feat(passports): allow POST to DRS access endpoint with passport

uc-cdis · Jul 27, 2021 · fbb468d · fbb468d
1 parent cc9deac
commit fbb468d
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/indexd/default_settings.py b/indexd/default_settings.py
@@ -4,6 +4,8 @@
 
 CONFIG = {}
 
+CONFIG["GA4GH_DRS_POSTED_PASSPORT_FIELD"] = "auth"
+
 CONFIG["JSONIFY_PRETTYPRINT_REGULAR"] = False
 AUTO_MIGRATE = True
 

diff --git a/indexd/drs/blueprint.py b/indexd/drs/blueprint.py
@@ -1,5 +1,6 @@
 import flask
 import json
+from indexd.config import config
 from indexd.errors import AuthError, AuthzError
 from indexd.errors import UserError
 from indexd.index.errors import NoRecordFound as IndexNoRecordFound
@@ -70,13 +71,18 @@ def list_drs_records():
     methods=["GET"],
 )
 @blueprint.route(
-    "/ga4gh/drs/v1/objects/<path:object_id>/access/<path:access_id>", methods=["GET"]
+    "/ga4gh/drs/v1/objects/<path:object_id>/access/<path:access_id>",
+    methods=["GET", "POST"],
 )
 def get_signed_url(object_id, access_id):
     if not access_id:
         raise (UserError("Access ID/Protocol is required."))
     res = flask.current_app.fence_client.get_signed_url_for_object(
-        object_id=object_id, access_id=access_id
+        object_id=object_id,
+        access_id=access_id,
+        passport=flask.request.get_json(force=True, silent=True).get(
+            flask.current_app.config["GA4GH_DRS_POSTED_PASSPORT_FIELD"]
+        ),
     )
     if not res:
         raise IndexNoRecordFound("No signed url found")

diff --git a/indexd/fence_client.py b/indexd/fence_client.py
@@ -16,7 +16,7 @@ class FenceClient(object):
     def __init__(self, url):
         self.url = url
 
-    def get_signed_url_for_object(self, object_id, access_id):
+    def get_signed_url_for_object(self, object_id, access_id, passport=None):
         fence_server = self.url
         api_url = fence_server.rstrip("/") + "/data/download/"
         url = api_url + object_id
@@ -29,7 +29,18 @@ def get_signed_url_for_object(self, object_id, access_id):
             if flask.request.query_string:
                 url = f"{url}&{flask.request.query_string.decode()}"
         try:
-            req = requests.get(url, headers=headers)
+            if not passport:
+                req = requests.get(url, headers=headers)
+            else:
+                req = requests.post(
+                    url,
+                    headers=headers,
+                    body={
+                        flask.current_app.config[
+                            "GA4GH_DRS_POSTED_PASSPORT_FIELD"
+                        ]: passport
+                    },
+                )
         except Exception as e:
             logger.error("failed to reach fence at {0}: {1}".format(url + object_id, e))
             raise IndexdUnexpectedError("Failed to retrieve access url")