sergio/saladeaula.digital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add integration

Browse Source
This commit is contained in:
Sérgio Rafael Siqueira
2025-08-06 18:46:21 -03:00
parent e08f16bbaa
commit ff25ade76e
16 changed files with 314 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
id.saladeaula.digital/app/integrations/__init__.py Normal file
View File

0
id.saladeaula.digital/app/apigateway_oauth2.py → id.saladeaula.digital/app/integrations/apigateway_oauth2.py
View File

11
id.saladeaula.digital/app/jose_.py
View File

@@ -39,7 +39,16 @@ def generate_refresh_token(user_id: str) -> str:
def verify_jwt(token: str) -> dict:
try:
payload = jwt.decode(token, JWT_SECRET, algorithms=[JWT_ALGORITHM])
payload = jwt.decode(
token,
JWT_SECRET,
algorithms=[JWT_ALGORITHM],
issuer=ISSUER,
options={
'require': ['exp', 'sub', 'iss'],
'leeway': 60,
},
)
return payload
except ExpiredSignatureError:
raise ForbiddenError('Token expired')

34
id.saladeaula.digital/app/oauth2.py
View File

@@ -7,13 +7,13 @@ from aws_lambda_powertools.event_handler.exceptions import NotFoundError
from layercake.dateutils import now, ttl
from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
from apigateway_oauth2 import (
from boto3clients import dynamodb_client
from config import DYNAMODB_SORT_KEY, OAUTH2_TABLE
from integrations.apigateway_oauth2 import (
AuthorizationServer,
OAuth2Client,
OAuth2Token,
)
from boto3clients import dynamodb_client
from config import DYNAMODB_SORT_KEY, OAUTH2_TABLE
oauth2_layer = DynamoDBPersistenceLayer(OAUTH2_TABLE, dynamodb_client)
@@ -33,12 +33,11 @@ def create_save_token_func(persistence_layer: DynamoDBPersistenceLayer):
return save_token
class ClientNotFoundError(NotFoundError):
def __init__(self, *_):
super().__init__('Client not found')
def create_query_client_func(persistence_layer: DynamoDBPersistenceLayer):
class ClientNotFoundError(NotFoundError):
def __init__(self, *_):
super().__init__('Client not found')
def query_client(client_id) -> OAuth2Client:
client = persistence_layer.collection.get_item(
KeyPair('OAUTH2_CLIENT', f'CLIENT_ID#{client_id}'),
@@ -89,19 +88,16 @@ def save_authorization_code(code, request):
)
def exists_nonce(nonce, request):
nonce_ = oauth2_layer.get_item(
KeyPair(
f'OAUTH2_CODE#CLIENT_ID#{request.payload.client_id}',
f'NONCE#{nonce}',
)
)
return bool(nonce_)
class OpenIDCode(OpenIDCode_):
def exists_nonce(self, nonce, request):
return exists_nonce(nonce, request)
nonce_ = oauth2_layer.get_item(
KeyPair(
f'OAUTH2_CODE#CLIENT_ID#{request.payload.client_id}', # type:ignore
f'NONCE#{nonce}',
)
)
return bool(nonce_)
def get_jwt_config(self, grant):
return DUMMY_JWT_CONFIG

67
id.saladeaula.digital/app/routes/authorize.py
View File

@@ -1,33 +1,84 @@
from uuid import uuid4
from http import HTTPStatus
from http.cookies import SimpleCookie
from urllib.parse import ParseResult, quote, urlencode, urlunparse
from authlib.oauth2 import OAuth2Error
from authlib.oauth2.rfc6749 import errors
from aws_lambda_powertools import Logger
from aws_lambda_powertools.event_handler import Response
from aws_lambda_powertools.event_handler.api_gateway import Router
from jose_ import verify_jwt
from oauth2 import authorization
router = Router()
logger = Logger(__name__)
@router.get('/authorize')
def authorize():
user = {
'id': str(uuid4()),
'sub': 'sergio@somosbeta.com.br',
}
current_event = router.current_event
cookies = _parse_cookies(current_event.get('cookies', [])) # type: ignore
id_token = cookies.get('id_token')
continue_url = quote(
urlunparse(
ParseResult(
scheme='',
netloc='',
path=current_event.path,
params='',
query=urlencode(current_event.query_string_parameters),
fragment='',
)
),
safe='',
)
login_url = f'/login?continue={continue_url}'
if not id_token:
return Response(
status_code=HTTPStatus.FOUND,
headers={'Location': login_url},
)
try:
user = verify_jwt(id_token)
except Exception as exc:
logger.exception(exc)
return Response(
status_code=HTTPStatus.FOUND,
headers={'Location': login_url},
)
try:
grant = authorization.get_consent_grant(
request=router.current_event,
end_user=user,
end_user={'id': user['sub']},
)
except OAuth2Error as err:
logger.exception(err)
return dict(err.get_body())
try:
return authorization.create_authorization_response(
request=router.current_event,
grant_user=user,
grant_user={'id': user['sub']},
grant=grant,
)
except errors.OAuth2Error:
except errors.OAuth2Error as err:
logger.exception(err)
return {}
def _parse_cookies(cookies: list[str] | None) -> dict[str, str]:
parsed_cookies = {}
if not cookies:
return parsed_cookies
for s in cookies:
c = SimpleCookie()
c.load(s)
parsed_cookies.update({k: morsel.value for k, morsel in c.items()})
return parsed_cookies

