Add sample app that uses fastapi_sso

Author: ArtyomVancyan

examples/airnominal/.env

@@ -0,0 +1,20 @@
+AIRNOMINAL_GITHUB_CLIENT_ID=eccd08d6736b7999a32a
+AIRNOMINAL_GITHUB_CLIENT_SECRET=642999c1c5f2b3df8b877afdc78252ef5b594d31
+AIRNOMINAL_GITHUB_REDIRECT_URL=http://127.0.0.1:8000/auth/callback
+AIRNMONIAL_MAIN_PAGE_REDIRECT_URL=http://127.0.0.1:8000/auth/status
+
+AIRNOMINAL_JWT_SECRET_KEY=test
+AIRNOMINAL_JWT_ALGORITHM=HS256
+AIRNOMINAL_JWT_TOKEN_EXPIRES=300
+
+AIRNOMINAL_INFLUX_BUCKET=
+AIRNOMINAL_INFLUX_ORG=
+AIRNOMINAL_INFLUX_TOKEN=
+AIRNOMINAL_INFLUX_URL=
+
+AIRNOMINAL_MONGO_URL=mongodb://127.0.0.1:27017
+AIRNOMINAL_MONGO_PORT=27017
+AIRNOMINAL_MONGO_USERNAME=
+AIRNOMINAL_MONGO_PASSWORD=
+
+AIRNOMINAL_ROOT_PATH=

examples/airnominal/auth.py

@@ -0,0 +1,187 @@
+import os
+from datetime import datetime, timedelta
+from typing import Optional
+
+from fastapi import APIRouter
+from fastapi import Depends, HTTPException
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
+from fastapi.responses import RedirectResponse
+from fastapi.security import HTTPBearer
+from fastapi.security import OAuth2
+from fastapi.security.base import SecurityBase
+from fastapi.security.utils import get_authorization_scheme_param
+from fastapi_sso.sso.github import GithubSSO
+from jose import jwt
+from pydantic import BaseModel
+from starlette.requests import Request
+from starlette.status import HTTP_403_FORBIDDEN
+
+from config import CLIENT_ID, CLIENT_SECRET, redirect_url, SECRET_KEY, ALGORITHM, ACCESS_TOKEN_EXPIRE_MINUTES, \
+    redirect_url_main_page
+
+router = APIRouter()
+
+# config for github SSO
+os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
+
+sso = GithubSSO(
+    client_id=CLIENT_ID,
+    client_secret=CLIENT_SECRET,
+    redirect_uri=redirect_url,
+    allow_insecure_http=True,
+)
+
+security = HTTPBearer()
+
+
+def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
+    to_encode = data.copy()
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(minutes=15)
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+
+class Token(BaseModel):
+    access_token: str
+    token_type: str
+
+
+class TokenData(BaseModel):
+    username: str = None
+
+
+class User(BaseModel):
+    username: str
+    email: str = None
+    full_name: str = None
+    disabled: bool = None
+
+
+class UserInDB(User):
+    hashed_password: str
+
+
+class OAuth2PasswordBearerCookie(OAuth2):
+    def __init__(
+            self,
+            tokenUrl: str,
+            scheme_name: str = None,
+            scopes: dict = None,
+            auto_error: bool = True,
+    ):
+        if not scopes:
+            scopes = {}
+        flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
+        super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
+
+    async def __call__(self, request: Request) -> Optional[str]:
+        header_authorization: str = request.headers.get("Authorization")
+        cookie_authorization: str = request.cookies.get("Authorization")
+
+        header_scheme, header_param = get_authorization_scheme_param(
+            header_authorization
+        )
+        cookie_scheme, cookie_param = get_authorization_scheme_param(
+            cookie_authorization
+        )
+
+        if header_scheme.lower() == "bearer":
+            authorization = True
+            scheme = header_scheme
+            param = header_param
+
+        elif cookie_scheme.lower() == "bearer":
+            authorization = True
+            scheme = cookie_scheme
+            param = cookie_param
+
+        else:
+            authorization = False
+
+        if not authorization or scheme.lower() != "bearer":
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
+                )
+            else:
+                return None
+        return param
+
+
+class BasicAuth(SecurityBase):
+    def __init__(self, scheme_name: str = None, auto_error: bool = True):
+        self.scheme_name = scheme_name or self.__class__.__name__
+        self.auto_error = auto_error
+
+    async def __call__(self, request: Request) -> Optional[str]:
+        authorization: str = request.headers.get("Authorization")
+        scheme, param = get_authorization_scheme_param(authorization)
+        if not authorization or scheme.lower() != "basic":
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
+                )
+            else:
+                return None
+        return param
+
+
+basic_auth = BasicAuth(auto_error=False)
+
+oauth2_scheme = OAuth2PasswordBearerCookie(tokenUrl="/token")
+
+
+async def get_current_user(token: str = Depends(oauth2_scheme)):
+    credentials_exception = HTTPException(
+        status_code=HTTP_403_FORBIDDEN, detail="Could not validate credentials"
+    )
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        return payload
+    except PyJWTError:
+        raise credentials_exception
+
+
+@router.get("/auth/login")
+async def auth_init():
+    """Initialize auth and redirect"""
+    return await sso.get_login_redirect()
+
+
+@router.get("/auth/callback")
+async def auth_callback(request: Request):
+    """Verify login"""
+    user = await sso.verify_and_process(request)
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = create_access_token(
+        data=dict(user), expires_delta=access_token_expires
+    )
+    print(dict(user))
+    response = RedirectResponse(redirect_url_main_page)
+    response.set_cookie(
+        "Authorization",
+        value=f"Bearer {access_token}",
+        httponly=True,
+        max_age=1800,
+        expires=1800,
+    )
+    return response
+
+
+@router.get("/auth/logout")
+async def auth_logout():
+    response = RedirectResponse(redirect_url_main_page)
+    response.delete_cookie("Authorization")
+    return response
+
+
+@router.get("/auth/status")
+async def auth_status(user=Depends(get_current_user)):
+    return {
+        "ok": True,
+        "user": user,
+    }

