PK)ƒxG>yu|oauth2_proxy/__init__.py__version__ = '1.0.8' PK)ƒxG«Ú‰ßßoauth2_proxy/app.py#!/usr/bin/env python3 import json import logging import os import requests import flask from flask import Flask, redirect, url_for, session, request, send_from_directory from flask_oauthlib.client import OAuth, OAuthRemoteApp from urllib.parse import urlparse logging.basicConfig(level=logging.DEBUG) logging.getLogger('requests.packages.urllib3.connectionpool').setLevel(logging.INFO) sess = requests.Session() adapter = requests.adapters.HTTPAdapter(pool_connections=100, pool_maxsize=100) sess.mount('http://', adapter) sess.mount('https://', adapter) app = Flask(__name__) app.debug = os.getenv('APP_DEBUG') == 'true' app.secret_key = os.getenv('APP_SECRET_KEY', 'development') oauth = OAuth(app) class OAuthRemoteAppWithRefresh(OAuthRemoteApp): '''Same as flask_oauthlib.client.OAuthRemoteApp, but always loads client credentials from file.''' def __init__(self, oauth, name, **kwargs): # constructor expects some values, so make it happy.. kwargs['consumer_key'] = 'not-needed-here' kwargs['consumer_secret'] = 'not-needed-here' OAuthRemoteApp.__init__(self, oauth, name, **kwargs) def refresh_credentials(self): with open(os.path.join(os.getenv('CREDENTIALS_DIR', ''), 'client.json')) as fd: client_credentials = json.load(fd) self._consumer_key = client_credentials['client_id'] self._consumer_secret = client_credentials['client_secret'] @property def consumer_key(self): self.refresh_credentials() return self._consumer_key @property def consumer_secrect(self): self.refresh_credentials() return self._consumer_secret auth = OAuthRemoteAppWithRefresh( oauth, 'auth', request_token_params={'scope': 'uid'}, base_url='https://auth.zalando.com/', request_token_url=None, access_token_method='POST', access_token_url='https://auth.zalando.com/oauth2/access_token?realm=employees', authorize_url='https://auth.zalando.com/oauth2/authorize?realm=employees' ) oauth.remote_apps['auth'] = auth UPSTREAMS = os.getenv('APP_UPSTREAM', '').split(',') @app.route('/', defaults={'path': ''}) @app.route('/') def index(path): if 'auth_token' in session: if UPSTREAMS: abs_path = '/{}'.format(path.strip('/')) for url in UPSTREAMS: o = urlparse(url) if abs_path.startswith(o.path): parts = flask.request.url.split('/', 3) path_query = parts[-1] upstream_url = '{scheme}://{netloc}/{path}'.format(scheme=o.scheme, netloc=o.netloc, path=path_query) upstream_response = sess.get(upstream_url) headers = {} for key, val in upstream_response.headers.items(): if key in set(['Content-Type']): headers[key] = val response = flask.Response(upstream_response.content, upstream_response.status_code, headers) return response else: # serve static files if not path: path = 'index.html' return send_from_directory(os.getenv('APP_ROOT_DIR', './'), path) return redirect(url_for('login')) @app.route('/health') def health(): return 'OK' @app.route('/login') def login(): return auth.authorize(callback=os.getenv('APP_URL', '').rstrip('/') + '/login/authorized') @app.route('/logout') def logout(): session.pop('auth_token', None) return redirect(url_for('index')) @app.route('/login/authorized') def authorized(): resp = auth.authorized_response() if resp is None: return 'Access denied: reason=%s error=%s' % ( request.args['error'], request.args['error_description'] ) print(resp) if not isinstance(resp, dict): return 'Invalid auth response' session['auth_token'] = (resp['access_token'], '') return redirect(url_for('index')) @auth.tokengetter def get_auth_oauth_token(): return session.get('auth_token') # WSGI application application = app if __name__ == '__main__': # development mode: run Flask dev server app.run() PK)ƒxG^ˆ)ñ~~,oauth2_proxy-1.0.8.dist-info/DESCRIPTION.rst============ OAuth2 Proxy ============ .. image:: https://img.shields.io/pypi/dw/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: PyPI Downloads .. image:: https://img.shields.io/pypi/v/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: Latest PyPI version .. image:: https://img.shields.io/pypi/l/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: License Flask application to serve static files to authenticated users (via OAuth 2 authorization flow). .. code-block:: bash $ sudo pip3 install -r requirements.txt $ python3 -m oauth2_proxy.app Environment Variables ====================== The following environment variables can be used for configuration: ``APP_DEBUG`` Enable debug output via HTTP by setting this property to ``true``. Do not set this flag in production. ``APP_ROOT_DIR`` Directory to serve static files from. ``APP_SECRET_KEY`` Random secret key to sign the session cookie. ``APP_URL`` Base URL of the application (needed for OAuth 2 redirect). ``CREDENTIALS_DIR`` Directory containing client.json PK)ƒxGå5[¿AA*oauth2_proxy-1.0.8.dist-info/metadata.json{"classifiers": ["Programming Language :: Python", "Programming Language :: Python :: 3.4", "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Operating System :: OS Independent"], "extensions": {"python.details": {"contacts": [{"name": "Zalando SE", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "https://github.com/zalando-stups/oauth2-proxy"}}}, "extras": [], "generator": "bdist_wheel (0.26.0)", "keywords": ["oauth", "flask", "proxy", "serve"], "license": "Apache License Version 2.0", "metadata_version": "2.0", "name": "oauth2-proxy", "run_requires": [{"requires": ["Flask", "Flask-OAuthlib", "requests"]}], "summary": "OAuth2 proxy with authorization/redirect flow", "test_requires": [{"requires": ["mock", "pytest", "pytest-cov"]}], "version": "1.0.8"}PK)ƒxGM¦¿ *oauth2_proxy-1.0.8.dist-info/top_level.txtoauth2_proxy PK)ƒxG}À‚¼\\"oauth2_proxy-1.0.8.dist-info/WHEELWheel-Version: 1.0 Generator: bdist_wheel (0.26.0) Root-Is-Purelib: true Tag: py3-none-any PK)ƒxGЙÖÖ%oauth2_proxy-1.0.8.dist-info/METADATAMetadata-Version: 2.0 Name: oauth2-proxy Version: 1.0.8 Summary: OAuth2 proxy with authorization/redirect flow Home-page: https://github.com/zalando-stups/oauth2-proxy Author: Zalando SE Author-email: UNKNOWN License: Apache License Version 2.0 Keywords: oauth flask proxy serve Platform: UNKNOWN Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3.4 Classifier: Development Status :: 4 - Beta Classifier: Intended Audience :: Developers Classifier: Operating System :: OS Independent Requires-Dist: Flask Requires-Dist: Flask-OAuthlib Requires-Dist: requests ============ OAuth2 Proxy ============ .. image:: https://img.shields.io/pypi/dw/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: PyPI Downloads .. image:: https://img.shields.io/pypi/v/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: Latest PyPI version .. image:: https://img.shields.io/pypi/l/oauth2-proxy.svg :target: https://pypi.python.org/pypi/oauth2-proxy/ :alt: License Flask application to serve static files to authenticated users (via OAuth 2 authorization flow). .. code-block:: bash $ sudo pip3 install -r requirements.txt $ python3 -m oauth2_proxy.app Environment Variables ====================== The following environment variables can be used for configuration: ``APP_DEBUG`` Enable debug output via HTTP by setting this property to ``true``. Do not set this flag in production. ``APP_ROOT_DIR`` Directory to serve static files from. ``APP_SECRET_KEY`` Random secret key to sign the session cookie. ``APP_URL`` Base URL of the application (needed for OAuth 2 redirect). ``CREDENTIALS_DIR`` Directory containing client.json PK)ƒxG?“O ¨¨#oauth2_proxy-1.0.8.dist-info/RECORDoauth2_proxy/__init__.py,sha256=mFFUUCx5TqyW1TTFRrWDhXXVMJDMRxXWrkHanVtp9oY,22 oauth2_proxy/app.py,sha256=l2lpV4dk9cyvwdDo-AmSAVvO6dZJ2kz8q1Cqk5SMip4,4319 oauth2_proxy-1.0.8.dist-info/DESCRIPTION.rst,sha256=88Qq-QhOtcOc8zVMG9toANwnYX_3pWl8tAXlQRQM2Jg,1150 oauth2_proxy-1.0.8.dist-info/METADATA,sha256=vpcULddLwwpVeLtZx8hn__1s9QUBPsBRl4vg_2WB7XQ,1750 oauth2_proxy-1.0.8.dist-info/RECORD,, oauth2_proxy-1.0.8.dist-info/WHEEL,sha256=zX7PHtH_7K-lEzyK75et0UBa3Bj8egCBMXe1M4gc6SU,92 oauth2_proxy-1.0.8.dist-info/metadata.json,sha256=AG4HE9ABK_djfZlseGI-3kHfxIBnEiYhkda1e0htDS8,833 oauth2_proxy-1.0.8.dist-info/top_level.txt,sha256=cTfbMcGpM6t-0lOn4ixL6TSJBJjpcL9R2rHlTZ3ggLc,13 PK)ƒxG>yu|oauth2_proxy/__init__.pyPK)ƒxG«Ú‰ßßLoauth2_proxy/app.pyPK)ƒxG^ˆ)ñ~~,\oauth2_proxy-1.0.8.dist-info/DESCRIPTION.rstPK)ƒxGå5[¿AA*$oauth2_proxy-1.0.8.dist-info/metadata.jsonPK)ƒxGM¦¿ *­oauth2_proxy-1.0.8.dist-info/top_level.txtPK)ƒxG}À‚¼\\"oauth2_proxy-1.0.8.dist-info/WHEELPK)ƒxGЙÖÖ%žoauth2_proxy-1.0.8.dist-info/METADATAPK)ƒxG?“O ¨¨#·!oauth2_proxy-1.0.8.dist-info/RECORDPK… $