From 3ea513785a9fb5268ade487329f1f3a6d8b757a8 Mon Sep 17 00:00:00 2001
From: "Oksanen, Ilkka (Nokia - FI/Espoo)" <ilkka.oksanen@nokia.com>
Date: Sat, 9 Nov 2019 16:55:12 +0200
Subject: [PATCH] Add api with which nginx can authenticate users

---
 webapp/urls.py  |  3 ++-
 webapp/views.py | 41 +++++++++++++++++++++++++++++------------
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/webapp/urls.py b/webapp/urls.py
index 535a13d..b29953a 100644
--- a/webapp/urls.py
+++ b/webapp/urls.py
@@ -3,7 +3,7 @@
 from django.conf.urls import url, include
 from rest_framework import routers
 from rest_framework_jwt.views import obtain_jwt_token, verify_jwt_token
-from webapp.views import about_view
+from webapp.views import about_view, nginx_jwt_resp
 
 
 from webapp.views import *
@@ -29,4 +29,5 @@ urlpatterns = [
     url(r'^api/api-token-verify/', verify_jwt_token),
     # git revision
     url(r'^about', about_view),
+    url(r'^jwt_nginx', nginx_jwt_resp),
 ]
diff --git a/webapp/views.py b/webapp/views.py
index 2faef8c..b6a8d89 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -1,29 +1,31 @@
 """Webapp views."""
 
+import jwt
+# import logging
+# import requests
+from dealer.git import git
+from django.conf import settings
+from django.contrib.auth import authenticate, login, logout
+from django.http import HttpResponse
 # from django.db.models import Count
-from django.shortcuts import render, redirect
-from django.contrib.auth import login, logout, authenticate
+from django.shortcuts import redirect, render
 from django.views.decorators.http import require_http_methods
+from django_filters import rest_framework as filters
 # from django.views.decorators.csrf import ensure_csrf_cookie
 # from django.http import HttpResponse, HttpResponseRedirect
 # from django.contrib.auth.decorators import permission_required, login_required
 # from django.conf import settings
 # from django.utils import timezone
-from rest_framework import viewsets, routers
+from rest_framework import permissions, routers, viewsets
+from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
-from django_filters import rest_framework as filters
-from rest_framework.filters import SearchFilter, OrderingFilter
-from rest_framework import permissions
-# import logging
-# import requests
-from dealer.git import git
 
-from webapp.models import Event, SignupForm, Signup, TemplateQuestion, Feed,\
-    Committee, Official, Tag
-from webapp.serializers import *
 from members.views.utils import *
+from webapp.models import (Committee, Event, Feed, Official, Signup,
+                           SignupForm, Tag, TemplateQuestion)
+from webapp.serializers import *
 
 
 class IsPostOrIsAuthenticated(permissions.BasePermission):
@@ -207,3 +209,18 @@ def contact_view(request, *args, **kwargs):
     }
 
     return render(request, "contact.html", context)
+
+
+@require_http_methods(["GET"])
+def nginx_jwt_resp(request, *args, **kwargs):
+    cookie = request.COOKIES.get("jwt", None)
+    if not cookie:
+        return HttpResponse("", status=401)
+    try:
+        token = jwt.decode(cookie, settings.SECRET_KEY)
+    except jwt.exceptions.InvalidSignatureError:
+        return HttpResponse("", status=403)
+    user = 'admin' if token.get('username', '') == 'admin' else 'moderator'
+    resp = HttpResponse("", status=200)
+    resp['X-FBrowser-User'] = user
+    return resp