examples/airnominal/config.py

@@ -0,0 +1,28 @@
+import os
+
+from dotenv import load_dotenv
+
+load_dotenv()
+
+# config for github SSO
+CLIENT_ID = os.getenv("AIRNOMINAL_GITHUB_CLIENT_ID")
+CLIENT_SECRET = os.getenv("AIRNOMINAL_GITHUB_CLIENT_SECRET")
+redirect_url = os.getenv("AIRNOMINAL_GITHUB_REDIRECT_URL")
+redirect_url_main_page = os.getenv("AIRNMONIAL_MAIN_PAGE_REDIRECT_URL")
+
+# config for jwt generation
+SECRET_KEY = os.getenv("AIRNOMINAL_JWT_SECRET_KEY")
+ALGORITHM = os.getenv("AIRNOMINAL_JWT_ALGORITHM")
+ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv("AIRNOMINAL_JWT_TOKEN_EXPIRES"))
+
+bucket = os.getenv("AIRNOMINAL_INFLUX_BUCKET")
+org = os.getenv("AIRNOMINAL_INFLUX_ORG")
+token = os.getenv("AIRNOMINAL_INFLUX_TOKEN")
+influx_url = os.getenv("AIRNOMINAL_INFLUX_URL")
+
+mongo_url = os.getenv("AIRNOMINAL_MONGO_URL")
+port = int(os.getenv("AIRNOMINAL_MONGO_PORT") or "0")
+username = os.getenv("AIRNOMINAL_MONGO_USERNAME")
+password = os.getenv("AIRNOMINAL_MONGO_PASSWORD")
+
+api_root_path = os.getenv("AIRNOMINAL_ROOT_PATH") or ""

