ISSUE #390

vladyslav-fenchak · vladyslav-fenchak · commit de05f5c44ac3 · 2022-04-19T09:56:38.000+02:00
diff --git a/packages/plugins/minos-discovery-kong/minos/plugins/kong/client.py b/packages/plugins/minos-discovery-kong/minos/plugins/kong/client.py
@@ -1,15 +1,37 @@
+from __future__ import (
+    annotations,
+)
+from abc import ABC
 from uuid import (
     UUID,
 )
 
 import httpx as httpx
+from datetime import datetime
+from datetime import timedelta
+
+import jwt
+from minos.common import (
+    SetupMixin,
+    Config,
+)
+from pytz import utc
 
 
-class KongClient:
+class KongClient: #(ABC, SetupMixin):
     """Kong Client class."""
 
-    def __init__(self, route):
-        self.route = route
+    def __init__(self, route: str, **kwargs): #def __init__(self, host: str, port: str, token_expiration_minutes: int, **kwargs):
+        super().__init__(**kwargs)
+        self.route = route #f"http://{host}:{port}"
+        #self.token_expiration_minutes = token_expiration_minutes
+
+    # @classmethod
+    # def _from_config(cls, config: Config, **kwargs) -> KongClient:
+    #     discovery_config = config.get_discovery()
+    #
+    #     token_expiration = discovery_config.get("token-exp-minutes")
+    #     return cls(token_expiration=token_expiration, **kwargs)
 
     @staticmethod
     async def register_service(
@@ -130,8 +152,23 @@ async def activate_basic_auth_plugin_on_route(self, route_id: str):
             return resp
 
     async def activate_jwt_plugin_on_route(self, route_id: str):
-        payload = {"name": "jwt", "config": {"secret_is_base64": False, "run_on_preflight": True}}
+        payload = {"name": "jwt",
+                   "config": {"secret_is_base64": False, "run_on_preflight": True, "claims_to_verify": ["exp", "nbf"]}}
 
         async with httpx.AsyncClient() as client:
             resp = await client.post(f"{self.route}/routes/{route_id}/plugins", json=payload)
             return resp
+
+    async def get_jwt_token(self, key: str, secret: str, algorithm: str = 'HS256', exp: datetime = None, nbf: datetime = None) -> str:
+        payload = {"iss": key, "exp": exp, "nbf": nbf}
+
+        current = datetime.now(tz=utc)
+
+        if not exp:
+            #payload["exp"] = current + timedelta(minutes=self.token_expiration_minutes)
+            payload["exp"] = current + timedelta(minutes=120)
+
+        if not nbf:
+            payload["nbf"] = current
+
+        return jwt.encode(payload, secret, algorithm=algorithm)
diff --git a/packages/plugins/minos-discovery-kong/poetry.lock b/packages/plugins/minos-discovery-kong/poetry.lock
diff --git a/packages/plugins/minos-discovery-kong/pyproject.toml b/packages/plugins/minos-discovery-kong/pyproject.toml
@@ -35,6 +35,8 @@ python = "^3.9"
 minos-microservice-common = { version ="^0.7.0*", allow-prereleases = true }
 minos-microservice-networks = { version ="^0.7.0*", allow-prereleases = true }
 httpx = "^0.22.0"
+pytz = "^2022.1"
+PyJWT = "^2.3.0"
 
 [tool.poetry.dev-dependencies]
 minos-microservice-common = { path = "../../core/minos-microservice-common", develop = true }
diff --git a/packages/plugins/minos-discovery-kong/tests/test_config.yml b/packages/plugins/minos-discovery-kong/tests/test_config.yml
@@ -2,5 +2,6 @@ discovery:
     connector: minos.networks.DiscoveryConnector
     client: minos.networks.InMemoryDiscoveryClient
     auth-type: jwt
+    token-exp-minutes: 60
     host: localhost
     port: 8001
diff --git a/packages/plugins/minos-discovery-kong/tests/test_kong/test_client.py b/packages/plugins/minos-discovery-kong/tests/test_kong/test_client.py
@@ -13,6 +13,11 @@
 from tests.utils import (
     TEST_HOST,
 )
+from datetime import datetime
+from datetime import timedelta
+
+import jwt
+from pytz import utc
 
 PROTOCOL = "http"
 
@@ -177,6 +182,42 @@ async def test_activate_jwt_plugin_on_route(self):
 
         self.assertTrue(201 == response.status_code)
 
+    async def test_jwt_token_generation(self):
+        user_uuid = uuid4()
+        user_name = self.generate_underscore_uuid()
+        response = await self.kong.create_consumer(username=user_name, user=user_uuid, tags=[])
+
+        self.assertTrue(201 == response.status_code)
+        resp = response.json()
+
+        response = await self.kong.add_jwt_to_consumer(consumer=resp["id"])
+
+        self.assertTrue(201 == response.status_code)
+        resp = response.json()
+
+        token = await self.kong.get_jwt_token(key=resp['key'], secret=resp['secret'])
+
+        self.assertGreater(len(token), 50)
+
+    async def test_jwt_token_generation_with_expiration(self):
+        user_uuid = uuid4()
+        user_name = self.generate_underscore_uuid()
+        response = await self.kong.create_consumer(username=user_name, user=user_uuid, tags=[])
+
+        self.assertTrue(201 == response.status_code)
+        resp = response.json()
+
+        response = await self.kong.add_jwt_to_consumer(consumer=resp["id"])
+
+        self.assertTrue(201 == response.status_code)
+        resp = response.json()
+
+        current = datetime.now(tz=utc)
+        token = await self.kong.get_jwt_token(key=resp['key'], secret=resp['secret'],
+                                              exp=current + timedelta(minutes=10), nbf=current + timedelta(minutes=9))
+
+        self.assertGreater(len(token), 50)
+
 
 if __name__ == "__main__":
     unittest.main()
