ceph · kamoltat · Sep 11, 2023 · Aug 16, 2023 · Aug 16, 2023 · Aug 16, 2023
diff --git a/.env.dev b/.env.dev
@@ -0,0 +1,15 @@
+DEPLOYMENT=development
+PADDLES_URL=http://localhost:8080
+PULPITO_URL=http://localhost:8081
+
+# Github Related Stuff
+GH_CLIENT_ID=
+GH_CLIENT_SECRET=
+GH_AUTHORIZATION_BASE_URL='https://github.com/login/oauth/authorize'
+GH_TOKEN_URL='https://github.com/login/oauth/access_token'
+GH_FETCH_MEMBERSHIP_URL='https://api.github.com/user/memberships/orgs/ceph'
+
+#Session Related Stuff
+## SESSION_SECRET_KEY is used to encrypt session data 
+## and it's prod value should be kept secret.
+SESSION_SECRET_KEY=my-secret-key
diff --git a/README.md b/README.md
@@ -7,7 +7,16 @@ A REST API to execute [teuthology commands](https://docs.ceph.com/projects/teuth
 #### Option 1: (teuthology docker setup)
 
 1. Clone [teuthology](https://github.com/ceph/teuthology) and [teuthology-api](https://github.com/VallariAg/teuthology-api).
-2. Add the following to [teuthology's docker-compose](https://github.com/ceph/teuthology/blob/main/docs/docker-compose/docker-compose.yml) services.
+2. Rename `.env.dev` file to `.env`. 
+3. Configure secrets:
+
+   3.1. Create a Github OAuth Application by following [these](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app) instructions. Set "Homepage URL" as `http://localhost:8082/` and "Authorization callback URL" as `http://localhost:8082/login/callback/`. 
+
+   3.2. Ensure [ceph](https://github.com/ceph) belongs in your public list of organizations[[ref](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/about-organization-membership)]. By default your membership is set private, change that to public by following [these](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/publicizing-or-hiding-organization-membership) steps.
+
+   3.3. Save `CLIENT_ID` and `CLIENT_SECRET` from your Github OAuth App to your local `.env` file as `GH_CLIENT_ID` and `GH_CLIENT_SECRET`.
+
+4. Add the following to [teuthology's docker-compose](https://github.com/ceph/teuthology/blob/main/docs/docker-compose/docker-compose.yml) services.
     ```
     teuthology_api:
         build:
@@ -21,7 +30,7 @@ A REST API to execute [teuthology commands](https://docs.ceph.com/projects/teuth
             - teuthology
             - paddles
     ```
-3. Follow teuthology development setup instructions from [here](https://github.com/ceph/teuthology/tree/main/docs/docker-compose).
+5. Follow teuthology development setup instructions from [here](https://github.com/ceph/teuthology/tree/main/docs/docker-compose).
 
 ## Documentation
 

diff --git a/src/main.py b/src/main.py
@@ -10,6 +10,8 @@
 
 DEPLOYMENT = os.getenv("DEPLOYMENT")
 SESSION_SECRET_KEY = os.getenv("SESSION_SECRET_KEY")
+PULPITO_URL = os.getenv("PULPITO_URL")
+PADDLES_URL = os.getenv("PADDLES_URL")
 
 log = logging.getLogger(__name__)
 app = FastAPI()
@@ -26,7 +28,7 @@ def read_root(request: Request):
 if DEPLOYMENT == "development":
     app.add_middleware(
         CORSMiddleware,
-        allow_origins=["*"],
+        allow_origins=[PULPITO_URL, PADDLES_URL],
         allow_credentials=True,
         allow_methods=["*"],
         allow_headers=["*"],

diff --git a/src/routes/login.py b/src/routes/login.py
@@ -1,7 +1,7 @@
 import logging
 import os
 from fastapi import APIRouter, HTTPException, Request
-from starlette.responses import RedirectResponse
+from fastapi.responses import RedirectResponse
 from dotenv import load_dotenv
 import httpx
 
@@ -12,6 +12,7 @@
 GH_AUTHORIZATION_BASE_URL = os.getenv("GH_AUTHORIZATION_BASE_URL")
 GH_TOKEN_URL = os.getenv("GH_TOKEN_URL")
 GH_FETCH_MEMBERSHIP_URL = os.getenv("GH_FETCH_MEMBERSHIP_URL")
+PULPITO_URL = os.getenv("PULPITO_URL")
 
 log = logging.getLogger(__name__)
 router = APIRouter(
@@ -27,6 +28,8 @@ async def github_login():
     GET route for /login, (If first time) will redirect to github login page
     where you should authorize the app to gain access.
     """
+    if not GH_AUTHORIZATION_BASE_URL or not GH_CLIENT_ID:
+        return HTTPException(status_code=500, detail="Environment secrets are missing.")
     scope = "read:org"
     return RedirectResponse(
         f"{GH_AUTHORIZATION_BASE_URL}?client_id={GH_CLIENT_ID}&scope={scope}",
@@ -82,4 +85,13 @@ async def handle_callback(code: str, request: Request):
             "access_token": token,
         }
         request.session["user"] = data
-    return RedirectResponse(url="/")
+    cookie_data = {
+        "username": data["username"],
+        "avatar_url": response_org_dic.get("user", {}).get("avatar_url"),
+    }
+    cookie = "; ".join(
+        [f"{str(key)}={str(value)}" for key, value in cookie_data.items()]
+    )
+    response = RedirectResponse(PULPITO_URL)
+    response.set_cookie(key="GH_USER", value=cookie)
+    return response
diff --git a/src/routes/logout.py b/src/routes/logout.py
@@ -1,7 +1,10 @@
-import logging
+import logging, os
 from fastapi import APIRouter, HTTPException, Request
+from fastapi.responses import RedirectResponse
 
+PULPITO_URL = os.getenv("PULPITO_URL")
 log = logging.getLogger(__name__)
+
 router = APIRouter(
     prefix="/logout",
     tags=["logout"],
@@ -17,7 +20,7 @@ def logout(request: Request):
     user = request.session.get("user")
     if user:
         request.session.pop("user", None)
-        return {"logout": "success"}
+        return RedirectResponse(PULPITO_URL)
     log.warning("No session found, probably already logged out.")
     raise HTTPException(
         status_code=204, detail="No session found, probably already logged out."