sergio/saladeaula.digital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add comment

Browse Source
This commit is contained in:
Sérgio Rafael Siqueira
2025-04-02 14:24:18 -03:00
parent 8cd755f0ae
commit b1b7ca54ff
1 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
http-api/middlewares/tenant_middelware.py
View File

@@ -23,8 +23,28 @@ class Tenant(BaseModel):
class TenantMiddleware(BaseMiddlewareHandler): class TenantMiddleware(BaseMiddlewareHandler):
def __init__(self, collect: DynamoDBCollection) -> None: """
Middleware that associates a Tenant instance with the request context based on the authentication flow.
For API authentication (`AuthFlowType.API_AUTH`), it assigns tenant information directly from the authorizer context.
For User authentication (`AuthFlowType.USER_AUTH`), it gets the Tenant ID from the specified request header.
Parameters
----------
collect : DynamoDBCollection
The DynamoDB collection used to validate user access and retrieve tenant information.
header : str, optional
The request header name containing the tenant ID. Defaults to `'X-Tenant'`.
"""
def __init__(
self,
collect: DynamoDBCollection,
/,
header: str = 'X-Tenant',
) -> None:
self.collect = collect self.collect = collect
self.header = header
def handler( def handler(
self, self,
@@ -40,7 +60,7 @@ class TenantMiddleware(BaseMiddlewareHandler):
if auth_flow_type == AuthFlowType.USER_AUTH: if auth_flow_type == AuthFlowType.USER_AUTH:
app.append_context( app.append_context(
tenant=_tenant( tenant=_tenant(
app.current_event.headers.get('x-tenant'), app.current_event.headers.get(self.header),
app.context.get('user'), # type: ignore app.context.get('user'), # type: ignore
collect=self.collect, collect=self.collect,
) )
@@ -50,8 +70,8 @@ class TenantMiddleware(BaseMiddlewareHandler):
class ForbiddenError(ServiceError): class ForbiddenError(ServiceError):
def __init__(self, msg: str): def __init__(self, *args, **kwargs):
super().__init__(HTTPStatus.FORBIDDEN, msg) super().__init__(HTTPStatus.FORBIDDEN, 'Deny')
def _tenant( def _tenant(
@@ -60,14 +80,39 @@ def _tenant(
/, /,
collect: DynamoDBCollection, collect: DynamoDBCollection,
) -> Tenant: ) -> Tenant:
"""Get a Tenant instance based on the provided tenant_id and user's access permissions.
Parameters
----------
tenant_id : str | None
The identifier of the tenant. Must not be None or empty.
user : User
The user attempting to access the tenant.
collect : DynamoDBCollection
The DynamoDB collection used to retrieve tenant information.
Returns
-------
Tenant
The Tenant instance corresponding to the provided tenant_id.
Raises
------
BadRequestError
If tenant_id is not provided.
ForbiddenError
If the user lacks the necessary ACL permissions for the specified tenant_id.
"""
if not tenant_id: if not tenant_id:
raise BadRequestError('Missing tenant') raise BadRequestError('Missing tenant')
# Ensure user has ACL
collect.get_item( collect.get_item(
KeyPair(user.id, ComposeKey(tenant_id, prefix='acls')), KeyPair(user.id, ComposeKey(tenant_id, prefix='acls')),
exception_cls=ForbiddenError, exception_cls=ForbiddenError,
) )
# For root tenant, provide the default Tenant
if tenant_id == '*': if tenant_id == '*':
return Tenant(id=tenant_id, name='default') return Tenant(id=tenant_id, name='default')