62
id.saladeaula.digital/app/routes/login.html
View File

@@ -1,62 +0,0 @@
<!doctype html>
<html>
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<script src="https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4"></script>
</head>
<body
class="font-sans antialiased bg-black text-white flex items-center justify-center min-h-screen"
>
<div class="w-full max-w-sm relative">
<div
aria-hidden="true"
class="absolute inset-0 grid grid-cols-2 opacity-20"
>
<div
class="blur-[106px] h-56 bg-gradient-to-br to-lime-400 from-lime-700"
></div>
<div
class="blur-[106px] h-42 bg-gradient-to-r from-lime-400 to-lime-600"
></div>
</div>
<form method="POST" action="/login" class="space-y-6 relative z-1">
<div class="grid gap-2">
<label for="username" class="text-sm leading-none font-medium">
Email ou CPF
</label>
<input
type="text"
id="username"
name="username"
class="border border-white/15 bg-white/8 w-full rounded-lg px-3 py-1.5 shadow-sm outline-none focus-visible:border-white/30 focus-visible:ring-white/20 focus-visible:ring-3 transition"
required
/>
</div>
<div class="grid gap-2">
<div class="flex justify-between items-center">
<label for="password" class="text-sm leading-none font-medium">
Senha
</label>
<a href="#" class="text-sm" tabindex="-1">Esqueceu sua senha?</a>
</div>
<input
type="password"
id="password"
name="password"
class="border border-white/15 bg-white/8 w-full rounded-lg px-3 py-1.5 shadow-sm outline-none focus-visible:border-white/30 focus-visible:ring-white/20 focus-visible:ring-3 transition"
required
/>
</div>
<button
type="submit"
class="w-full text-sm font-medium text-black bg-lime-400 rounded-lg px-4 py-2 h-9"
>
Entrar
</button>
</form>
</div>
</body>
</html>

23
id.saladeaula.digital/app/routes/login.py
View File

@@ -1,5 +1,4 @@
from http import HTTPStatus
from pathlib import Path
from typing import Annotated
from aws_lambda_powertools.event_handler import (
@@ -7,8 +6,9 @@ from aws_lambda_powertools.event_handler import (
)
from aws_lambda_powertools.event_handler.api_gateway import Router
from aws_lambda_powertools.event_handler.exceptions import ForbiddenError, NotFoundError
from aws_lambda_powertools.event_handler.openapi.params import Form
from aws_lambda_powertools.event_handler.openapi.params import Form, Param
from aws_lambda_powertools.shared.cookies import Cookie
from jinja2 import Environment, PackageLoader, select_autoescape
from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
from passlib.hash import pbkdf2_sha256
@@ -18,15 +18,20 @@ from jose_ import generate_jwt
router = Router()
oauth2_layer = DynamoDBPersistenceLayer(OAUTH2_TABLE, dynamodb_client)
templates = Environment(
loader=PackageLoader('app'),
autoescape=select_autoescape(['html']),
)
@router.get('/login')
def login_form():
html = Path(__file__).with_name('login.html').read_text(encoding='utf-8')
@router.get('/login', compress=True)
def login_form(continue_: Annotated[str, Param(alias='continue')]):
template = templates.get_template('login.html')
html = template.render(**{'continue': continue_})
return Response(
body=html,
status_code=HTTPStatus.OK.value,
status_code=HTTPStatus.OK,
content_type='text/html',
)
@@ -35,6 +40,7 @@ def login_form():
def login(
username: Annotated[str, Form()],
password: Annotated[str, Form()],
continue_: Annotated[str, Form(alias='continue')],
):
user_id, password_hash = _get_user(username)
@@ -44,7 +50,10 @@ def login(
jwt_token = generate_jwt(user_id, username)
return Response(
status_code=HTTPStatus.OK,
status_code=HTTPStatus.FOUND,
headers={
'Location': continue_,
},
cookies=[
Cookie(
name='id_token',

