1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# ========================================================================== #
# #
# KVMD - The main PiKVM daemon. #
# #
# Copyright (C) 2018-2022 Maxim Devaev <[email protected]> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <https://www.gnu.org/licenses/>. #
# #
# ========================================================================== #
import aiohttp
import aiohttp.web
from ...yamlconf import Option
from ...validators.basic import valid_bool
from ...validators.basic import valid_float_f01
from ...logging import get_logger
from ... import htclient
from . import BaseAuthService
# =====
class Plugin(BaseAuthService):
def __init__( # pylint: disable=super-init-not-called
self,
url: str,
verify: bool,
secret: str,
user: str,
passwd: str,
timeout: float,
) -> None:
self.__url = url
self.__verify = verify
self.__secret = secret
self.__user = user
self.__passwd = passwd
self.__timeout = timeout
self.__http_session: (aiohttp.ClientSession | None) = None
@classmethod
def get_plugin_options(cls) -> dict:
return {
"url": Option("http://localhost/auth"),
"verify": Option(True, type=valid_bool),
"secret": Option(""),
"user": Option(""),
"passwd": Option(""),
"timeout": Option(5.0, type=valid_float_f01),
}
async def authorize(self, user: str, passwd: str) -> bool:
assert user == user.strip()
assert user
session = self.__ensure_http_session()
try:
async with session.request(
method="POST",
url=self.__url,
timeout=self.__timeout,
json={
"user": user,
"passwd": passwd,
"secret": self.__secret,
},
headers={
"User-Agent": htclient.make_user_agent("KVMD"),
"X-KVMD-User": user,
},
) as response:
htclient.raise_not_200(response)
return True
except Exception:
get_logger().exception("Failed HTTP auth request for user %r", user)
return False
async def cleanup(self) -> None:
if self.__http_session:
await self.__http_session.close()
self.__http_session = None
def __ensure_http_session(self) -> aiohttp.ClientSession:
if not self.__http_session:
kwargs: dict = {}
if self.__user:
kwargs["auth"] = aiohttp.BasicAuth(login=self.__user, password=self.__passwd)
if not self.__verify:
kwargs["connector"] = aiohttp.TCPConnector(ssl=False)
self.__http_session = aiohttp.ClientSession(**kwargs)
return self.__http_session
|
