Merge pull request #147 from mzaglia/master

Add authentication using BDC-Auth. Close #122
brazil-data-cube · Mar 4, 2021 · cc3f096 · cc3f096
2 parents 19e93be + 1f1ee33
commit cc3f096
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/cube_builder/config.py b/cube_builder/config.py
@@ -8,6 +8,7 @@
 """Brazil Data Cube Configuration."""
 
 import os
+from distutils.util import strtobool
 
 BASE_DIR = os.path.abspath(os.path.dirname(__file__))
 
@@ -52,6 +53,11 @@ class Config:
     # So the asset will be /Repository/Mosaic/collectionName/version/tile/period/scene.tif
     ITEM_PREFIX = os.getenv('ITEM_PREFIX', '/Repository/Archive')
 
+    # BDC-Auth OAuth2
+    BDC_AUTH_CLIENT_ID = os.getenv('BDC_AUTH_CLIENT_ID', None)
+    BDC_AUTH_CLIENT_SECRET = os.getenv('BDC_AUTH_CLIENT_SECRET', None)
+    BDC_AUTH_ACCESS_TOKEN_URL = os.getenv('BDC_AUTH_ACCESS_TOKEN_URL', None)
+    BDC_AUTH_REQUIRED = strtobool(os.getenv('BDC_AUTH_REQUIRED', '0'))
 
 class ProductionConfig(Config):
     """Production Mode."""

diff --git a/cube_builder/views.py b/cube_builder/views.py
@@ -10,8 +10,11 @@
 
 # 3rdparty
 from flask import Blueprint, jsonify, request
+from bdc_auth_client.decorators import oauth2
+
 
 # Cube Builder
+from .config import Config
 from .controller import CubeController
 from .forms import (CubeItemsForm, CubeStatusForm, DataCubeForm,
                     DataCubeMetadataForm, DataCubeProcessForm, GridRefSysForm,
@@ -32,7 +35,8 @@ def status():
 
 
 @bp.route('/cube-status', methods=('GET', ))
-def cube_status():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def cube_status(**kwargs):
     """Retrieve the cube processing state, which refers to total items and total to be done."""
     form = CubeStatusForm()
 
@@ -48,7 +52,8 @@ def cube_status():
 
 @bp.route('/cubes', defaults=dict(cube_id=None), methods=['GET'])
 @bp.route('/cubes/<cube_id>', methods=['GET'])
-def list_cubes(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_cubes(cube_id, **kwargs):
     """List all data cubes available."""
     if cube_id is not None:
         message, status_code = CubeController.get_cube(cube_id)
@@ -60,7 +65,8 @@ def list_cubes(cube_id):
 
 
 @bp.route('/cubes', methods=['POST'])
-def create_cube():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["write"])
+def create_cube(**kwargs):
     """Define POST handler for datacube creation.
 
     Expects a JSON that matches with ``DataCubeForm``.
@@ -81,7 +87,8 @@ def create_cube():
     return jsonify(cubes), status
 
 @bp.route('/cubes/<cube_id>', methods=['PUT'])
-def update_cube_matadata(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["write"])
+def update_cube_matadata(cube_id, **kwargs):
     """Define PUT handler for datacube Updation.
 
     Expects a JSON that matches with ``DataCubeMetadataForm``.
@@ -103,23 +110,26 @@ def update_cube_matadata(cube_id):
 
 
 @bp.route('/cubes/<cube_id>/tiles', methods=['GET'])
-def list_tiles(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_tiles(cube_id, **kwargs):
     """List all data cube tiles already done."""
     message, status_code = CubeController.list_tiles_cube(cube_id, only_ids=True)
 
     return jsonify(message), status_code
 
 
 @bp.route('/cubes/<cube_id>/tiles/geom', methods=['GET'])
-def list_tiles_as_features(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_tiles_as_features(cube_id, **kwargs):
     """List all tiles as GeoJSON feature."""
     message, status_code = CubeController.list_tiles_cube(cube_id)
 
     return jsonify(message), status_code
 
 
 @bp.route('/cubes/<cube_id>/items', methods=['GET'])
-def list_cube_items(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_cube_items(cube_id, **kwargs):
     """List all data cube items."""
     form = CubeItemsForm()
 
@@ -136,15 +146,17 @@ def list_cube_items(cube_id):
 
 
 @bp.route('/cubes/<cube_id>/meta', methods=['GET'])
-def get_cube_meta(cube_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def get_cube_meta(cube_id, **kwargs):
     """Retrieve the meta information of a data cube such STAC provider used, collection, etc."""
     message, status_code = CubeController.cube_meta(cube_id)
 
     return jsonify(message), status_code
 
 
 @bp.route('/start', methods=['POST'])
-def start_cube():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["write"])
+def start_cube(**kwargs):
     """Define POST handler for datacube execution.
 
     Expects a JSON that matches with ``DataCubeProcessForm``.
@@ -166,7 +178,8 @@ def start_cube():
 
 
 @bp.route('/list-merges', methods=['GET'])
-def list_merges():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_merges(**kwargs):
     """Define POST handler for datacube execution.
 
     Expects a JSON that matches with ``DataCubeProcessForm``.
@@ -180,7 +193,8 @@ def list_merges():
 
 @bp.route('/grids', defaults=dict(grs_id=None), methods=['GET'])
 @bp.route('/grids/<grs_id>', methods=['GET'])
-def list_grs_schemas(grs_id):
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_grs_schemas(grs_id, **kwargs):
     """List all data cube Grids."""
     if grs_id is not None:
         result, status_code = CubeController.get_grs_schema(grs_id)
@@ -191,7 +205,8 @@ def list_grs_schemas(grs_id):
 
 
 @bp.route('/create-grids', methods=['POST'])
-def create_grs():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["write"])
+def create_grs(**kwargs):
     """Create the grid reference system using HTTP Post method."""
     form = GridRefSysForm()
 
@@ -208,7 +223,8 @@ def create_grs():
 
 
 @bp.route('/list-periods', methods=['POST'])
-def list_periods():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_periods(**kwargs):
     """List data cube periods.
 
     The user must provide the following query-string parameters:
@@ -230,7 +246,8 @@ def list_periods():
 
 
 @bp.route('/composite-functions', methods=['GET'])
-def list_composite_functions():
+@oauth2(required=Config.BDC_AUTH_REQUIRED, roles=["read"])
+def list_composite_functions(**kwargs):
     """List all data cube supported composite functions."""
     message, status_code = CubeController.list_composite_functions()
 

diff --git a/setup.py b/setup.py
@@ -54,6 +54,7 @@
     'shapely>=1.7,<2',
     'SQLAlchemy-Utils>=0.34.2,<1',
     'stac.py==0.9.0.post5',
+    'bdc-auth-client @ git+git://github.com/brazil-data-cube/bdc-auth-client.git@v0.2.1#egg=bdc-auth-client'
 ]
 
 packages = find_packages()