def check_request_authorization():
try:
# Assemble Input Data for Open Policy Agent
opa_input = {
"input": {
"method": request.method,
"path": get_path_array(request.path),
"token": g.token,
}
}
original_method = dict(request.headers).get('X-Original-Method', None)
if original_method is not None:
opa_input["input"]["original_method"] = original_method
from pyinfraboxutils.ibopa import opa_do_auth
is_authorized = opa_do_auth(opa_input)
if not is_authorized:
logger.info("Rejected unauthorized request")
abort(401, 'Unauthorized')
except requests.exceptions.RequestException as e:
logger.error(e)
abort(500, 'Authorization failed')
def sio_is_authorized(path):
g.db = dbpool.get()
try:
# Assemble Input Data for Open Policy Agent
opa_input = {
"input": {
"method": "WS",
"path": path,
"token": normalize_token(get_token())
}
}
authorized = opa_do_auth(opa_input)
if not authorized:
logger.warn("Unauthorized socket.io access attempt")
return False
return True
except RequestException as e:
logger.error(e)
return False
finally:
dbpool.put(g.db)
g.db = None