-
Notifications
You must be signed in to change notification settings - Fork 285
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2891b49
commit 5edbf5e
Showing
11 changed files
with
373 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
// import { redirect } from "react-router"; | ||
import { LoaderFunctionArgs } from "react-router-dom"; | ||
|
||
export async function oAuthCallbackLoader(args: LoaderFunctionArgs) { | ||
const queryParameters = new URL(args.request.url).searchParams; | ||
const authorizationCode = queryParameters.get("code"); | ||
const state = queryParameters.get("state"); | ||
const actualState = sessionStorage.getItem("oAuthState"); | ||
sessionStorage.removeItem("oAuthState"); | ||
if ( | ||
authorizationCode == undefined || | ||
state == undefined || | ||
actualState == undefined || | ||
state !== actualState | ||
) { | ||
// todo: display error message | ||
return null; | ||
} | ||
const origin = new URL(window.location.href).origin; | ||
const redirectUri = `${origin}/oauth-callback`; | ||
try { | ||
const response = await fetch("/auth/oauth-tokens", { | ||
method: "POST", | ||
headers: { | ||
"Content-Type": "application/json", | ||
}, | ||
body: JSON.stringify({ | ||
authorization_code: authorizationCode, | ||
redirect_uri: redirectUri, | ||
}), | ||
}); | ||
if (!response.ok) { | ||
// todo: parse response body and display error message | ||
return null; | ||
} | ||
} catch (error) { | ||
// todo: display error | ||
} | ||
// redirect("/"); | ||
return null; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,11 @@ | ||
from .auth import router as auth_router | ||
from .embeddings import create_embeddings_router | ||
from .oauth import router as oauth_router | ||
from .v1 import create_v1_router | ||
|
||
__all__ = [ | ||
"auth_router", | ||
"create_embeddings_router", | ||
"create_v1_router", | ||
"oauth_router", | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
from authlib.integrations.starlette_client import OAuthError | ||
from authlib.integrations.starlette_client import StarletteOAuth2App as OAuthClient | ||
from fastapi import APIRouter, Depends, HTTPException, Request | ||
from starlette.responses import RedirectResponse | ||
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_404_NOT_FOUND | ||
|
||
from phoenix.server.rate_limiters import ServerRateLimiter, fastapi_rate_limiter | ||
|
||
rate_limiter = ServerRateLimiter( | ||
per_second_rate_limit=0.2, | ||
enforcement_window_seconds=30, | ||
partition_seconds=60, | ||
active_partitions=2, | ||
) | ||
login_rate_limiter = fastapi_rate_limiter(rate_limiter, paths=["/login"]) | ||
router = APIRouter( | ||
prefix="/oauth", include_in_schema=False, dependencies=[Depends(login_rate_limiter)] | ||
) | ||
|
||
|
||
@router.post("/{idp}/login") | ||
async def login(request: Request, idp: str) -> RedirectResponse: | ||
if not isinstance(oauth_client := request.app.state.oauth_clients.get_client(idp), OAuthClient): | ||
raise HTTPException(HTTP_404_NOT_FOUND, f"Unknown IDP: {idp}") | ||
redirect_uri = request.url_for("create_tokens", idp=idp) | ||
response: RedirectResponse = await oauth_client.authorize_redirect(request, redirect_uri) | ||
return response | ||
|
||
|
||
@router.get("/{idp}/tokens") | ||
async def create_tokens(request: Request, idp: str) -> RedirectResponse: | ||
if not isinstance(oauth_client := request.app.state.oauth_clients.get_client(idp), OAuthClient): | ||
raise HTTPException(HTTP_404_NOT_FOUND, f"Unknown IDP: {idp}") | ||
try: | ||
token = await oauth_client.authorize_access_token(request) | ||
except OAuthError as error: | ||
raise HTTPException(HTTP_401_UNAUTHORIZED, detail=str(error)) | ||
print(f"{token=}") | ||
return RedirectResponse(url="/") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.