-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.py
More file actions
54 lines (39 loc) · 1.53 KB
/
main.py
File metadata and controls
54 lines (39 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from fastapi import FastAPI, Response, status, responses
import os
import logging
import telemetry
OTLP_GRPC_ENDPOINT = os.getenv("OTLP_GRPC_ENDPOINT", "tempo:4317")
app_name = "refinery-authorizer"
app = FastAPI(title=app_name)
if telemetry.ENABLE_TELEMETRY:
print("WARNING: Running telemetry.", flush=True)
telemetry.setting_app_name(app_name)
telemetry.setting_otlp(app, app_name=app_name, endpoint=OTLP_GRPC_ENDPOINT)
app.add_middleware(telemetry.PrometheusMiddleware, app_name=app_name)
app.add_route("/metrics", telemetry.metrics)
# Filter out /metrics
logging.getLogger("uvicorn.access").addFilter(
lambda record: "GET /metrics" not in record.getMessage()
)
@app.get("/health")
async def root():
return {"alive": "true"}
@app.post("/authorize")
def authorize(body: dict, response: Response):
if body["resource"] == "kratos:admin":
return resolve_kratos_admin(body, response)
response.status_code = status.HTTP_403_FORBIDDEN
return {"status": "not authorized"}
def resolve_kratos_admin(body, response):
subject = body["subject"]["identity"]
if (
subject["traits"]["email"].split("@")[1] == "kern.ai"
and subject["verifiable_addresses"][0]["verified"]
):
response.status_code = status.HTTP_200_OK
return {"status": "authorized"}
response.status_code = status.HTTP_403_FORBIDDEN
return {"status": "not authorized"}
@app.get("/healthcheck")
def healthcheck() -> responses.PlainTextResponse:
return responses.PlainTextResponse("OK")