def auth_middleware(app, handler):
""" Login via Github """
def gh_client(**kw):
return GithubClient(conf['github_id'], conf['github_secret'], **kw)
async def callback(request):
session = await get_session(request)
log.debug('callback: session=%s GET=%s', session, request.GET)
if session.get('github_state') != request.GET.get('state'):
return web.HTTPBadRequest()
code = request.GET.get('code')
if not code:
return web.HTTPBadRequest()
gh = gh_client()
token, _ = await gh.get_access_token(code)
gh = gh_client(access_token=token)
req = await gh.request('GET', 'user')
user = await req.json()
req.close()
users = []
for org in conf['github_orgs']:
_, resp = await gh_api('orgs/%s/members?per_page=100' % org)
users.extend(u['login'] for u in resp)
log.debug('members %s: %s', len(users), users)
if user.get('login') in users:
session['login'] = user.get('login')
session.pop('github_state', None)
session.pop('github_url', None)
location = session.pop('location')
return web.HTTPFound(location)
return web.HTTPForbidden()
async def check_auth(request):
session = await get_session(request)
login = session.get('login')
if login:
request['login'] = login
return await handler(request)
elif 'github_state' not in session:
gh = gh_client()
state = str(uuid.uuid4())
url = gh.get_authorize_url(scope='', state=state)
session['github_state'] = state
session['github_url'] = url
session['location'] = request.path
log.debug('check_auth: %s', session)
return web.HTTPFound(conf['url_prefix'] + '/login')
async def inner(request):
if request.path == (conf['url_prefix'] + conf['github_callback']):
return await callback(request)
elif request.path == (conf['url_prefix'] + '/hook'):
return await handler(request)
elif request.path == (conf['url_prefix'] + '/login'):
return await handler(request)
else:
return await check_auth(request)
return inner
评论列表
文章目录
