minos-framework
diff --git a/‎HISTORY.md‎
Lines changed: 5 additions & 0 deletions b/‎HISTORY.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎minos/api_gateway/rest/__init__.py‎
Lines changed: 10 additions & 8 deletions b/‎minos/api_gateway/rest/__init__.py‎
Lines changed: 10 additions & 8 deletions
diff --git a/‎minos/api_gateway/rest/__main__.py‎
Lines changed: 0 additions & 7 deletions b/‎minos/api_gateway/rest/__main__.py‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎minos/api_gateway/rest/cli.py‎
Lines changed: 6 additions & 15 deletions b/‎minos/api_gateway/rest/cli.py‎
Lines changed: 6 additions & 15 deletions
diff --git a/‎minos/api_gateway/rest/config.py‎
Lines changed: 136 additions & 0 deletions b/‎minos/api_gateway/rest/config.py‎
Lines changed: 136 additions & 0 deletions
diff --git a/‎minos/api_gateway/rest/exceptions.py‎
Lines changed: 14 additions & 0 deletions b/‎minos/api_gateway/rest/exceptions.py‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎minos/api_gateway/rest/handler.py‎
Lines changed: 71 additions & 9 deletions b/‎minos/api_gateway/rest/handler.py‎
Lines changed: 71 additions & 9 deletions
@@ -17,3 +17,8 @@
 
 ## 0.0.4 (2021-08-25)
 * Add support to `CORS`.
+
+## 0.1.0 (2021-11-03)
+
+* Add support for external Authentication systems based on tokens.
+* Remove `minos-apigateway-common` dependency.
@@ -67,7 +67,7 @@ coverage: ## check code coverage quickly with the default Python
 
 reformat: ## check code coverage quickly with the default Python
 	poetry run black --line-length 120 minos tests
-	poetry run isort --recursive minos tests
+	poetry run isort minos tests
 
 docs: ## generate Sphinx HTML documentation, including API docs
 	rm -rf docs/api
 
@@ -1,12 +1,14 @@
-"""
-Copyright (C) 2021 Clariteia SL
-
-This file is part of minos framework.
-
-Minos framework can not be copied and/or distributed without the express permission of Clariteia SL.
-"""
-__version__ = "0.0.4"
+__version__ = "0.1.0"
 
+from .config import (
+    ApiGatewayConfig,
+)
+from .exceptions import (
+    ApiGatewayConfigException,
+    ApiGatewayException,
+    InvalidAuthenticationException,
+    NoTokenException,
+)
 from .launchers import (
     EntrypointLauncher,
 )
 
@@ -1,10 +1,3 @@
-"""
-Copyright (C) 2021 Clariteia SL
-
-This file is part of minos framework.
-
-Minos framework can not be copied and/or distributed without the express permission of Clariteia SL.
-"""
 from .cli import (
     main,
 )
 
@@ -1,10 +1,3 @@
-"""
-Copyright (C) 2021 Clariteia SL
-
-This file is part of minos framework.
-
-Minos framework can not be copied and/or distributed without the express permission of Clariteia SL.
-"""
 from pathlib import (
     Path,
 )
@@ -14,13 +7,13 @@
 
 import typer
 
-from minos.api_gateway.common import (
-    MinosConfig,
+from .config import (
+    ApiGatewayConfig,
 )
-from minos.api_gateway.rest.launchers import (
+from .launchers import (
     EntrypointLauncher,
 )
-from minos.api_gateway.rest.service import (
+from .service import (
     ApiGatewayRestService,
 )
 
@@ -36,14 +29,12 @@ def start(
     """Start Api Gateway services."""
 
     try:
-        config = MinosConfig(file_path)
+        config = ApiGatewayConfig(file_path)
     except Exception as exc:
         typer.echo(f"Error loading config: {exc!r}")
         raise typer.Exit(code=1)
 
-    services = (
-        ApiGatewayRestService(address=config.rest.connection.host, port=config.rest.connection.port, config=config),
-    )
+    services = (ApiGatewayRestService(address=config.rest.host, port=config.rest.port, config=config),)
     try:
         EntrypointLauncher(config=config, services=services).launch()
     except Exception as exc:
 
