Merge pull request #958 from athenianco/generic-account-ids

[DEV-1234] Forward account IDs from the top-level handlers
athenianco · Nov 26, 2020 · c6cde6d · c6cde6d
2 parents 7cbe11f + 240a7d0
commit c6cde6d
Show file tree

Hide file tree

Showing 60 changed files with 1,039 additions and 698 deletions.
diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
@@ -17,6 +17,7 @@ docker run -it --rm --entrypoint python3 athenian/api -m athenian.api.models.sta
 The server requires:
 
 - (optional) `SENTRY_KEY`, `SENTRY_PROJECT` and `SENTRY_ENV` environment variables to enable error logging.
+- (optional) `ATHENIAN_MAX_CLIENT_SIZE` to limit the maximum request body size (256KB by default).
 - `AUTH0_DOMAIN`, `AUTH0_AUDIENCE`, `AUTH0_CLIENT_ID`, `AUTH0_CLIENT_SECRET` environment variables to enable authorization.
 - `ATHENIAN_DEFAULT_USER` environment variable that points to the Auth0 user ID used for unauthorized public requests.
 - `ATHENIAN_INVITATION_KEY` environment variable with the passphrase for encrypting invitation URLs.

diff --git a/server/MANHOLE.md b/server/MANHOLE.md
@@ -14,7 +14,7 @@ See [tests/test_manhole.py](tests/test_manhole.py) for the examples.
 - `await handler(request)` produces the original response.
 - Assign to `response` to override the response. If the value is not `None`, the regular handler
 will not be executed.
-- Assign to `global trace_sample_rate_manhole` to change the traces sampling rate in Sentry.
+- Assign to `athenian.api.trace_sample_rate_manhole` to change the traces sampling rate in Sentry.
 - The user is resolved inside the `handler`, so it is not possible to check them before calling
 `await handler(request)`. Thus `request.uid` emerges after the call.
 

diff --git a/server/athenian/api/__init__.py b/server/athenian/api/__init__.py
diff --git a/server/athenian/api/auth.py b/server/athenian/api/auth.py
@@ -24,6 +24,7 @@
 
 from athenian.api.async_utils import gather
 from athenian.api.cache import cached
+from athenian.api.controllers.account import get_user_account_status
 from athenian.api.kms import AthenianKMS
 from athenian.api.models.state.models import God, UserToken
 from athenian.api.models.web import GenericError
@@ -197,7 +198,12 @@ async def wrapper(request: ConnexionRequest):
                 token_info = get_authorization_info(auth_funcs, request, required_scopes)
                 # token_info = {"token": <token>, "method": "bearer" or "apikey"}
                 await self._set_user(request.context, **token_info)
-                # nothing important afterward, finish the auth processing
+                # check whether the user may access the specified account
+                if request.json and (account := request.json.get("account")) is not None:
+                    assert isinstance(account, int)
+                    await get_user_account_status(
+                        request.context.uid, account, request.context.sdb, request.context.cache)
+                # finish the auth processing and chain forward
                 return await function(request)
             return wrapper