parameters.source.dict()) if data_source.schedule: mlrun.api.utils.clients.opa.Client().query_project_resource_permissions( mlrun.api.schemas.AuthorizationResourceTypes.schedule, project, "", mlrun.api.schemas.AuthorizationAction.create, auth_verifier.auth_info, ) tag, uid = parse_reference(reference) feature_set_record = mlrun.api.crud.FeatureStore().get_feature_set( db_session, project, name, tag, uid ) feature_set = mlrun.feature_store.FeatureSet.from_dict(feature_set_record.dict()) if feature_set.spec.function and feature_set.spec.function.function_object: function = feature_set.spec.function.function_object mlrun.api.utils.clients.opa.Client().query_project_resource_permissions( mlrun.api.schemas.AuthorizationResourceTypes.function, function.metadata.project, function.metadata.name, mlrun.api.schemas.AuthorizationAction.read, auth_verifier.auth_info, ) # Need to override the default rundb since we're in the server. feature_set._override_run_db(db_session) if ingest_parameters.targets: data_targets = [ DataTargetBase.from_dict(data_target.dict()) for data_target in ingest_parameters.targets ] run_config = RunConfig(owner=username) # Try to deduce whether the ingest job will need v3io mount, by analyzing the paths to the source and # targets. If it needs it, apply v3io mount to the run_config. Note that the access-key and username are # user-context parameters, we cannot use the api context. if _has_v3io_path(data_source, data_targets, feature_set): access_key = auth_verifier.auth_info.data_session if not access_key or not username: log_and_raise( HTTPStatus.BAD_REQUEST.value, reason="Request needs v3io access key and username in header", ) run_config = run_config.apply(v3io_cred(access_key=access_key, user=username)) infer_options = ingest_parameters.infer_options or InferOptions.default() run_params = ingest( feature_set, data_source, data_targets, infer_options=infer_options, return_df=False, run_config=run_config, ) # ingest may modify the feature-set contents, so returning the updated feature-set. result_feature_set = schemas.FeatureSet(**feature_set.to_dict()) return schemas.FeatureSetIngestOutput( feature_set=result_feature_set, run_object=run_params.to_dict() )
async def get_token_header(api_key: str = Header(...)): if api_key != "complete-web-developer-bootcamp-2020": raise HTTPException(status_code=400, detail="api-key header invalid")
async def read_items(*, user_agent: str = Header(None)): ## Optional return {"User-Agent": user_agent}
async def read_items( *, strange_header: str = Header(None, convert_underscores=False) ): ## By default it converts the underscores to hyphen,But now it will not return {"strange_header": strange_header}
async def read_items(*, ads_id: str = Header("abc")): ## Default Value return {"ads_id": ads_id}
async def read_items(*, user_agent: str = Header(None), x_token: List[str] = Header(None)): return {"User-Agent": user_agent}
def have_access_key(x_access_key=Header(None)): if x_access_key not in settings.PRIVATE_ACCESS_KEYS: raise HTTPException(status_code=401, detail="You can not access to this resource") return x_access_key
def get_current_user(token: str = Header(...), description="user auth token (user_id") -> User: if token not in USER_BY_TOKEN: raise exceptions.HTTPException(404, f"user token {token!r} not found") user = USER_BY_TOKEN[token] return user
async def get_kong_request_id(kong_request_id: Optional[str] = Header(None)): return {"Kong-Request-ID": kong_request_id}
async def read_items(user_agent: Union[str, None] = Header(default=None)): return {"User-Agent": user_agent}
def _get_authorization_token_optional(authorization: str = Header(None)): if authorization: return _get_authorization_token(authorization) return ""
async def token_is_true(token: str = Header(..., description="token验证")): uid = redis.get(token) if not uid: raise HTTPException(status_code=401, detail='Authorization Failed') user = db.user.find_one({'_id': ObjectId(uid)}) return user
def introspect_token(Authorization: str = Header(None)): if Authorization == None: return {"message": "Token not provided."} token_info = keycloak_openid.introspect(Authorization[7:]) return {"token_info": token_info}
async def get_token_header(x_token: str = Header(...)): if x_token != 'my-secret-token': raise HTTPException(status_code=400, detail='X-Token header invalid')
async def verify_tocken(x_tocken: str = Header(...)): if x_tocken != "fake-super-secret-token": raise HTTPException(status_code=400, detail="x-token header invalid")
def weather_metric(request, vendor: str, auth_header: str = Header(...)): return {"customRoute": ""}
def internal_only(internal_header: str = Header(None)): logger.info("ROLE = %s", internal_header) if internal_header != 'service': raise HTTPException(HTTP_403_FORBIDDEN, detail="Access denied")
async def modify_service( # pylint: disable=too-many-arguments user_id: int, service_key: constr(regex=KEY_RE), service_version: constr(regex=VERSION_RE), updated_service: ServiceUpdate, director_client: DirectorApi = Depends(get_director_api), groups_repository: GroupsRepository = Depends( get_repository(GroupsRepository)), services_repo: ServicesRepository = Depends( get_repository(ServicesRepository)), x_simcore_products_name: str = Header(None), ): # check the service exists await director_client.get( f"/services/{urllib.parse.quote_plus(service_key)}/{service_version}") # the director client already raises an exception if not found # get the user groups user_groups = await groups_repository.list_user_groups(user_id) if not user_groups: # deny access raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You have unsufficient rights to access the service", ) # check the user has write access to this service writable_service = await services_repo.get_service( service_key, service_version, gids=[group.gid for group in user_groups], write_access=True, product_name=x_simcore_products_name, ) if not writable_service: # deny access raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="You have unsufficient rights to modify the service", ) # let's modify the service then await services_repo.update_service( ServiceMetaDataAtDB( key=service_key, version=service_version, **updated_service.dict(exclude_unset=True), )) # let's modify the service access rights (they can be added/removed/modified) current_gids_in_db = [ r.gid for r in await services_repo.get_service_access_rights( service_key, service_version, product_name=x_simcore_products_name) ] if updated_service.access_rights: # start by updating/inserting new entries new_access_rights = [ ServiceAccessRightsAtDB( key=service_key, version=service_version, gid=gid, execute_access=rights.execute_access, write_access=rights.write_access, product_name=x_simcore_products_name, ) for gid, rights in updated_service.access_rights.items() ] await services_repo.upsert_service_access_rights(new_access_rights) # then delete the ones that were removed removed_gids = [ gid for gid in current_gids_in_db if gid not in updated_service.access_rights ] deleted_access_rights = [ ServiceAccessRightsAtDB( key=service_key, version=service_version, gid=gid, product_name=x_simcore_products_name, ) for gid in removed_gids ] await services_repo.delete_service_access_rights(deleted_access_rights) # now return the service return await get_service( user_id, service_key, service_version, director_client, groups_repository, services_repo, x_simcore_products_name, )
def get_user_agent(user_agent: str = Header("User-Agent")) -> str: return user_agent
def get_status(repository: str, authorization: str = Header(None)): user_detail = users.get_user_data_from_token(authorization) if not user_detail: raise HTTPException(status_code=403, detail="Invalid Authentication Token") return deploy.get_status(repository)
async def get_token_header(api_token: str = Header(...)): if api_token != API_KEY: raise HTTPException(status_code=400, detail="API-Token header invalid")
async def get_token_header(x_token: str = Header(...)): if x_token != "fake-super-secret-token": raise HTTPException(status_code=400, detail="X-Token header invalid")
def header_example(data: Union[str, None] = Header( default=None, example="header1", ), ): return data