sergio/saladeaula.digital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Sérgio Rafael Siqueira
2025-04-01 19:15:10 -03:00
parent dbe7a924e2
commit ef4bfc07f3
16 changed files with 197 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
http-api/auth.py
View File

@@ -48,19 +48,21 @@ tracer = Tracer()
logger = Logger(__name__)
idp_client = boto3.client('cognito-idp')
user_layer = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
collect = DynamoDBCollection(user_layer)
user_collect = DynamoDBCollection(user_layer)
@tracer.capture_lambda_handler
@logger.inject_lambda_context
@event_source(data_class=APIGatewayAuthorizerEventV2)
def lambda_handler(event: APIGatewayAuthorizerEventV2, context: LambdaContext) -> dict:
"""Authenticates a user using a bearer token (for user or API).
Only handles authentication; any additional logic (e.g., tenant) is performed afterward."""
bearer = _parse_bearer_token(event.headers.get('authorization', ''))
if not bearer:
return APIGatewayAuthorizerResponseV2(authorize=False).asdict()
attrs = _authorizer(bearer).asdict()
attrs = _authorizer(bearer, user_collect).asdict()
return APIGatewayAuthorizerResponseV2(**attrs).asdict()
@@ -76,7 +78,7 @@ class BearerToken:
@dataclass
class Authorizer:
class AuthorizerResponseV2:
authorize: bool = False
context: dict[str, Any] | None = None
auth_flow_type: AuthFlowType = AuthFlowType.USER_AUTH
@@ -92,11 +94,15 @@ class Authorizer:
return data
def _get_apikey(token: str) -> dict[str, dict | str]:
def _get_apikey(token: str, /, collect: DynamoDBCollection) -> dict[str, dict | str]:
return collect.get_item(KeyPair('apikey', token))
def _authorizer(bearer: BearerToken) -> Authorizer:
def _authorizer(
bearer: BearerToken,
/,
collect: DynamoDBCollection,
) -> AuthorizerResponseV2:
"""
Build an Authorizer object based on the bearer token's auth type.
@@ -113,13 +119,13 @@ def _authorizer(bearer: BearerToken) -> Authorizer:
try:
if bearer.auth_flow_type == AuthFlowType.USER_AUTH:
user = get_user(bearer.token, idp_client)
return Authorizer(True, {'user': user})
return AuthorizerResponseV2(True, {'user': user})
apikey = _get_apikey(bearer.token)
apikey = _get_apikey(bearer.token, collect)
context = pick(('tenant', 'user'), apikey)
return Authorizer(True, context, AuthFlowType.API_AUTH)
return AuthorizerResponseV2(True, context, AuthFlowType.API_AUTH)
except Exception:
return Authorizer()
return AuthorizerResponseV2()
def _parse_bearer_token(s: str) -> BearerToken | None: