mirror of
https://github.com/hoshikawa2/fn-apigw-auth-draft-cavage-http-signatures-08.git
synced 2026-07-09 11:34:20 +00:00
first commit
This commit is contained in:
BIN
files/OAuthOCIService-fn.zip
Normal file
BIN
files/OAuthOCIService-fn.zip
Normal file
Binary file not shown.
7
files/config
Normal file
7
files/config
Normal file
@@ -0,0 +1,7 @@
|
||||
[DEFAULT]
|
||||
user=ocid1.user.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
fingerprint=a0:xx:xx:xx:xx:xx:xx:00:xx:xx:xx:xx:xxx:xxx:4b:9d
|
||||
key_file=oci_api_key.pem
|
||||
tenancy=ocid1.tenancy.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
region=us-ashburn-1
|
||||
|
||||
12
files/config.json
Normal file
12
files/config.json
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"ClientId" : "e3xxxxxxxxxxxxxxxxxxxxxxxxc2f",
|
||||
"ClientSecret" : "8exxxxxxd-fxxe-4xxf-8xxc-xxxxxxxx",
|
||||
"BaseUrl" : "https://idcs-xxxxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com",
|
||||
"AudienceServiceUrl" : "https://idcs-xxxxxxxxxxxxxxxxxxxxxxxx.identity.oraclecloud.com",
|
||||
"scope" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apigateway.us-ashburn-1.oci.customer-oci.com/super-scope",
|
||||
"TokenIssuer" : "https://identity.oraclecloud.com",
|
||||
"redirectURL": "http://localhost:8000/callback",
|
||||
"logoutSufix":"/oauth2/v1/userlogout",
|
||||
"LogLevel":"INFO",
|
||||
"ConsoleLog":"True"
|
||||
}
|
||||
169
files/func.py
Normal file
169
files/func.py
Normal file
@@ -0,0 +1,169 @@
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||
import base64
|
||||
import json
|
||||
from datetime import datetime
|
||||
import io
|
||||
from fdk import response
|
||||
import oci
|
||||
import requests
|
||||
|
||||
def get_date():
|
||||
d = str(datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'))
|
||||
return d
|
||||
|
||||
def get_signing(d, streaming_host, oci_region):
|
||||
with open('oci_api_key.pem', 'rb') as key_file:
|
||||
private_key = load_pem_private_key(key_file.read(), password=None)# Dados para assinar
|
||||
str = b'(request-target): post /20180418/streams/<streaming_host>/groupCursors\ndate: <date_str>\nhost: cell-1.streaming.<oci_region>.oci.oraclecloud.com'# Assine os dados usando SHA-256 e a chave privada
|
||||
|
||||
data = str.replace(b'<date_str>', bytes(d.encode())).replace(b'<streaming_host>', bytes(streaming_host.encode())).replace(b'<oci_region>', bytes(oci_region.encode()))
|
||||
signature = private_key.sign(data, padding.PKCS1v15(), hashes.SHA256())# Imprima a assinatura
|
||||
|
||||
base64_encoded = base64.b64encode(signature)
|
||||
|
||||
return base64_encoded
|
||||
|
||||
def get_authorization(d, streaming_host, oci_region, tenancy, user, fingerprint):
|
||||
a = get_signing(d, streaming_host, oci_region)
|
||||
s = b'Signature algorithm="rsa-sha256",headers="(request-target) date host",keyId="<tenancy>/<user>/<fingerprint>",signature="<signature>",version="1"'
|
||||
s = s.replace(b'<signature>', a).replace(b'<tenancy>', bytes(tenancy.encode())).replace(b'<user>', bytes(user.encode())).replace(b'<fingerprint>', bytes(fingerprint.encode()))
|
||||
r = s.decode()
|
||||
return r
|
||||
|
||||
def auth_idcs(token, url, clientID, secretID):
|
||||
url = url + "/oauth2/v1/introspect"
|
||||
|
||||
auth = clientID + ":" + secretID
|
||||
auth_bytes = auth.encode("ascii")
|
||||
auth_base64_bytes = base64.b64encode(auth_bytes)
|
||||
auth_base64_message = auth_base64_bytes.decode("ascii")
|
||||
|
||||
headers = {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'Authorization': 'Basic ' + auth_base64_message
|
||||
}
|
||||
|
||||
payload = "token=" + token
|
||||
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
return response
|
||||
|
||||
#Function used to load the configurations from the config.json file
|
||||
def getOptions():
|
||||
fo = open("config.json", "r")
|
||||
config = fo.read()
|
||||
options = json.loads(config)
|
||||
return options
|
||||
|
||||
def handler(ctx, data: io.BytesIO = None):
|
||||
config = oci.config.from_file("config")
|
||||
logging = oci.loggingingestion.LoggingClient(config)
|
||||
tenancy = config['tenancy']
|
||||
user = config['user']
|
||||
fingerprint = config['fingerprint']
|
||||
|
||||
app_context = dict(ctx.Config())
|
||||
streaming_host = app_context['streaming_host']
|
||||
oci_region = app_context['oci_region']
|
||||
jsonData = ""
|
||||
|
||||
options = getOptions()
|
||||
|
||||
try:
|
||||
header = json.loads(data.getvalue().decode('utf-8'))["data"]
|
||||
access_token = header["token"]
|
||||
url = options["BaseUrl"]
|
||||
|
||||
authorization = auth_idcs(access_token, url, options["ClientId"], options["ClientSecret"])
|
||||
if authorization.json().get("active") == False:
|
||||
return response.Response(
|
||||
ctx,
|
||||
status_code=401,
|
||||
response_data=json.dumps({"active": False, "wwwAuthenticate": jsonData})
|
||||
)
|
||||
|
||||
d = get_date()
|
||||
a = get_authorization(d, streaming_host=streaming_host, oci_region=oci_region, tenancy=tenancy, user=user, fingerprint=fingerprint)
|
||||
|
||||
rdata = json.dumps({
|
||||
"active": True,
|
||||
"context": {
|
||||
"date": d,
|
||||
"authorization": a,
|
||||
"streaming_host": streaming_host,
|
||||
"oci_region": oci_region,
|
||||
"tenancy": tenancy,
|
||||
"user": user,
|
||||
"fingerprint": fingerprint
|
||||
}})
|
||||
|
||||
put_logs_response = logging.put_logs(
|
||||
log_id="ocid1.log.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
put_logs_details=oci.loggingingestion.models.PutLogsDetails(
|
||||
specversion="EXAMPLE-specversion-Value",
|
||||
log_entry_batches=[
|
||||
oci.loggingingestion.models.LogEntryBatch(
|
||||
entries=[
|
||||
oci.loggingingestion.models.LogEntry(
|
||||
data="authorization: " + str(a),
|
||||
id="ocid1.test.oc1..00000001.EXAMPLE-id-Value")],
|
||||
source="EXAMPLE-source-Value",
|
||||
type="EXAMPLE-type-Value")]))
|
||||
|
||||
put_logs_response = logging.put_logs(
|
||||
log_id="ocid1.log.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
put_logs_details=oci.loggingingestion.models.PutLogsDetails(
|
||||
specversion="EXAMPLE-specversion-Value",
|
||||
log_entry_batches=[
|
||||
oci.loggingingestion.models.LogEntryBatch(
|
||||
entries=[
|
||||
oci.loggingingestion.models.LogEntry(
|
||||
data="request payload: " + json.dumps(header),
|
||||
id="ocid1.test.oc1..00000001.EXAMPLE-id-Value-1")],
|
||||
source="EXAMPLE-source-Value",
|
||||
type="EXAMPLE-type-Value")]))
|
||||
|
||||
put_logs_response = logging.put_logs(
|
||||
log_id="ocid1.log.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
put_logs_details=oci.loggingingestion.models.PutLogsDetails(
|
||||
specversion="EXAMPLE-specversion-Value",
|
||||
log_entry_batches=[
|
||||
oci.loggingingestion.models.LogEntryBatch(
|
||||
entries=[
|
||||
oci.loggingingestion.models.LogEntry(
|
||||
data="access: " + json.dumps(authorization.text),
|
||||
id="ocid1.test.oc1..00000001.EXAMPLE-id-Value-1")],
|
||||
source="EXAMPLE-source-Value",
|
||||
type="EXAMPLE-type-Value")]))
|
||||
|
||||
|
||||
return response.Response(
|
||||
ctx, response_data=rdata,
|
||||
status_code=200,
|
||||
headers={"Content-Type": "application/json", "Authorization": a, "Date": d}
|
||||
)
|
||||
|
||||
except(Exception) as ex:
|
||||
jsonData = 'error parsing json payload: ' + str(ex)
|
||||
put_logs_response = logging.put_logs(
|
||||
log_id="ocid1.log.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
put_logs_details=oci.loggingingestion.models.PutLogsDetails(
|
||||
specversion="EXAMPLE-specversion-Value",
|
||||
log_entry_batches=[
|
||||
oci.loggingingestion.models.LogEntryBatch(
|
||||
entries=[
|
||||
oci.loggingingestion.models.LogEntry(
|
||||
data="error: " + jsonData,
|
||||
id="ocid1.test.oc1..00000001.EXAMPLE-id-Value")],
|
||||
source="EXAMPLE-source-Value",
|
||||
type="EXAMPLE-type-Value")]))
|
||||
|
||||
pass
|
||||
|
||||
return response.Response(
|
||||
ctx,
|
||||
status_code=401,
|
||||
response_data=json.dumps({"active": False, "wwwAuthenticate": jsonData})
|
||||
)
|
||||
8
files/func.yaml
Normal file
8
files/func.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
schema_version: 20180708
|
||||
name: get-authorization
|
||||
version: 0.0.408
|
||||
runtime: python
|
||||
build_image: fnproject/python:3.9-dev
|
||||
run_image: fnproject/python:3.9
|
||||
entrypoint: /python/bin/fdk /function/func.py handler
|
||||
memory: 256
|
||||
28
files/oci_api_key.pem
Normal file
28
files/oci_api_key.pem
Normal file
@@ -0,0 +1,28 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAr7/go+lbpX2toGkCfFMX2UD/EKWXt+upllj2o0g43BFQ2JVJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
GMDKZf1FkmgNburj3zZQnLrkHwBvB4pozWy6B1Lbkd+SBQcuuP87g5fkDcExPgNJ
|
||||
88y+gQKBgQDNmDZsl7fAHupNuFQdQphJ+TI8EbZMfH+i9ChZ41coKTD+e2ucc8ll
|
||||
ocjWmoLuyXAIhcTforN+l+c0z7ZiBZ+kAz1hD4DSMrrhxIuZIodIh3myUMCAzQv6
|
||||
hZsTonAFY2y20Ql6v/rvYpTMsiUvMVI/Jx43jBcPunGHn/asLmfLZg==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
8
files/requirements.txt
Normal file
8
files/requirements.txt
Normal file
@@ -0,0 +1,8 @@
|
||||
fdk>=0.1.54
|
||||
requests
|
||||
oci
|
||||
cryptography
|
||||
six
|
||||
PyJWT
|
||||
py3_lru_cache
|
||||
simplejson
|
||||
Reference in New Issue
Block a user