Skip to content
Permalink
Browse files
AIRAVATA-3420 Add token based auth for downloads
  • Loading branch information
machristie committed May 24, 2021
1 parent 4a981ae commit 6672f541cb2decdcab183a895608e68ec806167a
Showing 4 changed files with 14 additions and 7 deletions.
@@ -222,7 +222,8 @@ def open_file(request, data_product=None, data_product_uri=None):
resp = _call_remote_api(
request,
"/download",
params={'data-product-uri': data_product.productUri})
params={'data-product-uri': data_product.productUri},
base_url="/sdk")
file = io.BytesIO(resp.content)
disposition = resp.headers['Content-Disposition']
disp_value, disp_params = cgi.parse_header(disposition)
@@ -846,6 +847,7 @@ def _call_remote_api(
path_params=None,
method="get",
raise_for_status=True,
base_url="/api",
**kwargs):

headers = {
@@ -856,9 +858,13 @@ def _call_remote_api(
encoded_path_params[pk] = quote(pv)
encoded_path = path.format(**encoded_path_params)
logger.debug(f"encoded_path={encoded_path}")
remote_api_url = settings.GATEWAY_DATA_STORE_REMOTE_API
if remote_api_url.endswith("/api"):
warnings.warn(f"Set GATEWAY_DATA_STORE_REMOTE_API to \"{remote_api_url}\". /api is no longer needed.", DeprecationWarning)
remote_api_url = remote_api_url[0:remote_api_url.rfind("/api")]
r = requests.request(
method,
f'{settings.GATEWAY_DATA_STORE_REMOTE_API}{encoded_path}',
f'{remote_api_url}{base_url}{encoded_path}',
headers=headers,
**kwargs,
)
@@ -1,27 +1,26 @@
import logging
import os

from django.contrib.auth.decorators import login_required
from django.core.exceptions import ObjectDoesNotExist
from django.http import FileResponse, Http404
from django.shortcuts import redirect
from django.views.decorators.gzip import gzip_page
from rest_framework.decorators import api_view

from airavata_django_portal_sdk import user_storage

logger = logging.getLogger(__name__)


@login_required
@api_view()
def download(request):
data_product_uri = request.GET.get('data-product-uri', '')
download_url = user_storage.get_download_url(request, data_product_uri=data_product_uri)
return redirect(download_url)


# TODO: moving this view out of REST API means losing access token based authentication
@gzip_page
@login_required
@api_view()
def download_file(request):
data_product_uri = request.GET.get('data-product-uri', '')
force_download = 'download' in request.GET
@@ -2,6 +2,7 @@ bcrypt==3.1.7
cffi==1.14.1
cryptography==3.0
Django==2.2.17
djangorestframework==3.10.3
google-api-python-client==1.12.8
grpcio-tools==1.34.1
grpcio==1.34.1
@@ -23,8 +23,9 @@ def read(fname):
packages=find_packages(),
install_requires=[
"django",
"django-rest-framework",
# Installed from git repo; see requirements.txt for details
"airavata-python-sdk"
"airavata-python-sdk",
],
classifiers=[
"Development Status :: 4 - Beta",

0 comments on commit 6672f54

Please sign in to comment.