Implement changes for API authentication and Swagger UI (#541)

* initial token-based-api login handler * add token schema and validation * initial import of pyro3d api code * basic Swagger spec support * Merge in working copy of API/Device.pm * Fix some error handling for API/Device.pm * Break out utility functions into separate file, to allow other api portions to use * Add NodeIP support. * Add nodeip plugin to config * remove double define of "plugin:" (#448) disclaimer: i did not test this is any way, came across it when looking for something else. * only AuthZ header for api use, and alway regen key on login * use RFC7235 * workaround for Swagger plugin weird response body * do not autodiscover swagger routes * code formatting only * move api util to utils area * initial full swagger spec for nodeip search * add api user role and fix api auth failure response * update version of swagger-ui to 3.20.3 * add more openapi defs * fixes to SQL and api spec * clean up subs * improvements to login/logout for API * make api logout work * add openapi tags to group operations * allow api params to be generated from DBIC schema spec * remove API calls for nodes and devices * remove some poor assumptions about api calls * tidy up * remove DDP * make login and logout similar * example of api call being handled by ajax call * make the branch authonly
2019-03-17 20:27:19 +00:00
parent df1a150f0c
commit 46d8c52a08
25 changed files with 465 additions and 20 deletions
--- a/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
+++ b/lib/App/Netdisco/Web/Auth/Provider/DBIC.pm
@@ -53,6 +53,28 @@ sub get_user_details {
    return $user;
 }

+sub validate_api_token {
+    my ($self, $token) = @_;
+    return unless defined $token;
+
+    my $settings = $self->realm_settings;
+    my $database = schema($settings->{schema_name})
+        or die "No database connection";
+
+    my $users_table  = $settings->{users_resultset}    || 'User';
+    my $token_column = $settings->{users_token_column} || 'token';
+
+    $token =~ s/^Apikey //i; # should be there but swagger-ui doesn't add it
+    my $user = try {
+      $database->resultset($users_table)->find({ $token_column => $token });
+    };
+
+    return $user->username
+      if $user and $user->in_storage and $user->token_from
+        and $user->token_from > (time - setting('api_token_lifetime'));
+    return undef;
+}
+
 sub get_user_roles {
    my ($self, $username) = @_;
    return unless defined $username;