search

IonSystems / tiberius-robot

Repository for all software modules used by Heriot-Watt University's Tiberius Robot.
1 stars 0 forks source link

Authentication in control API #40

Closed camieac closed 8 years ago

camieac commented 8 years ago

To prevent users from accessing the API without valid authentication tokens. Falcon has example code to support this, so our solution will probably be closely based on that.

Example code (https://github.com/falconry/falcon):

class AuthMiddleware(object):

    def process_request(self, req, resp):
        token = req.get_header('X-Auth-Token')
        project = req.get_header('X-Project-ID')

        if token is None:
            description = ('Please provide an auth token '
                           'as part of the request.')

            raise falcon.HTTPUnauthorized('Auth token required',
                                          description,
                                          href='http://docs.example.com/auth')

        if not self._token_is_valid(token, project):
            description = ('The provided auth token is not valid. '
                           'Please request a new token and try again.')

            raise falcon.HTTPUnauthorized('Authentication required',
                                          description,
                                          href='http://docs.example.com/auth',
                                          scheme='Token; UUID')

    def _token_is_valid(self, token, project):
        return True  # Suuuuuure it's valid...

We'll need to store a database of valid tokens, and query the database from the control API. The valid tokens will also need to be stored on a database on the web server side, so that the web interface is able to get a valid token to send. Each user of the web interface should have a valid token generated and stored with the user on the web server.

Some sort of synchronisation of the control API database and the web interface database would be really useful here, but not covered in this issue.

For now, we can work with a single authentication token until we have a database synchronisation mechanism.

camieac commented 8 years ago

This is probably a good idea: https://pypi.python.org/pypi/talons/0.1

camieac commented 8 years ago

Basic (not very secure) authentication has been added. Will need to re-open later on for a more secure authentication system.