STAC: cleanup

developmentseed · Aug 8, 2024 · 886ca38 · 886ca38
1 parent 58e256b
commit 886ca38
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 44 deletions.
diff --git a/runtimes/eoapi/stac/eoapi/stac/app.py b/runtimes/eoapi/stac/eoapi/stac/app.py
@@ -5,7 +5,7 @@
 from eoapi.stac.auth import AuthSettings, OidcAuth
 from eoapi.stac.config import ApiSettings
 from eoapi.stac.extension import TiTilerExtension
-from fastapi import FastAPI
+from fastapi import FastAPI, Security
 from fastapi.responses import ORJSONResponse
 from stac_fastapi.api.app import StacApi
 from stac_fastapi.api.models import (
@@ -151,7 +151,7 @@ async def viewer_page(request: Request):
 
 
 if auth_settings.openid_configuration_url:
-    jwt_auth = OidcAuth(
+    oidc_auth = OidcAuth(
         # URL to the OpenID Connect discovery document (https://openid.net/specs/openid-connect-discovery-1_0.html)
         openid_configuration_url=auth_settings.openid_configuration_url,
         openid_configuration_internal_url=auth_settings.openid_configuration_internal_url,
@@ -160,18 +160,26 @@ async def viewer_page(request: Request):
         # To render scopes form on Swagger UI's login pop-up, populate with mapping of scopes to descriptions
         oauth2_supported_scopes={},
     )
-    jwt_auth.require_auth(
-        api=api,
-        routes={
-            f"{app.root_path}/{route}": ["POST", "PUT", "DELETE"]
+    api.add_route_dependencies(
+        [
+            {
+                "path": f"{app.root_path}/{route}",
+                "method": method,
+                "type": "http",
+            }
             for route in [
                 "collections",
                 "collections/{collectionId}",
                 "collections/{collectionId}/items",
                 "collections/{collectionId}/bulk_items",
                 "collections/{collectionId}/items/{itemId}",
             ]
-        },
-        # Populate with scopes required for these routes
-        required_scopes=[],
+            for method in ["POST", "PUT", "DELETE"]
+        ],
+        [
+            Security(
+                oidc_auth.valid_token_dependency,
+                scopes=None,  # Populate with scopes required for these routes
+            )
+        ],
     )
diff --git a/runtimes/eoapi/stac/eoapi/stac/auth.py b/runtimes/eoapi/stac/eoapi/stac/auth.py
@@ -8,7 +8,6 @@
 from fastapi.security.base import SecurityBase
 from pydantic import AnyHttpUrl
 from pydantic_settings import BaseSettings
-from stac_fastapi.api.app import StacApi
 import jwt
 
 logger = logging.getLogger(__name__)
@@ -43,27 +42,27 @@ class OidcAuth:
     valid_token_dependency: Callable[..., Any] = field(init=False)
 
     def __post_init__(self):
-        oidc_config_url = str(
-            self.openid_configuration_internal_url or self.openid_configuration_url
-        )
-        with urllib.request.urlopen(oidc_config_url) as response:
+        with urllib.request.urlopen(
+            str(self.openid_configuration_internal_url or self.openid_configuration_url)
+        ) as response:
             if response.status != 200:
                 raise Exception(
                     f"Request for OIDC config failed with status {response.status}"
                 )
             oidc_config = json.load(response)
-        self.jwks_client = jwt.PyJWKClient(oidc_config["jwks_uri"])
+            self.jwks_client = jwt.PyJWKClient(oidc_config["jwks_uri"])
+
         self.auth_scheme = security.OpenIdConnect(
-            openIdConnectUrl=self.openid_configuration_url.unicode_string()
+            openIdConnectUrl=str(self.openid_configuration_url)
         )
-        self.valid_token_dependency = self.create_user_token_dependency(
+        self.valid_token_dependency = self.create_auth_token_dependency(
             auth_scheme=self.auth_scheme,
             jwks_client=self.jwks_client,
             allowed_jwt_audiences=self.allowed_jwt_audiences,
         )
 
     @staticmethod
-    def create_user_token_dependency(
+    def create_auth_token_dependency(
         auth_scheme: SecurityBase,
         jwks_client: jwt.PyJWKClient,
         allowed_jwt_audiences: Sequence[str],
@@ -72,7 +71,7 @@ def create_user_token_dependency(
         Create a dependency that validates JWT tokens & scopes.
         """
 
-        def user_token(
+        def auth_token(
             token_str: Annotated[str, Security(auth_scheme)],
             required_scopes: security.SecurityScopes,
         ):
@@ -115,28 +114,4 @@ def user_token(
 
             return payload
 
-        return user_token
-
-    def require_auth(
-        self,
-        *,
-        api: StacApi,
-        routes: Dict[str, Sequence[str]],
-        required_scopes: Optional[Sequence[str]],
-    ):
-        """
-        Helper to add auth dependencies to existing routes.
-        """
-        api.add_route_dependencies(
-            [
-                {
-                    "path": path,
-                    "method": method,
-                    "type": "http",
-                }
-                for path, methods in routes.items()
-                for method in methods
-            ],
-            [Security(self.valid_token_dependency, scopes=required_scopes)],
-        )
-        return self
+        return auth_token