Skip to content
Snippets Groups Projects
Commit 93fcccb1 authored by Julian's avatar Julian
Browse files

Simple oauth proxy

parents
Branches
No related tags found
No related merge requests found
app.py 0 → 100644
from functools import wraps
import secrets, json
import urllib.parse
from flask import Flask, session, request, redirect, abort, render_template, url_for, flash, Response
import requests
app = Flask(__name__)
app.secret_key = b'my secret'
app.config['SESSION_COOKIE_NAME'] = 'oauth-session'
app.config['OAUTH2_AUTH_URL'] = 'http://localhost:5001/oauth2/authorize'
app.config['OAUTH2_TOKEN_URL'] = 'http://localhost:5001/oauth2/token'
app.config['OAUTH2_USERINFO_URL'] = 'http://localhost:5001/oauth2/userinfo'
@app.route("/auth")
def auth():
if not session.get('user'):
abort(401)
resp = Response('Ok', 200)
resp.headers['REMOTE_USER'] = session['user']
return resp
@app.route("/login")
def login():
client_id = request.headers['X-CLIENT-ID']
scope = request.headers['X-SCOPE']
redirect_uri = request.headers['X-REDIRECT-URI']
session['oauth-state'] = secrets.token_urlsafe()
session['oauth-ref'] = request.values.get('url', '/')
return redirect(app.config['OAUTH2_AUTH_URL']+'?'+urllib.parse.urlencode({'response_type': 'code', 'client_id': client_id, 'scope': scope, 'state': session['oauth-state'], 'redirect_uri': redirect_uri}))
@app.route("/callback")
def callback():
client_id = request.headers['X-CLIENT-ID']
client_secret = request.headers['X-CLIENT-SECRET']
redirect_uri = request.headers['X-REDIRECT-URI']
code = request.values['code']
if session.pop('oauth-state') != request.values['state']:
abort(500)
r = requests.request('POST', app.config['OAUTH2_TOKEN_URL'], data={'grant_type': 'authorization_code', 'code': code, 'redirect_uri': redirect_uri, 'client_id': client_id, 'client_secret': client_secret})
if r.status_code != 200:
abort(403)
data = r.json()
r = requests.request('GET', app.config['OAUTH2_USERINFO_URL'], headers={'Authorization': 'Bearer %s'%data['access_token']})
if r.status_code != 200:
abort(403)
session['user'] = r.json()['email']
return redirect(session.pop('oauth-ref'))
@app.route("/logout")
def logout():
session.clear()
return 'Ok', 200
if __name__ == '__main__':
app.run(port=5002)
1. Setup uffd to run on `http://localhost:5001` and add the following line to the `OAUTH2_CLIENTS` config variable:
```'test': {'client_secret': 'testsecret', 'redirect_uris': ['http://localhost:5004/oauthproxy/callback']},```
2. Start the oauthproxy app on `http://localhost:5002`: `python3 ../app.py`
3. Start the test app on `http://localhost:5003`: `python3 testapp.py`
4. Start nginx: `nginx -c nginx.conf -p .`
5. Open `http://localhost:5004/test`
pid nginx.pid;
error_log nginx.err.log;
events {
worker_connections 768;
}
http {
access_log nginx.log;
client_body_in_file_only off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server {
#listen 50004;
#listen [::]:5004;
listen localhost:5004;
location / {
proxy_pass http://localhost:5003;
}
location /test {
auth_request /oauthproxy/auth;
auth_request_set $auth_header $upstream_http_REMOTE_USER;
proxy_set_header REMOTE_USER $auth_header;
proxy_pass http://localhost:5003;
}
location /oauthproxy/ {
proxy_set_header X-REDIRECT-URI "http://localhost:5004/oauthproxy/callback";
proxy_set_header X-CLIENT-ID "test";
proxy_set_header X-CLIENT-SECRET "testsecret";
proxy_set_header X-SCOPE "userinfo";
proxy_pass http://localhost:5002/;
}
error_page 401 = @error401;
location @error401 {
return 302 /oauthproxy/login?url=http://$http_host$request_uri;
}
}
}
from flask import Flask, session, request, redirect, abort, render_template, url_for, flash
app = Flask(__name__)
@app.route("/")
def index():
print(request.headers)
return 'Ok'
@app.route("/test")
def login():
print(request.headers)
username = request.headers['REMOTE_USER']
return 'logged in as "%s"'%username
if __name__ == "__main__":
app.run(debug=True, port=5003)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment