From 748e53b406a1d30df88d401c61480a40865b765f Mon Sep 17 00:00:00 2001 From: Marcelo Arocha Date: Tue, 26 Nov 2024 16:25:43 -0300 Subject: [PATCH] auth --- README.md | 8 +++++ app/resources/api_decorator.py | 58 ++++++++++++++++++++++++++++++++ app/resources/connections.py | 3 ++ app/routes/get_multiple_names.py | 2 ++ app/routes/get_name.py | 2 ++ app/routes/hello.py | 9 ++++- requirements.txt | 1 + 7 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 app/resources/api_decorator.py diff --git a/README.md b/README.md index 9d11a5c..9a0ef72 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,8 @@ CACHE_THRESHOLD=1000 DB_QUERY=SELECT nome_paciente FROM schema.paciente WHERE id_paciente = {} DB_MULTI_QUERY=SELECT DISTINCT(nome_paciente), id_paciente FROM schema.paciente WHERE id_paciente IN ({}) +JWT_SECRET='' + ``` Salvar o arquivo .env e seguir com o run @@ -75,6 +77,12 @@ docker run -d --log-opt max-size=100m --name mygetname -p 443:443 getname #deamo curl https://nomedocliente.getname.noharm.ai/patient-name/12345 ``` +Com auth: + +``` +curl -H "Authorization: Bearer token" https://nomedocliente.getname.noharm.ai/patient-name/12345 +``` + ### 1.2. Test Multiple ``` diff --git a/app/resources/api_decorator.py b/app/resources/api_decorator.py new file mode 100644 index 0000000..c47f503 --- /dev/null +++ b/app/resources/api_decorator.py @@ -0,0 +1,58 @@ +import jwt +import logging +from functools import wraps +from flask import request +from flask_api import status +from jwt.exceptions import PyJWTError, ExpiredSignatureError + +from resources.connections import JWT_SECRET + + +def api_endpoint(): + + def wrapper(f): + @wraps(f) + def decorator_f(*args, **kwargs): + try: + if JWT_SECRET: + auth_type, auth_token = request.headers.get( + "Authorization", "" + ).split() + jwt.decode( + jwt=auth_token, + key=JWT_SECRET, + algorithms="HS256", + issuer="noharm", + ) + + return f(*args, **kwargs) + + except ExpiredSignatureError: + return { + "status": "error", + "message": "Token expirado", + }, status.HTTP_401_UNAUTHORIZED + + except PyJWTError as e: + logging.basicConfig() + logger = logging.getLogger("noharm.getname") + logger.exception(str(e)) + + return { + "status": "error", + "message": "Erro de autenticação. Consulte os logs para mais detalhes.", + }, status.HTTP_401_UNAUTHORIZED + + except Exception as e: + logging.basicConfig() + logger = logging.getLogger("noharm.getname") + logger.exception(str(e)) + + return { + "status": "error", + "message": "Erro inesperado. Consulte os logs para mais detalhes.", + }, status.HTTP_500_INTERNAL_SERVER_ERROR + + return decorator_f + + return wrapper diff --git a/app/resources/connections.py b/app/resources/connections.py index 4a94234..27ceaca 100644 --- a/app/resources/connections.py +++ b/app/resources/connections.py @@ -23,6 +23,9 @@ QUERY = os.getenv("DB_QUERY") MULTI_QUERY = os.getenv("DB_MULTI_QUERY") +# JWT +JWT_SECRET = os.getenv("JWT_SECRET") + if TYPE == "oracle": url_object = ( f"oracle+cx_oracle://{USER}:{PASS}@{HOST}:{PORT}/?service_name={DATABASE}" diff --git a/app/routes/get_multiple_names.py b/app/routes/get_multiple_names.py index 42cc0ca..40f4909 100644 --- a/app/routes/get_multiple_names.py +++ b/app/routes/get_multiple_names.py @@ -2,8 +2,10 @@ from flask import request from flask_api import status from resources.connections import engine, MULTI_QUERY +from resources.api_decorator import api_endpoint +@api_endpoint() def get_multiple_names(): data = request.get_json() ids_list = data.get("patients", []) diff --git a/app/routes/get_name.py b/app/routes/get_name.py index f17cba4..8bc602a 100644 --- a/app/routes/get_name.py +++ b/app/routes/get_name.py @@ -2,8 +2,10 @@ from flask_api import status from resources.connections import engine, QUERY from resources.cache import cache +from resources.api_decorator import api_endpoint +@api_endpoint() @cache.cached() def get_name(idPatient): name = None diff --git a/app/routes/hello.py b/app/routes/hello.py index 9f1ff02..0d982d9 100644 --- a/app/routes/hello.py +++ b/app/routes/hello.py @@ -1,2 +1,9 @@ +from resources.connections import JWT_SECRET + + def hello(): - return "NoHarm - GetName 1.1\n\nServiço de nomes habilitado! Volte para a NoHarm e use o sistema normalmente ;)\n\n" + version = "2.0" + if JWT_SECRET: + return f"NoHarm - GetName {version} (AUTH)\n\nServiço de nomes habilitado! Volte para a NoHarm e use o sistema normalmente ;)\n\n" + + return f"NoHarm - GetName {version}\n\nServiço de nomes habilitado! Volte para a NoHarm e use o sistema normalmente ;)\n\n" diff --git a/requirements.txt b/requirements.txt index 0e2b53f..7363e30 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,3 +16,4 @@ sqlalchemy-firebird packaging uwsgi Werkzeug==2.3.7 +PyJWT==2.9.0