examples/airnominal/data_endpoint.py

@@ -0,0 +1,139 @@
+import datetime
+
+from fastapi import APIRouter
+
+from mongo import stations, tokens
+
+router = APIRouter()
+from pydantic import BaseModel
+from influx import writeJsonToInflux
+
+"""
+f4174be6-5b5d-4094-8d38-644563608507_505524_0000000063FE3F23_DDF_3.1567_4DD_66567_LAT25.4_LON13.4END
+UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU_PPPPPP_TTTTTTTTTTTTTTTT_LAT_NNNN_LON_NNNN_XXX_NNNNNN_XXX_NNNNNEND
+
+U - station uuid
+P - password
+X - 3 leter sensor code
+N - sensor value
+f - end of number
+LAT - latitude
+LON - longitude
+END - stop of message, possible start of new message
+T - unix time stamp in base 16
+
+"""
+
+
+def dataParser(raw: str):
+    parsed = []
+    print(raw)
+    for dt in [x for x in raw.split("END") if len(x) > 0]:
+        data = dt.split("_")
+        print(data)
+        uu = data[0]
+        pas = data[1]
+        if "T" in data[2]:
+            time = datetime.datetime.utcnow().isoformat()
+        else:
+            time = datetime.datetime.utcfromtimestamp(int(data[2], base=16)).isoformat()
+        lat = float(data[4])
+        lon = float(data[6])
+        sensor_data = []
+        for i in range(7, len(data), 2):
+            sen = data[i]
+            dat = float(data[i + 1])
+            sensor_data.append({
+                "short_id": sen,
+                "data": dat
+            })
+        parsed.append({
+            "station_id": uu,
+            "token": pas,
+            "time": time,
+            "lat": lat,
+            "lon": lon,
+            "data": sensor_data
+        })
+    print(parsed)
+    return parsed
+
+
+"""
+p = influxdb_client.Point("data").from_dict(
+        
+            {
+                "measurement": "data",
+                "tags": {
+                    "owner_id": "1235989238",
+                    "owner_name": "Alenka Mozer",
+                    "station_id": "3894838983",
+                    "station_name": "test station",
+                    "sensor_id": "878754375",
+                    "sensor_name": "CO2-01",
+                    "display_quantity": "CO2 (ppm)",
+                    "quantity": "CO2",
+                    "unit": "ppm"
+                },
+                "time": random_date_time(),
+                "fields": {
+                    "lat": random.uniform(-180, 180),
+                    "lon": random.uniform(-90, 90),
+                    "value": random.uniform(0, 30)
+                }
+            }
+        
+    )
+"""
+
+
+def influxDataTransformer(parsed_object):
+    query = {"station_id": parsed_object["station_id"]}
+    station = stations.find_one(query)
+    token = tokens.find_one(query)
+    if parsed_object["token"] != token["token"]:
+        return False
+    for point in parsed_object["data"]:
+        sensor = [sen for sen in station["sensors"] if sen["short_id"] == point["short_id"]][0]
+        writeJsonToInflux({
+            "measurement": "data",
+            "tags": {
+                "owner_id": station["owner_id"],
+                "owner_name": station["owner_name"],
+                "station_id": parsed_object["station_id"],
+                "station_name": station["station_name"],
+                "sensor_id": sensor["sensor_id"],
+                "sensor_name": sensor["sensor_name"],
+                "display_quantity": sensor["quantity"] + " (" + sensor["unit"] + ")",
+                "quantity": sensor["quantity"],
+                "unit": sensor["unit"]
+            },
+            "time": parsed_object["time"],
+            "fields": {
+                "lat": parsed_object["lat"],
+                "lon": parsed_object["lon"],
+                "value": point["data"]
+            }
+        })
+    time = datetime.datetime.fromisoformat(parsed_object["time"] + "+00:00")
+    update = {"$set": {"lat": parsed_object["lat"], "lon": parsed_object["lon"], "updated": time}}
+    stations.update_one(query, update)
+
+
+class DataPost(BaseModel):
+    data: str
+
+
+@router.post("/data")
+async def ingest_data(item: DataPost):
+    for point in dataParser(item.data):
+        influxDataTransformer(point)
+    return True
+
+
+@router.post("/data_url")
+async def ingest_data(item: str = ""):
+    if item != "":
+        for point in dataParser(item):
+            influxDataTransformer(point)
+    return True

examples/airnominal/influx.py

@@ -0,0 +1,20 @@
+import influxdb_client
+from influxdb_client.client.write_api import SYNCHRONOUS
+
+from config import bucket, org, token
+from config import influx_url as url
+
+client = influxdb_client.InfluxDBClient(
+    url=url,
+    token=token,
+    org=org
+)
+
+# Write script
+write_api = client.write_api(write_options=SYNCHRONOUS)
+
+
+def writeJsonToInflux(dict):
+    print(dict)
+    p = influxdb_client.Point("data").from_dict(dict)
+    write_api.write(bucket=bucket, org=org, record=p)