@@ -0,0 +1,136 @@
+from __future__ import (
+    annotations,
+)
+
+import abc
+import collections
+import os
+import typing as t
+from distutils import (
+    util,
+)
+from pathlib import (
+    Path,
+)
+
+import yaml
+
+from .exceptions import (
+    ApiGatewayConfigException,
+)
+
+REST = collections.namedtuple("Rest", "host port cors auth")
+DISCOVERY = collections.namedtuple("Discovery", "host port")
+CORS = collections.namedtuple("Cors", "enabled")
+AUTH = collections.namedtuple("Auth", "enabled host port method path")
+
+_ENVIRONMENT_MAPPER = {
+    "rest.host": "API_GATEWAY_REST_HOST",
+    "rest.port": "API_GATEWAY_REST_PORT",
+    "rest.cors.enabled": "API_GATEWAY_REST_CORS_ENABLED",
+    "rest.auth.enabled": "API_GATEWAY_REST_AUTH_ENABLED",
+    "rest.auth.host": "API_GATEWAY_REST_AUTH_HOST",
+    "rest.auth.port": "API_GATEWAY_REST_AUTH_PORT",
+    "rest.auth.method": "API_GATEWAY_REST_AUTH_METHOD",
+    "rest.auth.path": "API_GATEWAY_REST_AUTH_PATH",
+    "discovery.host": "API_GATEWAY_DISCOVERY_HOST",
+    "discovery.port": "API_GATEWAY_DISCOVERY_PORT",
+}
+
+_PARAMETERIZED_MAPPER = {
+    "rest.host": "api_gateway_rest_host",
+    "rest.port": "api_gateway_rest_port",
+    "rest.cors.enabled": "api_gateway_rest_cors_enabled",
+    "rest.auth.enabled": "api_gateway_rest_auth_enabled",
+    "rest.auth.host": "api_gateway_rest_auth_host",
+    "rest.auth.port": "api_gateway_rest_auth_port",
+    "rest.auth.method": "api_gateway_rest_auth_method",
+    "rest.auth.path": "api_gateway_rest_auth_path",
+    "discovery.host": "api_gateway_discovery_host",
+    "discovery.port": "api_gateway_discovery_port",
+}
+
+
+class ApiGatewayConfig(abc.ABC):
+    """Api Gateway config class."""
+
+    __slots__ = ("_services", "_path", "_data", "_with_environment", "_parameterized")
+
+    def __init__(self, path: t.Union[Path, str], with_environment: bool = True, **kwargs):
+        if isinstance(path, Path):
+            path = str(path)
+        self._services = {}
+        self._path = path
+        self._load(path)
+        self._with_environment = with_environment
+        self._parameterized = kwargs
+
+    @staticmethod
+    def _file_exit(path: str) -> bool:
+        if os.path.isfile(path):
+            return True
+        return False
+
+    def _load(self, path):
+        if self._file_exit(path):
+            with open(path) as f:
+                self._data = yaml.load(f, Loader=yaml.FullLoader)
+        else:
+            raise ApiGatewayConfigException(f"Check if this path: {path} is correct")
+
+    def _get(self, key: str, **kwargs: t.Any) -> t.Any:
+        if key in _PARAMETERIZED_MAPPER and _PARAMETERIZED_MAPPER[key] in self._parameterized:
+            return self._parameterized[_PARAMETERIZED_MAPPER[key]]
+
+        if self._with_environment and key in _ENVIRONMENT_MAPPER and _ENVIRONMENT_MAPPER[key] in os.environ:
+            if os.environ[_ENVIRONMENT_MAPPER[key]] in ["true", "True", "false", "False"]:
+                return bool(util.strtobool(os.environ[_ENVIRONMENT_MAPPER[key]]))
+            return os.environ[_ENVIRONMENT_MAPPER[key]]
+
+        def _fn(k: str, data: dict[str, t.Any]) -> t.Any:
+            current, _, following = k.partition(".")
+
+            part = data[current]
+            if not following:
+                return part
+
+            return _fn(following, part)
+
+        return _fn(key, self._data)
+
+    @property
+    def rest(self) -> REST:
+        """Get the rest config.
+
+        :return: A ``REST`` NamedTuple instance.
+        """
+        return REST(host=self._get("rest.host"), port=int(self._get("rest.port")), cors=self._cors, auth=self._auth)
+
+    @property
+    def _cors(self) -> CORS:
+        """Get the cors config.
+
+        :return: A ``CORS`` NamedTuple instance.
+        """
+        return CORS(enabled=self._get("rest.cors.enabled"))
+
+    @property
+    def _auth(self) -> t.Optional[AUTH]:
+        try:
+            return AUTH(
+                enabled=self._get("rest.auth.enabled"),
+                host=self._get("rest.auth.host"),
+                port=int(self._get("rest.auth.port")),
+                method=self._get("rest.auth.method"),
+                path=self._get("rest.auth.path"),
+            )
+        except KeyError:
+            return None
+
+    @property
+    def discovery(self) -> DISCOVERY:
+        """Get the rest config.
+
+        :return: A ``REST`` NamedTuple instance.
+        """
+        return DISCOVERY(host=self._get("discovery.host"), port=int(self._get("discovery.port")))
@@ -0,0 +1,14 @@
+class ApiGatewayException(Exception):
+    """Base Api Gateway Exception."""
+
+
+class InvalidAuthenticationException(ApiGatewayException):
+    """Exception to be raised when authentication is not valid."""
+
+
+class NoTokenException(ApiGatewayException):
+    """Exception to be raised when token is not available."""
+
+
+class ApiGatewayConfigException(ApiGatewayException):
+    """Base config exception."""
@@ -1,8 +1,7 @@
-"""minos.api_gateway.rest.handler module."""
-
 import logging
 from typing import (
     Any,
+    Optional,
 )
 
 from aiohttp import (
@@ -15,23 +14,52 @@
     URL,
 )
 
