2023-03-27 09:30:50 +02:00
3 changed files with 17 additions and 10 deletions
--- a/kdb-bot/src/bot_api/app_api_extension.py
+++ b/kdb-bot/src/bot_api/app_api_extension.py
@ -2,12 +2,9 @@ from cpl_core.application import ApplicationExtensionABC
 from cpl_core.configuration import ConfigurationABC
 from cpl_core.dependency_injection import ServiceProviderABC

-from bot_api.abc.auth_service_abc import AuthServiceABC
-from bot_api.configuration.authentication_settings import AuthenticationSettings
 from bot_api.route.route import Route
 from bot_core.configuration.feature_flags_enum import FeatureFlagsEnum
 from bot_core.configuration.feature_flags_settings import FeatureFlagsSettings
-from bot_data.abc.auth_user_repository_abc import AuthUserRepositoryABC


 class AppApiExtension(ApplicationExtensionABC):
@ -19,7 +16,4 @@ class AppApiExtension(ApplicationExtensionABC):
        if not feature_flags.get_flag(FeatureFlagsEnum.api_module):
            return

-        auth_settings: AuthenticationSettings = config.get_configuration(AuthenticationSettings)
-        auth_users: AuthUserRepositoryABC = services.get_service(AuthUserRepositoryABC)
-        auth: AuthServiceABC = services.get_service(AuthServiceABC)
-        Route.init_authorize(auth_users, auth)
+        Route.init_authorize()
--- a/kdb-bot/src/bot_api/controller/grahpql_controller.py
+++ b/kdb-bot/src/bot_api/controller/grahpql_controller.py
@ -25,10 +25,15 @@ class GraphQLController:
        self._schema = schema

    @Route.get(f"{BasePath}/playground")
+    @Route.authorize(skip_in_dev=True)
    async def playground(self):
+        if self._env.environment_name != "development":
+            return "", 403
+
        return PLAYGROUND_HTML, 200

    @Route.post(f"{BasePath}")
+    @Route.authorize
    async def graphql(self):
        data = request.get_json()

--- a/kdb-bot/src/bot_api/route/route.py
+++ b/kdb-bot/src/bot_api/route/route.py
@ -2,6 +2,8 @@ import functools
 from functools import wraps
 from typing import Optional, Callable

+from cpl_core.dependency_injection import ServiceProviderABC
+from cpl_core.environment import ApplicationEnvironmentABC
 from flask import request, jsonify
 from flask_cors import cross_origin

@ -18,19 +20,25 @@ class Route:

    _auth_users: Optional[AuthUserRepositoryABC] = None
    _auth: Optional[AuthServiceABC] = None
+    _env = "production"

    @classmethod
-    def init_authorize(cls, auth_users: AuthUserRepositoryABC, auth: AuthServiceABC):
+    @ServiceProviderABC.inject
+    def init_authorize(cls, env: ApplicationEnvironmentABC, auth_users: AuthUserRepositoryABC, auth: AuthServiceABC):
        cls._auth_users = auth_users
        cls._auth = auth
+        cls._env = env.environment_name

    @classmethod
-    def authorize(cls, f: Callable = None, role: AuthRoleEnum = None):
+    def authorize(cls, f: Callable = None, role: AuthRoleEnum = None, skip_in_dev=False):
        if f is None:
-            return functools.partial(cls.authorize, role=role)
+            return functools.partial(cls.authorize, role=role, skip_in_dev=skip_in_dev)

        @wraps(f)
        async def decorator(*args, **kwargs):
+            if skip_in_dev and cls._env == "development":
+                return await f(*args, **kwargs)
+
            token = None
            if "Authorization" in request.headers:
                bearer = request.headers.get("Authorization")