0
id.saladeaula.digital/app/templates/__init__.py Normal file
View File

115
id.saladeaula.digital/app/templates/login.html Normal file
View File

@@ -0,0 +1,115 @@
<!doctype html>
<html>
<head>
<title>EDUSEG®</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<script src="https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4"></script>
</head>
<body
class="font-sans antialiased bg-black text-white flex items-center justify-center min-h-screen px-3"
>
<div class="w-full max-w-sm relative">
<div
aria-hidden="true"
class="absolute inset-0 grid grid-cols-2 opacity-20"
>
<div
class="blur-[106px] h-56 bg-gradient-to-br to-lime-400 from-lime-700"
></div>
<div
class="blur-[106px] h-42 bg-gradient-to-r from-lime-400 to-lime-600"
></div>
</div>
<div class="grid gap-5 relative z-1">
<div class="text-center space-y-1">
<span
class="border border-white/15 bg-white/5 px-2.5 py-3 rounded-xl inline-block"
><svg
width="18"
height="24"
viewBox="0 0 18 24"
fill="none"
xmlns="http://www.w3.org/2000/svg"
class="size-12"
>
<path
d="M16.2756 23.4353L8.93847 20.1298C8.7383 20.0015 8.48167 20.0015 8.27893 20.1298L0.941837 23.4353C0.533793 23.6945 0 23.4019 0 22.9194V1.12629C0.00256631 0.787535 0.277162 0.512939 0.615915 0.512939H16.6066C16.9454 0.512939 17.22 0.787535 17.22 1.12629V22.9194C17.22 23.4019 16.6862 23.6945 16.2781 23.4353H16.2756Z"
fill="#8CD366"
></path>
<path
d="M10.7274 3.71313H3.34668V6.41803H10.7274V3.71313Z"
fill="#2E3524"
></path>
<path
d="M9.42115 8.4939H3.34668V10.6496H9.42115V8.4939Z"
fill="#2E3524"
></path>
<path
d="M10.7274 12.7263H3.34668V15.4312H10.7274V12.7263Z"
fill="#2E3524"
></path>
<path
d="M12.9984 13.6731H12.9958C12.5111 13.6731 12.1182 14.066 12.1182 14.5508V14.5533C12.1182 15.0381 12.5111 15.431 12.9958 15.431H12.9984C13.4831 15.431 13.8761 15.0381 13.8761 14.5533V14.5508C13.8761 14.066 13.4831 13.6731 12.9984 13.6731Z"
fill="#2E3524"
></path></svg
></span>
<h1 class="text-3xl mt-6 font-semibold font-display text-balance">
Faça login
</h1>
<p class="text-white/50 text-sm">
Não tem uma conta?
<a href="" class="font-medium text-white">Cadastre-se</a>.
</p>
</div>
<form method="POST" action="/login" class="space-y-6">
<input name="continue" type="hidden" value="{{ continue }}" />
<div class="grid gap-2">
<label for="username" class="text-sm leading-none font-medium">
Email ou CPF
</label>
<input
type="text"
id="username"
name="username"
class="border border-white/15 bg-white/8 w-full rounded-lg px-3 py-2.5 shadow-sm outline-none focus-visible:border-white/30 focus-visible:ring-white/20 focus-visible:ring-3 transition"
required
/>
</div>
<div class="grid gap-2">
<div class="flex justify-between items-center">
<label for="password" class="text-sm leading-none font-medium">
Senha
</label>
<a href="#" class="text-sm" tabindex="-1">Esqueceu sua senha?</a>
</div>
<input
type="password"
id="password"
name="password"
class="border border-white/15 bg-white/8 w-full rounded-lg px-3 py-2.5 shadow-sm outline-none focus-visible:border-white/30 focus-visible:ring-white/20 focus-visible:ring-3 transition"
required
/>
</div>
<button
type="submit"
class="w-full text-sm font-medium text-black bg-lime-400 rounded-lg px-4 py-2 h-9"
>
Entrar
</button>
</form>
<p class="text-xs text-white/50 text-center">
Ao fazer login, você concorda com nossa
<a href="#" class="underline hover:no-underline" target="_blank">
política de privacidade </a
>.
</p>
</div>
</div>
</body>
</html>