Merge 63ec3de into 02b3f5b

kytos · Sep 24, 2020 · 69059bd · 69059bd
2 parents 02b3f5b + 63ec3de
commit 69059bd
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 6 deletions.
diff --git a/kytos/core/api_server.py b/kytos/core/api_server.py
@@ -17,6 +17,9 @@
 from flask_socketio import SocketIO, join_room, leave_room
 from werkzeug.exceptions import HTTPException
 
+from kytos.core.auth import authenticated
+from kytos.core.config import KytosConfig
+
 
 class APIServer:
     """Api server used to provide Kytos Controller routes."""
@@ -290,6 +293,34 @@ def store_route_params(function):
             return function
         return store_route_params
 
+    @staticmethod
+    def get_authenticate_options():
+        """Return configuration options related to authentication."""
+        options = KytosConfig().options['daemon']
+        return options.authenticate_urls
+
+    def authenticate_endpoints(self, napp):
+        """Add authentication to defined REST endpoints.
+
+        If any URL marked for authentication uses a function,
+        that function will require authentication.
+        """
+        authenticate_urls = self.get_authenticate_options()
+        for function in self._get_decorated_functions(napp):
+            if isinstance(function, (classmethod, staticmethod)):
+                inner = function.__func__
+            else:
+                inner = function
+            inner.authenticated = False
+            for rule, _ in function.route_params:
+                if inner.authenticated:
+                    break
+                absolute_rule = self.get_absolute_rule(rule, napp)
+                for url in authenticate_urls:
+                    if url in absolute_rule:
+                        inner.authenticated = True
+                        break
+
     def register_napp_endpoints(self, napp):
         """Add all NApp REST endpoints with @rest decorator.
 
@@ -309,8 +340,10 @@ def register_napp_endpoints(self, napp):
         for function in self._get_decorated_functions(napp):
             for rule, options in function.route_params:
                 absolute_rule = self.get_absolute_rule(rule, napp)
-                self._start_endpoint(napp_blueprint, absolute_rule, function,
-                                     **options)
+                if getattr(function, 'authenticated', False):
+                    function = authenticated(function)
+                self._start_endpoint(napp_blueprint, absolute_rule,
+                                     function, **options)
 
         # Register this Flask Blueprint in the Flask App
         self.app.register_blueprint(napp_blueprint)

diff --git a/kytos/core/config.py b/kytos/core/config.py
@@ -126,7 +126,8 @@ def parse_args(self):
                     'foreground': False,
                     'protocol_name': '',
                     'enable_entities_by_default': False,
-                    'napps_pre_installed': [],
+                    'napps_pre_installed': '[]',
+                    'authenticate_urls': '[]',
                     'vlan_pool': {},
                     'debug': False}
 
@@ -148,6 +149,9 @@ def parse_args(self):
         self.parser.set_defaults(**defaults)
 
         self.options['daemon'] = self._parse_options(argv)
+        authenticate_urls = self.options['daemon'].authenticate_urls
+        self.options['daemon'].authenticate_urls = json.loads(
+            authenticate_urls)
 
     def _parse_options(self, argv):
         """Create a Namespace using the given argv.

diff --git a/kytos/core/controller.py b/kytos/core/controller.py
@@ -786,6 +786,7 @@ def load_napp(self, username, napp_name):
         self.napps[(username, napp_name)] = napp
 
         napp.start()
+        self.api_server.authenticate_endpoints(napp)
         self.api_server.register_napp_endpoints(napp)
 
         # pylint: disable=protected-access

diff --git a/kytos/core/helpers.py b/kytos/core/helpers.py
@@ -2,9 +2,7 @@
 from datetime import datetime, timezone
 from threading import Thread
 
-from kytos.core.napps import rest
-
-__all__ = ['listen_to', 'now', 'rest', 'run_on_thread', 'get_time']
+__all__ = ['listen_to', 'now', 'run_on_thread', 'get_time']
 
 
 # APP_MSG = "[App %s] %s | ID: %02d | R: %02d | P: %02d | F: %s"

diff --git a/kytos/templates/kytos.conf.template b/kytos/templates/kytos.conf.template
@@ -69,3 +69,10 @@ vlan_pool = {}
 
 # The jwt_secret parameter is responsible for signing JSON Web Tokens.
 jwt_secret = {{ jwt_secret }}
+
+# Define URLs that will require authentication
+#
+# This must a be a list of part of URLs. For example, if "kytos/mef_eline"
+# is in the list, then every URL containing "kytos/mef_eline" will match
+# it and, therefore, require authentication.
+# authenticate_urls = ["kytos/mef_eline", "kytos/pathfinder"]