Add support for CLI auth with Terra (#48)

* Add support for CLI auth with Terra * Improve error message for missing auth header
hcholab · Feb 15, 2024 · 9cb1997 · 9cb1997
1 parent 5aa5747
commit 9cb1997
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 15 deletions.
diff --git a/src/auth.py b/src/auth.py
@@ -96,18 +96,18 @@ async def _get_azure_b2c_user(auth_header: str):
     return decoded_token
 
 
-async def get_auth_key_user(
-    request: Request, authenticate_user: bool = True
-) -> dict:
-    auth_key = request.headers.get(AUTH_HEADER)
-    if not auth_key:
-        logger.error("no authorization key provided")
+async def get_cli_user(req: Request) -> dict:
+    auth_header = req.headers.get(AUTH_HEADER)
+    if not auth_header:
+        logger.error("no authorization token or key provided")
         return {}
+    elif constants.TERRA:
+        return _get_terra_user(auth_header)
 
     db: firestore.AsyncClient = current_app.config["DATABASE"]
     doc = (
         await db.collection("users").document("auth_keys").get()
-    ).to_dict().get(auth_key)
+    ).to_dict().get(auth_header)
 
     if not doc:
         logger.error("invalid authorization key")

diff --git a/src/cli.py b/src/cli.py
@@ -3,7 +3,7 @@
 
 from quart import Blueprint, current_app, request
 
-from src.auth import get_auth_key_user
+from src.auth import get_cli_user
 from src.utils import custom_logging
 from src.utils.api_functions import (process_parameter, process_status,
                                      process_task)
@@ -16,7 +16,7 @@
 
 @bp.route("/upload_file", methods=["POST"])
 async def upload_file() -> Tuple[dict, int]:
-    user = await get_auth_key_user(request)
+    user = await get_cli_user(request)
     if not user:
         return {"error": "unauthorized"}, 401
 
@@ -58,7 +58,7 @@ async def upload_file() -> Tuple[dict, int]:
 
 @bp.route("/get_doc_ref_dict", methods=["GET"])
 async def get_doc_ref_dict() -> Tuple[dict, int]:
-    user = await get_auth_key_user(request)
+    user = await get_cli_user(request)
     if not user:
         return {"error": "unauthorized"}, 401
 
@@ -71,7 +71,7 @@ async def get_doc_ref_dict() -> Tuple[dict, int]:
 
 @bp.route("/get_username", methods=["GET"])
 async def get_username() -> Tuple[dict, int]:
-    user = await get_auth_key_user(request)
+    user = await get_cli_user(request)
     if not user:
         return {"error": "unauthorized"}, 401
 
@@ -80,7 +80,7 @@ async def get_username() -> Tuple[dict, int]:
 
 @bp.route("/update_firestore", methods=["GET"])
 async def update_firestore() -> Tuple[dict, int]:
-    user = await get_auth_key_user(request)
+    user = await get_cli_user(request)
     if not user:
         return {"error": "unauthorized"}, 401
 
@@ -117,7 +117,7 @@ async def update_firestore() -> Tuple[dict, int]:
 
 @bp.route("/create_cp0", methods=["GET"])
 async def create_cp0() -> Tuple[dict, int]:
-    user = await get_auth_key_user(request)
+    user = await get_cli_user(request)
     if not user:
         return {"error": "unauthorized"}, 401
 

diff --git a/src/signaling.py b/src/signaling.py
@@ -7,7 +7,7 @@
 from quart_cors import websocket_cors
 
 from src.api_utils import get_websocket_origin
-from src.auth import get_user_id, get_auth_key_user
+from src.auth import get_user_id, get_cli_user
 from src.utils import constants
 
 bp = Blueprint("signaling", __name__, url_prefix="/api")
@@ -130,7 +130,7 @@ async def _get_user_id(ws: Websocket):
     if constants.TERRA:
         return await get_user_id(ws)
     else:
-        user = await get_auth_key_user(ws)
+        user = await get_cli_user(ws)
         if user:
             return user["username"]
         else: