Mercurial > hg > orthanc-tests
view NewTests/Authorization/auth_service.py @ 741:d21ff981e7a1 default tip
fix forbidden access to file on mercurial server
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Fri, 15 Nov 2024 09:39:01 +0100 |
parents | 3ac37a99a093 |
children |
line wrap: on
line source
from fastapi import FastAPI import logging from models import * import pprint # Sample Authorization service that is started when the test starts. # It does not check token validity and simply implements a set of basic users logger = logging.getLogger() logger.setLevel(logging.DEBUG) app = FastAPI() @app.post("/user/get-profile") def get_user_profile(user_profile_request: UserProfileRequest): logging.info("get user profile: " + user_profile_request.json()) p = UserProfileResponse( name="anonymous", permissions=[], authorized_labels=[], validity=60 ) if user_profile_request.token_key == "user-token-key": if user_profile_request.token_value == "token-uploader": p = UserProfileResponse( name="uploader", permissions=["upload", "edit-labels", "delete", "view"], authorized_labels=["*"], validity=60 ) elif user_profile_request.token_value == "token-admin": p = UserProfileResponse( name="admin", permissions=["all"], authorized_labels=["*"], validity=60 ) elif user_profile_request.token_value == "token-user-a": p = UserProfileResponse( name="user-a", permissions=["view"], authorized_labels=["label_a"], validity=60 ) elif user_profile_request.token_value == "token-uploader-a": # this use shall be able to upload anything but view only the labeled studies p = UserProfileResponse( name="uploader-a", permissions=["view", "upload"], authorized_labels=["label_a"], validity=60 ) return p @app.post("/tokens/validate") def validate_authorization(request: TokenValidationRequest): logging.info("validating token: " + request.json()) granted = False if request.token_value == "token-a-study": granted = request.orthanc_id == "b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0" if request.token_value == "token-b-study": granted = request.orthanc_id == "27f7126f-4f66fb14-03f4081b-f9341db2-53925988" if request.token_value == "token-both-studies": granted = request.orthanc_id in ["b9c08539-26f93bde-c81ab0d7-bffaf2cb-a4d0bdd0", "27f7126f-4f66fb14-03f4081b-f9341db2-53925988"] response = TokenValidationResponse( granted=granted, validity=60 ) logging.info("validate token: " + response.json()) return response