def check_token():
existing_token = jwt.get_token()
try:
jwt.decode(existing_token)
return 'Token is valid', 200
except JWTError as e:
return 'Invalid token', 401
def get_userapp_by_id(stack_id):
token = jwt.get_token()
claims = jwt.safe_decode(token)
namespace = claims['username']
userapp = data_store.retrieve_userapp_by_id(namespace, userapp_id=stack_id)
return userapp, 200
def refresh_token():
existing_token = jwt.get_token()
token_json = jwt.safe_decode(existing_token)
fresh_token = jwt.encode(token_json['username'])
return {
'token': fresh_token
}, 501, {
'Set-Cookie': 'token=%s' % fresh_token
}
def list_userapps():
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
userapps = data_store.fetch_userapps(username)
return userapps, 200
def quickstart_stack(key):
token = jwt.get_token()
username = jwt.get_username_from_token(token)
# TODO: Check if user already has an instance of this app
# TODO: If it exists, start it up and return
# TODO: If it does not exist, create, start, then return
return '', 501
def delete_account(account_id):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
# Admins only: check token for required role
if username != account_id:
jwt.validate_scopes(['workbench-accounts'], claims)
return data_store.delete_user(account_id)
def delete_authenticate():
# TODO: Do we store anything server-side related to sessions?
if config.USE_KEYCLOAK:
keycloak.logout()
return 204, {'Set-Cookie': 'token=undefined'}
else:
existing_token = jwt.get_token()
expired_token = jwt.expire_token(existing_token)
# if so, clear it here
return 204, {'Set-Cookie': 'token=%s' % expired_token}
def update_userapp(stack_id, stack):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
if stack['id'] != stack_id:
return 'Bad Request: ID mismatch', 400
if stack['creator'] != username:
return 'Only the owner may modify a userapp', 403
updated = data_store.update_userapp(stack)
return stack, 200
def create_userapp(stack):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
stack['creator'] = username
#stack['_id'] = generate_unique_id(username)
spec_map = to_spec_map(data_store.fetch_all_appspecs_for_user(username))
#try:
kube.create_userapp(username=username, userapp=stack, spec_map=spec_map)
stack = data_store.create_userapp(stack)
return stack, 201
def rename_userapp(stack_id, name):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
userapp = data_store.retrieve_userapp_by_id(stack_id)
# Verify that this user is the owner
if userapp['creator'] != username:
return 'Only the owner may rename a userapp', 403
# Change the name
userapp['name'] = name
update_userapp(stack_id, userapp)
return userapp, 200
def update_account(account_id, account):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
if account_id != account['id']:
return 'error: account id mismatch', 400
# Admins only: check token for required role
if username != account_id:
jwt.validate_scopes(['workbench-accounts'], claims)
# Make sure user can't change password like this
existing_account = data_store.retrieve_user_by_namespace(account.id)
account.password = existing_account.password
return mongo.parse_json(data_store.update_user(account)), 200
def delete_userapp(stack_id):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
# Verify that this user is the owner
userapp = data_store.retrieve_userapp_by_id(stack_id)
if userapp['creator'] != username:
return 'Only the owner may delete a userapp', 403
try:
deleted = data_store.delete_userapp(stack_id)
kube.destroy_userapp(username, userapp)
except Exception as e:
logger.error('Failed to delete userapp: ' % str(e))
return '', 200
def change_password(password):
account_info = connexion.request.json
logger.info(account_info)
# Use token auth claims to fetch account
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = claims['username']
account = data_store.retrieve_user_by_namespace(username)
# Hash / salt new password
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
# Only modify password field
account.password = hashed_password
result = data_store.update_user(account)
return account, 200
def get_service_by_id(service_id):
try:
token = jwt.get_token()
username = jwt.get_username_from_token(token)
# User spec not found, check system catalog
appspec = data_store.retrieve_user_appspec_by_key(username, service_id)
if appspec is not None:
return mongo.parse_json(appspec), 200
except Exception as e:
logger.debug('Skipping user catalog check: %s' % str(e))
# No token (or appspec not found), but we can still check system catalog
appspec = data_store.retrieve_system_appspec_by_key(service_id)
if appspec is not None:
return mongo.parse_json(appspec), 200
else:
return {'error': 'Spec key=%s not found' % service_id}, 404
def get_stack_configs(services=None):
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
configs = []
all_appspecs = data_store.fetch_all_appspecs_for_user(username)
all_appspec_keys = list(map(get_key_from_appspec, all_appspecs))
if services is None:
return map(get_config_from_appspec, all_appspecs), 200
else:
for s in services:
index = all_appspec_keys.index(s)
if index is None:
return 'Failed to find service: %s' % s, 400
appspec = all_appspecs[index]
configs.append(appspec.config)
return configs, 200
def list_services(catalog='all'):
logging.info("Get services with catalog - "+catalog)
try:
token = jwt.get_token()
claims = jwt.safe_decode(token)
username = jwt.get_username_from_token(token)
# Attempt user lookup, if possible
if catalog == 'user':
services = data_store.fetch_user_appspecs(username)
return mongo.parse_json(services), 200
else: # catalog == all or anything else
services = data_store.fetch_all_appspecs_for_user(username)
return mongo.parse_json(services), 200
except Exception as e:
logger.debug('Skipping user catalog check: %s' % str(e))
if catalog == 'all' or catalog == 'system':
services = data_store.fetch_system_appspecs()
return mongo.parse_json(services), 200
elif catalog == 'user':
return {'error': 'Must login to request user catalog'}, 401