+from .exceptions import (
+    InvalidAuthenticationException,
+    NoTokenException,
+)
+
 logger = logging.getLogger(__name__)
 
 
 async def orchestrate(request: web.Request) -> web.Response:
     """ Orchestrate discovery and microservice call """
-    discovery_host = request.app["config"].discovery.connection.host
-    discovery_port = request.app["config"].discovery.connection.port
+    discovery_host = request.app["config"].discovery.host
+    discovery_port = request.app["config"].discovery.port
 
     verb = request.method
     url = f"/{request.match_info['endpoint']}"
 
     discovery_data = await discover(discovery_host, int(discovery_port), "/microservices", verb, url)
 
-    microservice_response = await call(**discovery_data, original_req=request)
+    user = await get_user(request)
+
+    microservice_response = await call(**discovery_data, original_req=request, user=user)
     return microservice_response
 
 
+async def get_user(request: web.Request) -> Optional[str]:
+    """Get The user identifier if it is available.
+
+    :param request: The external request.
+    :return: An string value containing the user identifier or ``None`` if no user information is available.
+    """
+    auth = request.app["config"].rest.auth
+    if auth is None or not auth.enabled:
+        return None
+
+    try:
+        await get_token(request)
+    except NoTokenException:
+        return None
+
+    try:
+        original_headers = dict(request.headers.copy())
+        return await authenticate(auth.host, auth.port, auth.method, auth.path, original_headers)
+    except InvalidAuthenticationException:
+        return None
+
+
 async def discover(host: str, port: int, path: str, verb: str, endpoint: str) -> dict[str, Any]:
     """Call discovery service and get microservice connection data.
 
@@ -59,26 +87,33 @@ async def discover(host: str, port: int, path: str, verb: str, endpoint: str) ->
 
 
 # noinspection PyUnusedLocal
-async def call(address: str, port: int, original_req: web.Request, **kwargs) -> web.Response:
+async def call(address: str, port: int, original_req: web.Request, user: Optional[str], **kwargs) -> web.Response:
     """Call microservice (redirect the original call)
 
     :param address: The ip of the microservices.
     :param port: The port of the microservice.
     :param original_req: The original request.
     :param kwargs: Additional named arguments.
+    :param user: User that makes the request
     :return: The web response to be retrieved to the client.
     """
 
-    headers = original_req.headers
+    headers = original_req.headers.copy()
+    if user is not None:
+        headers["User"] = user
+    else:  # Enforce that the 'User' entry is only generated by the auth system.
+        # noinspection PyTypeChecker
+        headers.pop("User", None)
+
     url = original_req.url.with_scheme("http").with_host(address).with_port(port)
     method = original_req.method
     content = await original_req.text()
 
     logger.info(f"Redirecting {method!r} request to {url!r}...")
 
     try:
-        async with ClientSession(headers=headers) as session:
-            async with session.request(method=method, url=url, data=content) as response:
+        async with ClientSession() as session:
+            async with session.request(headers=headers, method=method, url=url, data=content) as response:
                 return await _clone_response(response)
     except ClientConnectorError:
         raise web.HTTPServiceUnavailable(text="The requested endpoint is not available.")
@@ -89,3 +124,30 @@ async def _clone_response(response: ClientResponse) -> web.Response:
     return web.Response(
         body=await response.read(), status=response.status, reason=response.reason, headers=response.headers,
     )
+
+
+async def authenticate(host: str, port: str, method: str, path: str, authorization_headers: dict[str, str]) -> str:
+    authentication_url = URL(f"http://{host}:{port}{path}")
+    authentication_method = method
+    logger.info("Authenticating request...")
+
+    try:
+        async with ClientSession(headers=authorization_headers) as session:
+            async with session.request(method=authentication_method, url=authentication_url) as response:
+                if response.ok:
+                    jwt_payload = await response.json()
+                    return jwt_payload["sub"]
+                else:
+                    raise InvalidAuthenticationException
+    except (ClientConnectorError, web.HTTPError):
+        raise InvalidAuthenticationException
+
+
+async def get_token(request: web.Request) -> str:
+    headers = request.headers
+    if "Authorization" in headers and "Bearer" in headers["Authorization"]:
+        parts = headers["Authorization"].split()
+        if len(parts) == 2:
+            return parts[1]
+
+    raise NoTokenException