Merge pull request #22 from avantifellows/auth_for_delhi_api

[PPS] Added auth for Delhi API

app/auth/__init__.py

@@ -0,0 +1,34 @@
+import httpx
+from fastapi import Request, HTTPException, status
+
+# Portal Backend URL
+VERIFICATION_URL = "https://9nqmv8p8k2.execute-api.ap-south-1.amazonaws.com/auth/verify"
+
+
+async def verify_token(request: Request) -> bool:
+    # This function will be used to verify the bearer token
+    auth_header = request.headers.get("Authorization")
+    bearer_prefix = "Bearer "
+
+    if not auth_header or not auth_header.startswith(bearer_prefix):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or missing token",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    token = auth_header[len(bearer_prefix) :]
+    headers = {"Authorization": f"Bearer {token}"}
+    async with httpx.AsyncClient() as client:
+        response = await client.get(VERIFICATION_URL, headers=headers)
+
+    if response.status_code == 200:
+        json_response = response.json()
+        if "id" in json_response:
+            return token
+
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Invalid token",
+        headers={"WWW-Authenticate": "Bearer"},
+    )

app/requirements.txt

@@ -2,17 +2,22 @@ anyio==3.6.1
 autopep8==1.6.0
 boto3==1.24.35
 botocore==1.27.35
+certifi==2022.12.7
 click==8.1.3
 fastapi==0.79.0
 h11==0.13.0
+httpcore==0.16.3
+httpx==0.23.3
 idna==3.3
 Jinja2==3.1.2
 jmespath==1.0.1
+mangum==0.15.1
 MarkupSafe==2.1.1
 pycodestyle==2.8.0
 pydantic==1.9.1
 python-dateutil==2.8.2
 python-dotenv==0.20.0
+rfc3986==1.5.0
 s3transfer==0.6.0
 six==1.16.0
 sniffio==1.2.0
@@ -21,4 +26,3 @@ toml==0.10.2
 typing_extensions==4.3.0
 urllib3==1.26.10
 uvicorn==0.18.2
-mangum==0.14.1

app/routers/reports.py

@@ -1,11 +1,13 @@
 from fastapi import APIRouter, Request
 from fastapi.templating import Jinja2Templates
-from fastapi import HTTPException
+from fastapi import HTTPException, Depends
 from collections import OrderedDict
 from urllib.parse import unquote
-from typing import Union
-
+from typing import Union, Optional
+from auth import verify_token
 from models.student_quiz_report import StudentQuizReportController
+from fastapi.security.api_key import APIKeyHeader
+
 
 ROW_NAMES = OrderedDict()
 ROW_NAMES = {
@@ -27,6 +29,8 @@
 
 AF_API_KEY = "6qOO8UdF1EGxLgzwIbQN"
 
+api_key_header = APIKeyHeader(name="Authorization", auto_error=False)
+
 
 class ReportsRouter:
     def __init__(
@@ -61,8 +65,15 @@ def _parse_section_data(section=None):
 
         @api_router.get("/student_reports/{user_id}")
         def get_student_reports(
-            request: Request, user_id: str = None, format: Union[str, None] = None
+            request: Request,
+            user_id: str = None,
+            format: Union[str, None] = None,
+            verified: bool = Depends(verify_token),
+            auth_header: Optional[str] = Depends(api_key_header),
         ):
+            if not verified:
+                raise HTTPException(status_code=401, detail="Unauthorized")
+
             if user_id is None:
                 raise HTTPException(
                     status_code=400,

requirements.txt

@@ -2,17 +2,22 @@ anyio==3.6.1
 autopep8==1.6.0
 boto3==1.24.35
 botocore==1.27.35
+certifi==2022.12.7
 click==8.1.3
 fastapi==0.79.0
 h11==0.13.0
+httpcore==0.16.3
+httpx==0.23.3
 idna==3.3
 Jinja2==3.1.2
 jmespath==1.0.1
+mangum==0.15.1
 MarkupSafe==2.1.1
 pycodestyle==2.8.0
 pydantic==1.9.1
 python-dateutil==2.8.2
 python-dotenv==0.20.0
+rfc3986==1.5.0
 s3transfer==0.6.0
 six==1.16.0
 sniffio==1.2.0
@@ -21,4 +26,3 @@ toml==0.10.2
 typing_extensions==4.3.0
 urllib3==1.26.10
 uvicorn==0.18.2
-mangum==0.14.1