295e31e8bb
This commit removes the option `--admin-token` and adds the option `--admin-token-hash`, which accepts a hashed token (sha256 in 64-digits hex representation).
38 lines
1.1 KiB
Python
38 lines
1.1 KiB
Python
import logging
|
|
|
|
from fastapi import HTTPException
|
|
|
|
from dump_things_service import HTTP_401_UNAUTHORIZED
|
|
from dump_things_service.abstract_config import (
|
|
Configuration,
|
|
hash_token_representation,
|
|
)
|
|
from dump_things_service.instance_state import InstanceState
|
|
|
|
|
|
logger = logging.getLogger('dump_things_service')
|
|
|
|
|
|
def authenticate_admin(
|
|
instance_state: InstanceState,
|
|
abstract_config: Configuration,
|
|
api_key: str,
|
|
):
|
|
if api_key:
|
|
hashed_token_representation = hash_token_representation(api_key)
|
|
if hashed_token_representation == instance_state.bootstrap_token:
|
|
logger.info('authenticate_admin: using bootstrap token')
|
|
return
|
|
|
|
for token_name, token_config in abstract_config.admin_tokens.items():
|
|
if token_config.representation == hashed_token_representation:
|
|
logger.info(
|
|
"authenticate_admin: using token '%s'",
|
|
token_name,
|
|
)
|
|
return
|
|
|
|
raise HTTPException(
|
|
status_code=HTTP_401_UNAUTHORIZED,
|
|
detail='Invalid admin token',
|
|
)
|