mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-24 07:52:14 +03:00
c14dcd5792
* fix arg order in UserAuthentication instance [force ci] * change the constructor name to AHGraphQLRequest Co-authored-by: Stylish Haskell Bot <stylish-haskell@users.noreply.github.com> Co-authored-by: Karthikeyan Chinnakonda <karthikeyan@hasura.io> GitOrigin-RevId: fb3258f4a84efc6c730b0c6222ebd8cea1b91081
81 lines
2.7 KiB
Python
81 lines
2.7 KiB
Python
#!/usr/bin/env python
|
|
"""
|
|
Webhook for GraphQL engine
|
|
For successful authentication
|
|
1) Add header X-Hasura-Auth-From: webhook to the list of headers
|
|
2) Base64 encode the required headers (including X-Hasura-Auth-From)
|
|
3) Pass it as the bearer token with the Authorization header
|
|
"""
|
|
import base64
|
|
import json
|
|
import ssl
|
|
import http.server
|
|
import traceback
|
|
import sys
|
|
|
|
class S(http.server.BaseHTTPRequestHandler):
|
|
|
|
|
|
def handle_headers(self, headers):
|
|
if 'Authorization' in headers:
|
|
auth = headers['Authorization']
|
|
h = dict()
|
|
if auth.startswith("Bearer "):
|
|
try:
|
|
h = json.loads(base64.b64decode(auth[7:]).decode("utf-8"))
|
|
if h.get('X-Hasura-Auth-Mode') == 'webhook':
|
|
print (h)
|
|
self.send_response(200)
|
|
self.send_header('Content-Type', 'application/json')
|
|
self.end_headers()
|
|
self.wfile.write(json.dumps(h).encode('utf-8'))
|
|
else:
|
|
print ('forbidden')
|
|
self.send_response(401)
|
|
self.end_headers()
|
|
self.wfile.write('{}')
|
|
except Exception as e:
|
|
print ('forbidden')
|
|
self.send_response(401)
|
|
self.end_headers()
|
|
print("type error: " + str(e))
|
|
print(traceback.format_exc())
|
|
else:
|
|
self.send_response(401)
|
|
self.end_headers()
|
|
print ('forbidden')
|
|
|
|
def do_GET(self):
|
|
self.handle_headers(self.headers)
|
|
|
|
def do_POST(self):
|
|
content_len = self.headers.get('Content-Length')
|
|
req_body = self.rfile.read(int(content_len)).decode("utf-8")
|
|
req_json = json.loads(req_body)
|
|
if 'headers' in req_json:
|
|
self.handle_headers(req_json['headers'])
|
|
else:
|
|
# TODO: is this a typo?
|
|
self.handler_headers({})
|
|
|
|
def run(keyfile, certfile, server_class=http.server.HTTPServer, handler_class=S, port=9090):
|
|
server_address = ('', port)
|
|
httpd = server_class(server_address, handler_class)
|
|
httpd.socket = ssl.wrap_socket (
|
|
httpd.socket,
|
|
certfile=certfile,
|
|
keyfile=keyfile,
|
|
server_side=True,
|
|
ssl_version=ssl.PROTOCOL_SSLv23)
|
|
print('Starting httpd...')
|
|
httpd.serve_forever()
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) != 4:
|
|
print("Usage: python webhook.py port keyfile certfile")
|
|
sys.exit(1)
|
|
port=int(sys.argv[1])
|
|
print("Starting webhook on port {}".format(port))
|
|
run(keyfile=sys.argv[2],certfile=sys.argv[3], port=port)
|
|
print("Exiting webhook")
|