updated authentication

kscalelabs · Dec 29, 2024 · 0572798 · 0572798
1 parent 2a54605
commit 0572798
Show file tree

Hide file tree

Showing 17 changed files with 86 additions and 331 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -26,7 +26,6 @@ jobs:
     environment: ${{ github.ref == 'refs/heads/master' && 'production' || 'staging' }}
 
     env:
-      JWT_SECRET: test
       AWS_ACCESS_KEY_ID: test
       AWS_SECRET_ACCESS_KEY: test
       AWS_ENDPOINT_URL_DYNAMODB: http://localhost:8000

diff --git a/env.sh.example b/env.sh.example
@@ -1,5 +1,6 @@
 # Specifies a local environment versus production environment.
 export ENVIRONMENT='local'
+export MIDDLEWARE_SECRET_KEY='test'
 
 # For AWS
 export AWS_DEFAULT_REGION='us-east-1'

diff --git a/www/app/main.py b/www/app/main.py
@@ -8,7 +8,8 @@
 from fastapi import Depends, FastAPI, HTTPException, Request, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
-from fastapi.security import APIKeyCookie, APIKeyHeader
+from fastapi.security import APIKeyCookie, APIKeyHeader, OAuth2AuthorizationCodeBearer
+from starlette.middleware.sessions import SessionMiddleware
 
 from www.app.db import create_tables
 from www.app.errors import (
@@ -27,6 +28,7 @@
 from www.app.routers.robots import router as robots_router
 from www.app.routers.teleop import router as teleop_router
 from www.app.routers.users import router as users_router
+from www.settings import settings
 from www.utils import get_cors_origins
 
 
@@ -63,6 +65,20 @@ async def lifespan(app: FastAPI) -> AsyncGenerator[None, None]:
     allow_headers=["*"],
 )
 
+# Add authentication middleware.
+app.add_middleware(
+    SessionMiddleware,
+    secret_key=settings.middleware.secret_key,
+)
+
+oauth2_scheme = OAuth2AuthorizationCodeBearer(
+    authorizationUrl="https://accounts.google.com/o/oauth2/auth",
+    tokenUrl="https://accounts.google.com/o/oauth2/token",
+    refreshUrl="https://accounts.google.com/o/oauth2/token",
+    scopes={"openid": "Access your OpenAI information"},
+    auto_error=False,
+)
+
 
 @app.exception_handler(ValueError)
 async def value_error_exception_handler(request: Request, exc: ValueError) -> JSONResponse:

diff --git a/www/app/routers/auth.py b/www/app/routers/auth.py
@@ -0,0 +1,56 @@
+"""Defines the API endpoint for authenticating the user."""
+
+import logging
+
+from authlib.integrations.starlette_client import OAuth
+from fastapi import APIRouter
+from fastapi.requests import Request
+from fastapi.responses import RedirectResponse
+from starlette.config import Config as StarletteConfig
+
+from www.settings import settings
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter()
+
+# Set up authlib OAuth.
+starlette_config = StarletteConfig(
+    environ={
+        "GOOGLE_CLIENT_ID": settings.oauth.google_client_id,
+        "GOOGLE_CLIENT_SECRET": settings.oauth.google_client_secret,
+        "SECRET_KEY": settings.middleware.secret_key,
+    },
+)
+
+oauth = OAuth(starlette_config)
+
+# Register Google authentication.
+google = oauth.register(
+    name="google",
+    client_id=settings.oauth.google_client_id,
+    client_secret=settings.oauth.google_client_secret,
+    access_token_url="https://accounts.google.com/o/oauth2/token",
+    access_token_params=None,
+    authorize_url="https://accounts.google.com/o/oauth2/auth",
+    authorize_params={
+        "scope": "openid email profile",
+        "prompt": "consent",
+    },
+    api_base_url="https://www.googleapis.com/oauth2/v1/",
+    client_kwargs={"scope": "openid email profile"},
+)
+
+
+@router.get("/login")
+async def login_via_google(request: Request) -> RedirectResponse:
+    redirect_uri = request.url_for("auth_callback")
+    return await google.authorize_redirect(request, redirect_uri)
+
+
+@router.get("/callback")
+async def auth_callback(request: Request) -> RedirectResponse:
+    token = await google.authorize_access_token(request)
+    user_info = await google.parse_id_token(request, token)
+    request.session["user"] = dict(user_info)
+    return RedirectResponse(url="/profile")
diff --git a/www/app/routers/auth/__init__.py b/www/app/routers/auth/__init__.py
diff --git a/www/app/routers/auth/api.py b/www/app/routers/auth/api.py
diff --git a/www/app/routers/auth/github.py b/www/app/routers/auth/github.py
diff --git a/www/app/routers/auth/google.py b/www/app/routers/auth/google.py
diff --git a/www/app/routers/auth/test.py b/www/app/routers/auth/test.py
diff --git a/www/app/routers/users.py b/www/app/routers/users.py
@@ -186,8 +186,8 @@ async def get_user_info_by_id_endpoint(id: str, crud: Annotated[Crud, Depends(Cr
 @router.get("/public/me", response_model=UserPublic)
 async def get_my_public_user_info_endpoint(
     user: User = Depends(get_session_user_with_read_permission),
-) -> UserPublic:  # Change return type to UserPublic
-    return UserPublic(**user.model_dump())  # Return UserPublic instance directly
+) -> UserPublic:
+    return UserPublic(**user.model_dump())
 
 
 @router.get("/public/{id}", response_model=UserPublic)

diff --git a/www/app/security/user.py b/www/app/security/user.py
@@ -3,6 +3,7 @@
 from typing import Annotated
 
 from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2AuthorizationCodeBearer
 
 from www.app.db import Crud
 from www.app.errors import ItemNotFoundError, NotAuthenticatedError