- Modernized authentication with the introduction of TenantProject

- Created a base mail template - Adapt and improve document API to usage of catalogs and processors - Adapt eveai_sync to new authentication mechanism and usage of catalogs and processors
2024-11-21 17:24:33 +01:00
parent 4c009949b3
commit 7702a6dfcc
72 changed files with 2338 additions and 503 deletions
--- a/eveai_api/api/auth.py
+++ b/eveai_api/api/auth.py
@@ -2,7 +2,7 @@ from datetime import timedelta

 from flask_restx import Namespace, Resource, fields
 from flask_jwt_extended import create_access_token
-from common.models.user import Tenant
+from common.models.user import Tenant, TenantProject
 from common.extensions import simple_encryption
 from flask import current_app, request

@@ -30,8 +30,9 @@ class Token(Resource):
        """
        Get JWT token
        """
+        current_app.logger.debug(f'Token Requested {auth_ns.payload}')
        try:
-            tenant_id = auth_ns.payload['tenant_id']
+            tenant_id = int(auth_ns.payload['tenant_id'])
            api_key = auth_ns.payload['api_key']
        except KeyError as e:
            current_app.logger.error(f"Missing required field: {e}")
@@ -41,18 +42,34 @@ class Token(Resource):

        if not tenant:
            current_app.logger.error(f"Tenant not found: {tenant_id}")
-            return {'message': "Tenant not found"}, 404
+            return {'message': f"Authentication invalid for tenant {tenant_id}"}, 404

-        try:
-            decrypted_api_key = simple_encryption.decrypt_api_key(tenant.encrypted_api_key)
-        except Exception as e:
-            current_app.logger.error(f"Error decrypting API key: {e}")
-            return {'message': "Internal server error"}, 500
+        projects = TenantProject.query.filter_by(
+            tenant_id=tenant_id,
+            active=True
+        ).all()

-        if api_key != decrypted_api_key:
-            current_app.logger.error(f"Invalid API key for tenant: {tenant_id}")
+        # Find project with matching API key
+        matching_project = None
+        for project in projects:
+            try:
+                decrypted_key = simple_encryption.decrypt_api_key(project.encrypted_api_key)
+                if decrypted_key == api_key:
+                    matching_project = project
+                    break
+            except Exception as e:
+                current_app.logger.error(f"Error decrypting API key for project {project.id}: {e}")
+                continue
+
+        if not matching_project:
+            current_app.logger.error(f"Project for given API key not found for Tenant: {tenant_id}")
            return {'message': "Invalid API key"}, 401

+        if "DOCAPI" not in matching_project.services:
+            current_app.logger.error(f"Service DOCAPI not authorized for Project {matching_project.name} "
+                                     f"for Tenant: {tenant_id}")
+            return {'message': f"Service DOCAPI not authorized for Project {matching_project.name}"}, 403
+
        # Get the JWT_ACCESS_TOKEN_EXPIRES setting from the app config
        expires_delta = current_app.config.get('JWT_ACCESS_TOKEN_EXPIRES', timedelta(minutes=15))