From 4e03d8b828734a59ac53e65404e74d4d3a94fa2b Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Thu, 16 Nov 2023 08:43:14 -0500 Subject: [PATCH 1/2] remove cookie backend --- app/api/subsetter/app/users.py | 18 ++---------------- app/api/subsetter/config/__init__.py | 2 +- app/api/subsetter/main.py | 15 ++++----------- app/env.template | 12 ++++++++---- 4 files changed, 15 insertions(+), 32 deletions(-) diff --git a/app/api/subsetter/app/users.py b/app/api/subsetter/app/users.py index 453c2c98..ea88eb04 100644 --- a/app/api/subsetter/app/users.py +++ b/app/api/subsetter/app/users.py @@ -5,7 +5,7 @@ from beanie import PydanticObjectId from fastapi import Depends, Request from fastapi_users import BaseUserManager, FastAPIUsers -from fastapi_users.authentication import AuthenticationBackend, BearerTransport, CookieTransport, JWTStrategy +from fastapi_users.authentication import AuthenticationBackend, BearerTransport, JWTStrategy from fastapi_users.db import BeanieUserDatabase, ObjectIDIDMixin from httpx_oauth.errors import GetIdEmailError from httpx_oauth.oauth2 import OAuth2, GetAccessTokenError, OAuth2Token @@ -61,14 +61,6 @@ async def on_after_request_verify(self, user: User, token: str, request: Optiona async def get_user_manager(user_db: BeanieUserDatabase = Depends(get_user_db)): yield UserManager(user_db) - -cookie_transport = CookieTransport( - cookie_max_age=60 * 60 * 24 * 30, - cookie_domain=os.getenv("VITE_APP_API_HOST"), - cookie_secure=True, - cookie_httponly=True, - cookie_samesite="lax", -) bearer_transport = BearerTransport(tokenUrl="auth/jwt/login") @@ -76,18 +68,12 @@ def get_jwt_strategy() -> JWTStrategy: return JWTStrategy(secret=SECRET, lifetime_seconds=60 * 60 * 24 * 30) # one month -cookie_backend = AuthenticationBackend( - name="cookie", - transport=cookie_transport, - get_strategy=get_jwt_strategy, -) - auth_backend = AuthenticationBackend( name="jwt", transport=bearer_transport, get_strategy=get_jwt_strategy, ) -fastapi_users = FastAPIUsers[User, PydanticObjectId](get_user_manager, [cookie_backend, auth_backend]) +fastapi_users = FastAPIUsers[User, PydanticObjectId](get_user_manager, [auth_backend]) current_active_user = fastapi_users.current_user(active=True) diff --git a/app/api/subsetter/config/__init__.py b/app/api/subsetter/config/__init__.py index c96b5dfe..a64b5826 100644 --- a/app/api/subsetter/config/__init__.py +++ b/app/api/subsetter/config/__init__.py @@ -19,7 +19,7 @@ class Settings(BaseSettings): oauth2_client_id: str oauth2_client_secret: str oauth2_redirect_url: str - oauth2_cookie_redirect_url: str + vite_oauth2_redirect_url: str minio_access_key: str minio_secret_key: str diff --git a/app/api/subsetter/main.py b/app/api/subsetter/main.py index 55a7b126..b2f715f1 100644 --- a/app/api/subsetter/main.py +++ b/app/api/subsetter/main.py @@ -10,7 +10,7 @@ from subsetter.app.routers.argo import router as argo_router from subsetter.app.routers.storage import router as storage_router from subsetter.app.schemas import UserRead, UserUpdate -from subsetter.app.users import SECRET, auth_backend, cookie_backend, cuahsi_oauth_client, fastapi_users +from subsetter.app.users import SECRET, auth_backend, cuahsi_oauth_client, fastapi_users from subsetter.config import get_settings # TODO: get oauth working with swagger/redoc @@ -66,21 +66,14 @@ app.include_router( fastapi_users.get_oauth_router( cuahsi_oauth_client, - cookie_backend, + auth_backend, SECRET, - redirect_url=get_settings().oauth2_cookie_redirect_url + redirect_url=get_settings().vite_oauth2_redirect_url ), - prefix="/auth/cookie", + prefix="/auth/front", tags=["auth"], ) -# This router provides the /auth/cookie/logout endpoint -app.include_router( - fastapi_users.get_auth_router(cookie_backend), - prefix="/auth/cookie", - tags=["auth"] -) - app.include_router( fastapi_users.get_users_router(UserRead, UserUpdate), prefix="/users", diff --git a/app/env.template b/app/env.template index 406a7fc9..eb7c915c 100644 --- a/app/env.template +++ b/app/env.template @@ -12,10 +12,14 @@ MINIO_ACCESS_KEY= MINIO_SECRET_KEY= MINIO_API_URL=api.minio.cuahsi.io -ALLOW_ORIGINS='["http://localhost:*"]' - VITE_APP_NAME=subsetter +VITE_APP_ORIGIN=http://localhost:5173 +VITE_APP_BASE=/domain-subsetter/ +VITE_APP_URL=${VITE_APP_ORIGIN}${VITE_APP_BASE} VITE_APP_API_HOST=localhost VITE_APP_API_URL=https://${VITE_APP_API_HOST}/api -OAUTH2_REDIRECT_URl=${VITE_APP_API_URL}/auth/cuahsi/callback -OAUTH2_COOKIE_REDIRECT_URl=${VITE_APP_URL}/auth-redirect \ No newline at end of file + +ALLOW_ORIGINS=${VITE_APP_ORIGIN} +OAUTH2_REDIRECT_URL=${VITE_APP_API_URL}/auth/cuahsi/callback + +VITE_OAUTH2_REDIRECT_URL="${VITE_APP_URL}#/auth-redirect" \ No newline at end of file From 4d0441b577470d016a2eff18e56790e813cd04ab Mon Sep 17 00:00:00 2001 From: Devin Cowan Date: Mon, 20 Nov 2023 14:18:51 -0500 Subject: [PATCH 2/2] expand env vars --- app/api/subsetter/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/api/subsetter/main.py b/app/api/subsetter/main.py index b2f715f1..e9d2b478 100644 --- a/app/api/subsetter/main.py +++ b/app/api/subsetter/main.py @@ -25,9 +25,9 @@ "swagger_ui_client_id": cuahsi_oauth_client.client_id, } -app = FastAPI(servers=[{"url": os.environ['VITE_APP_API_URL']}], swagger_ui_parameters=swagger_params) +app = FastAPI(servers=[{"url": os.path.expandvars(os.environ['VITE_APP_API_URL'])}], swagger_ui_parameters=swagger_params) -origins = [os.environ['ALLOW_ORIGINS']] +origins = [os.path.expandvars(os.environ['ALLOW_ORIGINS'])] app.add_middleware( CORSMiddleware,