Commit 7ff1257d authored by Mustafa Gezen's avatar Mustafa Gezen 🏗
Browse files

add oidc support

parent 1706a0cb
......@@ -8,9 +8,10 @@ from fastapi import FastAPI, Request
from fastapi.responses import HTMLResponse
from fastapi.templating import Jinja2Templates
from fastapi.staticfiles import StaticFiles
from starlette.middleware.sessions import SessionMiddleware
from tortoise.contrib.fastapi import register_tortoise
from distrobuild import settings
from distrobuild.settings import TORTOISE_ORM, settings
from distrobuild.routes import register_routes
# init sessions
from distrobuild import session
......@@ -18,6 +19,7 @@ from distrobuild import session
from distrobuild_scheduler import init_channel
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key=settings.session_secret)
app.mount("/static/files", StaticFiles(directory="ui/dist/files"), name="static")
register_routes(app)
......@@ -28,9 +30,11 @@ templates = Jinja2Templates(directory="ui/dist/templates")
async def serve_frontend(request: Request):
return templates.TemplateResponse("index.html", {
"request": request,
"distribution": settings.settings.distribution,
"distribution": settings.distribution,
"authenticated": "true" if request.session.get("user") else "false",
"full_name": request.session["user"]["name"] if request.session.get("user") else "",
"koji_weburl": session.koji_config.get("weburl"),
"gitlab_url": f"https://{settings.settings.gitlab_host}{settings.settings.repo_prefix}"
"gitlab_url": f"https://{settings.gitlab_host}{settings.repo_prefix}"
})
......@@ -41,5 +45,5 @@ async def startup():
register_tortoise(
app,
config=settings.TORTOISE_ORM
config=TORTOISE_ORM
)
from authlib.integrations.starlette_client import OAuth
from distrobuild.settings import settings
oauth = OAuth()
oauth.register(
name="oidc",
client_id=settings.oidc_client_id,
client_secret=settings.oidc_client_secret,
server_metadata_url=f"{settings.oidc_issuer}/.well-known/openid-configuration",
client_kwargs={
"scope": f"openid profile {settings.oidc_scopes}"
}
)
oidc = oauth.oidc
from fastapi import APIRouter
from distrobuild.routes import builds, imports, packages, bootstrap
from distrobuild.routes import builds, imports, packages, bootstrap, oidc
_base_router = APIRouter(prefix="/api")
def register_routes(app):
_base_router.include_router(oidc.router)
_base_router.include_router(packages.router)
_base_router.include_router(bootstrap.router)
_base_router.include_router(builds.router)
......
from fastapi import APIRouter, Request
from fastapi.responses import RedirectResponse
from distrobuild.auth import oidc
router = APIRouter(prefix="/oidc")
@router.get('/start_flow')
async def start_flow(request: Request):
redirect_uri = request.url_for('callback')
return await oidc.authorize_redirect(request, redirect_uri)
@router.get('/callback')
async def callback(request: Request):
token = await oidc.authorize_access_token(request)
user = await oidc.parse_id_token(request, token)
request.session['user'] = dict(user)
return RedirectResponse(url="/")
......@@ -5,6 +5,7 @@ from pydantic import BaseSettings
class Settings(BaseSettings):
bugs_api_key: str
gitlab_api_key: str
session_secret: str
# srpmproc
gitlab_host: str
......@@ -21,6 +22,7 @@ class Settings(BaseSettings):
oidc_issuer: str
oidc_client_id: str
oidc_client_secret: str
oidc_scopes: str = "https://id.fedoraproject.org/scope/groups https://mbs.rockylinux.org/oidc/mbs-submit-build"
# appearance
distribution: str = "Rocky Linux"
......
fastapi==0.63.0
tortoise-orm[asyncpg]==0.16.21
aerich==0.5.0
requests==2.25.1
starlette-context==0.3.1
aiofiles==0.6.0
jinja2==2.11.3
......@@ -12,3 +11,6 @@ python-dotenv==0.15.0
python-gitlab==2.6.0
aio-pika==6.8.0
python-multipart==0.0.5
authlib==0.15.3
itsdangerous==1.1.0
httpx==0.16.1
......@@ -13,6 +13,10 @@
'gitlabUrl': '{{ gitlab_url }}',
'distribution': '{{ distribution }}',
};
window.STATE = {
'authenticated': {{ authenticated or 'false' }},
'full_name': '{{ full_name }}'
}
</script>
</body>
</html>
......@@ -30,8 +30,14 @@ export const Root = () => {
</HeaderMenuItem>
</HeaderNavigation>
<HeaderNavigation className="right">
<HeaderMenuItem element={Link} to="/packages">
Packages
<HeaderMenuItem
element={window.STATE.authenticated ? Link : undefined}
href={
window.STATE.authenticated ? undefined : '/api/oidc/start_flow'
}
to={window.STATE.authenticated ? '/profile' : undefined}
>
{window.STATE.full_name || 'Login'}
</HeaderMenuItem>
</HeaderNavigation>
</Header>
......
......@@ -2,6 +2,7 @@ export {};
interface IState {
authenticated: boolean;
full_name: string;
}
declare global {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment