graphql-engine/server/tests-py/test_cookie_webhook.py

"""
Sample auth webhook to receive a cookie and respond
"""
from http import HTTPStatus
from webserver import RequestHandler, WebServer, MkHandlers, Response

class CookieAuth(RequestHandler):
    def get(self, request):
        headers = {k.lower(): v for k, v in request.headers.items()}
        print(headers)
        if 'cookie' in headers and headers['cookie']:
            res = {'x-hasura-role': 'admin'}
            return Response(HTTPStatus.OK, res)
        return Response(HTTPStatus.UNAUTHORIZED)

    def post(self, request):
        headers = {k.lower(): v for k, v in request.json['headers'].items()}
        print(headers)
        if 'cookie' in headers and headers['cookie']:
            res = {'x-hasura-role': 'admin'}
            return Response(HTTPStatus.OK, res)
        return Response(HTTPStatus.UNAUTHORIZED)


handlers = MkHandlers({
    '/auth': CookieAuth,
})

def create_server(host='127.0.0.1', port=9876):
    return WebServer((host, port), handlers)

def stop_server(server):
    server.shutdown()
    server.server_close()

if __name__ == '__main__':
    s = create_server(host='0.0.0.0')
    s.serve_forever()
read cookie while initialising websocket connection (fix #1660) (#1668) * read cookie while initialising websocket connection (fix #1660) * add tests for cookie on websocket init * fix logic for tests * enforce cors, and flag to force read cookie when cors disabled - as browsers don't enforce SOP on websockets, we enforce CORS policy on websocket handshake - if CORS is disabled, by default cookie is not read (because XSS risk!). Add special flag to force override this behaviour * add log and forward origin header to webhook - add log notice when cors is disabled, and cookie is not read on websocket handshake - forward origin header to webhook in POST mode. So that when CORS is disabled, webhook can also enforce CORS independently. * add docs, and forward all client headers to webhook 2019-03-04 10:46:53 +03:00			`"""`
			`Sample auth webhook to receive a cookie and respond`
			`"""`
			`from http import HTTPStatus`
			`from webserver import RequestHandler, WebServer, MkHandlers, Response`

			`class CookieAuth(RequestHandler):`
			`def get(self, request):`
			`headers = {k.lower(): v for k, v in request.headers.items()}`
			`print(headers)`
			`if 'cookie' in headers and headers['cookie']:`
			`res = {'x-hasura-role': 'admin'}`
			`return Response(HTTPStatus.OK, res)`
			`return Response(HTTPStatus.UNAUTHORIZED)`

			`def post(self, request):`
			`headers = {k.lower(): v for k, v in request.json['headers'].items()}`
			`print(headers)`
			`if 'cookie' in headers and headers['cookie']:`
			`res = {'x-hasura-role': 'admin'}`
			`return Response(HTTPStatus.OK, res)`
			`return Response(HTTPStatus.UNAUTHORIZED)`


			`handlers = MkHandlers({`
			`'/auth': CookieAuth,`
			`})`

			`def create_server(host='127.0.0.1', port=9876):`
			`return WebServer((host, port), handlers)`

			`def stop_server(server):`
			`server.shutdown()`
			`server.server_close()`

			`if __name__ == '__main__':`
			`s = create_server(host='0.0.0.0')`
			`s.serve_forever()`