feat: implement app authentication | ops-2905

Author: mansab

.talismanrc

@@ -1,4 +1,6 @@
 fileignoreconfig:
+- filename: README.md
+  checksum: 2779a70f5ec6f2712c8f54a7dc7bee58311474a55390c4a87c60bc861c70ef34
 - filename: app.py
-  checksum: 31c4fd4cf73838c756706736591971ffd4ea63de9c40b5717b57e640076df13b
-version: "2.0"
+  checksum: 91c3d92e2dd0753d547083695b095a049a2709314bd906c968b7222074179693
+version: "3.0"

README.md

@@ -34,7 +34,11 @@ docker build -t github-cctray:latest .
 * Launch the Docker container
 
 ```bash
- docker run -p 8000:8000 -e GITHUB_TOKEN="<your_token>" github-cctray:latest
+ docker run -p 8000:8000 \
+            -e GITHUB_TOKEN="<your_token>" \
+            -e BASIC_AUTH_USERNAME="<your_username>" \
+            -e BASIC_AUTH_PASSWORD="<your_password>" \
+            github-cctray:latest
 ```
 
 # Usage
@@ -132,6 +136,8 @@ pip install -r requirements.txt
 
 ```bash
 export GITHUB_TOKEN=<token>
+export BASIC_AUTH_USERNAME=<user>
+export BASIC_AUTH_PASSWORD=<pass>
 python app.py
 ```
 

app.py

@@ -6,11 +6,16 @@
 import xml.etree.ElementTree as ET
 import requests
 from flask import Flask, request, make_response
+from flask_basicauth import BasicAuth
 
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
 app = Flask('github-cctray')
+app.config['BASIC_AUTH_USERNAME'] = os.environ.get("BASIC_AUTH_USERNAME")
+app.config['BASIC_AUTH_PASSWORD'] = os.environ.get("BASIC_AUTH_PASSWORD")
+
+basic_auth = BasicAuth(app)
 
 API_BASE_URL = "https://api.github.com"
 MAX_WORKERS = 10
@@ -88,12 +93,14 @@ def get_all_workflow_runs(owner, repo, token):
 
 
 @app.route('/')
+@basic_auth.required
 def index():
     """Endpoint for generating the CCTray XML.
 
     Returns:
         flask.Response: The XML response containing the project information.
     """
+
     owner = request.args.get("owner") or request.form.get('owner')
     repo = request.args.get("repo") or request.form.get('repo')
     token = os.environ.get("GITHUB_TOKEN")

requirements.txt

@@ -1,3 +1,4 @@
 requests
 flask
-waitress
+Flask-BasicAuth
+waitress

tests/test_app.py

@@ -10,11 +10,16 @@ class TestApp(unittest.TestCase):
     def setUp(self):
         """Set up the test environment."""
         app.testing = True
+        app.config['BASIC_AUTH_USERNAME'] = 'user'
+        app.config['BASIC_AUTH_PASSWORD'] = 'pass'
         self.client = app.test_client()
+        self.headers = {
+            'Authorization': 'Basic dXNlcjpwYXNz'
+        }
 
     def test_index_missing_parameters(self):
         """Test handling missing parameters in the index route."""
-        response = self.client.get('/')
+        response = self.client.get('/', headers=self.headers)
         self.assertEqual(response.status_code, 400)
         self.assertIn(b"Missing parameter(s)", response.data)
 
@@ -30,7 +35,7 @@ def test_index_successful_response(self, mock_get_all_workflow_runs):
                 "html_url": "https://github.com/owner/repo/actions/runs/1234"
             }
         ]
-        response = self.client.get('/?owner=owner&repo=repo')
+        response = self.client.get('/?owner=owner&repo=repo', headers=self.headers)
         self.assertEqual(response.status_code, 200)
         self.assertIn(b'<Project', response.data)
         self.assertIn(b'name="repo/CI"', response.data)
@@ -50,7 +55,7 @@ def test_index_unknown_build_status(self, mock_get_all_workflow_runs):
                 "html_url": "https://github.com/owner/repo/actions/runs/1234"
             }
         ]
-        response = self.client.get('/?owner=owner&repo=repo')
+        response = self.client.get('/?owner=owner&repo=repo', headers=self.headers)
         self.assertEqual(response.status_code, 200)
         self.assertIn(b'<Project', response.data)
         self.assertIn(b'lastBuildStatus="Unknown"', response.data)
@@ -59,7 +64,7 @@ def test_index_unknown_build_status(self, mock_get_all_workflow_runs):
     def test_index_failed_response(self, mock_get_all_workflow_runs):
         """Test failed response in the index route."""
         mock_get_all_workflow_runs.return_value = []
-        response = self.client.get('/?owner=owner&repo=repo')
+        response = self.client.get('/?owner=owner&repo=repo', headers=self.headers)
         self.assertEqual(response.status_code, 200)
         self.assertIn(b'<Projects />', response.data)