feat(auth): add sdk for JWT token generation and validation;

Max Nikitenko · Max Nikitenko · commit 7771fb437494 · 2023-02-12T17:16:16.000+02:00
diff --git a/README.md b/README.md
@@ -9,7 +9,8 @@ Architecture part described in Margay Gateway core [repository](https://github.c
 - Setup Subscriber or use example `examples/vanilla_worker.py` or `examples/vanilla_publisher.py` 
 - Setup client or use example `examples/vanilla_client.py`
   - You can generate auth token by using [cli](https://github.com/moaddib666/wss-api-gateway.go/blob/main/cmd/indentety_provider/encoder.go)
-  - Or just use your own identity provider
+  - By using sdk auth
+  - By using external indentety provider
 - Connect your backend
   - Basically that means:
     - You subscribe RMQ topic with your `CustomQueue` and listen for events
@@ -68,6 +69,18 @@ class EventPublisher(Publisher):
         self.publish_raw(event.serialize(), self.origin, recipient)
 ```
 
+## Auth
+### JWT
+```python
+from margay.sdk.auth import JWTAuth
+user = "John Snow"
+secret = "SuperSecret"
+identity_provider = JWTAuth(secret)
+token = identity_provider.issue_token(user)
+payload = identity_provider.verify_token(token, user)
+print(payload)
+```
+
 ## Debugging
 Set debug for SDKLogger
 ```python
diff --git a/margay/sdk/auth/__init__.py b/margay/sdk/auth/__init__.py
@@ -6,20 +6,41 @@
 
 class JWTAuth:
     encoder = jwt.encode
+    decoder = jwt.decode
+    algorithm = "HS256"
+
+    class InvalidToken(Exception):
+        pass
 
     def __init__(self, secret: str):
         self.secret = secret
 
     def issue_token(self, client: str) -> str:
-        return self.encoder(self.get_claims(client), self.secret, algorithm="HS256")
+        return self.encoder(
+            self.get_claims(client), self.secret, algorithm=self.algorithm
+        )
+
+    def verify_token(self, token: str, client: str) -> dict:
+        data = self.decoder(
+            token,
+            self.secret,
+            algorithms=self.algorithm,
+            audience=self._audience,
+            issuer=self._issuer,
+        )
+        if data.get("jti") != client:
+            raise self.InvalidToken(token)
+        return data
 
-    @staticmethod
-    def get_claims(client: str, ttl_hours=24) -> dict:
+    def get_claims(self, client: str, ttl_hours=24) -> dict:
         return {
-            "Audience": "localhost",
-            "ExpiresAt": datetime.now(tz=timezone.utc) + timedelta(hours=ttl_hours),
-            "Id": client,
-            "IssuedAt": datetime.now(tz=timezone.utc),
-            "Issuer": f"MargayPythonSDK-{socket.gethostname()}",
-            "Subject": "client",
+            "aud": self._audience,
+            "exp": datetime.now(tz=timezone.utc) + timedelta(hours=ttl_hours),
+            "jti": client,
+            "iat": datetime.now(tz=timezone.utc),
+            "iss": self._issuer,
+            "sub": "client",
         }
+
+    _audience = "localhost"
+    _issuer = f"MargayPythonSDK-{socket.gethostname()}"
