Skip to content

Commit ccd06d1

Browse files
GodwinShenGodwinShen
committed
Add check for token expiry and re-factor code for cleanliness
1 parent 62e2435 commit ccd06d1

File tree

1 file changed

+25
-36
lines changed

1 file changed

+25
-36
lines changed

flaskProxyWithAuth.py

Lines changed: 25 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import requests
66
from http.client import HTTPConnection
77
import logging
8+
from time import time
89
from werkzeug.middleware.proxy_fix import ProxyFix
910

1011
#load_dotenv()
@@ -36,12 +37,27 @@ def internal_request_handler(request, target_url="http://localhost:80"):
3637
response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
3738
response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization"
3839

39-
print(f"Response from target URL: {target_url}")
40+
#print(f"Response from target URL: {target_url}")
4041
print(f"Response status code: {resp.status_code}")
4142
print(f"Response headers: {headers}")
4243

4344
return response
4445

46+
def is_token_expired(token):
47+
if not token or 'expires_at' not in token:
48+
return True
49+
return token['expires_at'] < time()
50+
51+
def check_user_session_then_proxy(target_url="http://localhost:80"):
52+
user = session.get("user")
53+
token = session.get("token")
54+
if user and token and not is_token_expired(token):
55+
return internal_request_handler(request, target_url)
56+
else:
57+
session.pop("user", None)
58+
session.pop("token", None)
59+
redirect_uri = url_for("oauth2", _external=True)
60+
return oauth.keycloak.authorize_redirect(redirect_uri)
4561

4662
app = Flask(__name__)
4763
app.secret_key = os.getenv("FLASK_SECRET_KEY")
@@ -50,6 +66,7 @@ def internal_request_handler(request, target_url="http://localhost:80"):
5066
)
5167

5268
internal_app_port = os.getenv("INTERNAL_APPLICATION_PORT", 80)
69+
inbound_port = os.getenv("INBOUND_PORT", 8088)
5370

5471
oauth = OAuth(app)
5572
oauth.register(
@@ -62,56 +79,28 @@ def internal_request_handler(request, target_url="http://localhost:80"):
6279

6380
@app.route("/", methods=["GET", "POST", "PUT", "DELETE"])
6481
def index():
65-
user = session.get("user")
66-
if user:
67-
#return jsonify({"message": "You are authenticated!", "user": user}), 200
68-
target_url = f"http://localhost:{internal_app_port}/"
69-
return internal_request_handler(request, target_url)
70-
else:
71-
redirect_uri = url_for("oauth2", _external=True)
72-
return oauth.keycloak.authorize_redirect(redirect_uri)
73-
# return render_template_string('''
74-
# <h1>Hello, you are not logged in.</h1>
75-
# <form action="{{ url_for('login_flask') }}" method="post">
76-
# <button type="submit">Login</button>
77-
# </form>
78-
# ''')
82+
target_url = f"http://localhost:{internal_app_port}/"
83+
return check_user_session_then_proxy(target_url)
7984

8085
# Custom route to handle arbitrary path sequences
8186
@app.route("/<path:some_path>", methods=["GET", "POST", "PUT", "DELETE"])
8287
def flask_internal_proxy(some_path):
83-
user = session.get("user")
84-
if user:
85-
target_url = f"http://localhost:{internal_app_port}/{some_path}"
86-
return internal_request_handler(request, target_url)
87-
else:
88-
redirect_uri = url_for("oauth2", _external=True)
89-
return oauth.keycloak.authorize_redirect(redirect_uri)
90-
# return render_template_string('''
91-
# <h1>Hello, you are not logged in.</h1>
92-
# <form action="{{ url_for('login_flask') }}" method="post">
93-
# <button type="submit">Login</button>
94-
# </form>
95-
# ''')
96-
97-
# Login page
98-
@app.route("/login_flask", methods=["POST"])
99-
def login_flask():
100-
redirect_uri = url_for("oauth2", _external=True)
101-
return oauth.keycloak.authorize_redirect(redirect_uri)
88+
target_url = f"http://localhost:{internal_app_port}/{some_path}"
89+
return check_user_session_then_proxy(target_url)
10290

10391
# Auth callback
10492
@app.route("/oauth2")
10593
def oauth2():
10694
token = oauth.keycloak.authorize_access_token()
107-
#print(token)
10895
session["user"] = oauth.keycloak.parse_id_token(token, None)
96+
session["token"] = token
10997
return redirect("/")
11098

11199
# Logout
112100
@app.route("/logout", methods=["POST"])
113101
def logout():
114102
session.pop("user", None)
103+
session.pop("token", None)
115104
logout_url = f"{os.getenv('KEYCLOAK_LOGOUT_URL')}?redirect_uri={url_for('index', _external=True)}"
116105
return redirect(logout_url)
117106

@@ -124,4 +113,4 @@ def logout():
124113
requests_log.setLevel(logging.DEBUG)
125114
requests_log.propagate = True
126115

127-
app.run(host="0.0.0.0", port=8088, debug=True)
116+
app.run(host="0.0.0.0", port=inbound_port, debug=True)

0 commit comments

Comments
 (0)