Add --external-auth-endpoint

OpenDroneMap · Sep 6, 2023 · 4cd5a01 · 4cd5a01
1 parent 1b92ee1
commit 4cd5a01
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 9 deletions.
diff --git a/.env b/.env
@@ -10,3 +10,4 @@ WO_DEBUG=NO
 WO_DEV=NO
 WO_BROKER=redis://broker
 WO_DEFAULT_NODES=1
+WO_EXTERNAL_AUTH_ENDPOINT=
diff --git a/app/auth/backends.py b/app/auth/backends.py
@@ -2,15 +2,15 @@
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User
 from nodeodm.models import ProcessingNode
-from webodm.settings import EXTERNAL_AUTH_ENDPOINT, USE_EXTERNAL_AUTH
+from webodm.settings import EXTERNAL_AUTH_ENDPOINT
 from guardian.shortcuts import assign_perm
 import logging
 
 logger = logging.getLogger('app.logger')
 
 class ExternalBackend(ModelBackend):
     def authenticate(self, request, username=None, password=None):
-        if not USE_EXTERNAL_AUTH:
+        if EXTERNAL_AUTH_ENDPOINT == "":
             return None
 
         try:
@@ -20,10 +20,10 @@ def authenticate(self, request, username=None, password=None):
             }, headers={'Accept': 'application/json'})
             res = r.json()
 
+            # logger.info(res)
+
             if 'message' in res or 'error' in res:
                 return None
-
-            logger.info(res)
 
             if 'user_id' in res:
                 try:
@@ -33,6 +33,17 @@ def authenticate(self, request, username=None, password=None):
                     if user.username != username:
                         user.username = username
                         user.save()
+
+                    # Update quotas
+                    maxQuota = -1
+                    if 'maxQuota' in res:
+                        maxQuota = res['maxQuota']
+                    if 'node' in res and 'limits' in res['node'] and 'maxQuota' in res['node']['limits']:
+                        maxQuota = res['node']['limits']['maxQuota']
+
+                    if user.profile.quota != maxQuota:
+                        user.profile.quota = maxQuota
+                        user.save()
                 except User.DoesNotExist:
                     user = User(pk=res['user_id'], username=username)
                     user.save()
@@ -64,7 +75,7 @@ def authenticate(self, request, username=None, password=None):
             return None
 
     def get_user(self, user_id):
-        if not USE_EXTERNAL_AUTH:
+        if EXTERNAL_AUTH_ENDPOINT == "":
             return None
 
         try:

diff --git a/app/models/profile.py b/app/models/profile.py
@@ -18,7 +18,10 @@ def has_quota(self):
         return self.quota != -1
 
     def used_quota(self):
-        return Task.objects.filter(project__owner=self.user).aggregate(total=Sum('size'))['total']
+        q = Task.objects.filter(project__owner=self.user).aggregate(total=Sum('size'))['total']
+        if q is None:
+            q = 0
+        return q
 
     def has_exceeded_quota(self):
         if not self.has_quota():

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -33,6 +33,7 @@ services:
       - WO_BROKER
       - WO_DEV
       - WO_DEV_WATCH_PLUGINS
+      - WO_EXTERNAL_AUTH_ENDPOINT
     restart: unless-stopped
     oom_score_adj: 0
   broker:
@@ -52,5 +53,6 @@ services:
     environment:
       - WO_BROKER
       - WO_DEBUG
+      - WO_EXTERNAL_AUTH_ENDPOINT
     restart: unless-stopped
     oom_score_adj: 250
diff --git a/webodm.sh b/webodm.sh
@@ -130,6 +130,12 @@ case $key in
     shift # past argument
     shift # past value
     ;;
+    --external-auth-endpoint)
+    WO_EXTERNAL_AUTH_ENDPOINT="$2"
+    export WO_EXTERNAL_AUTH_ENDPOINT
+    shift # past argument
+    shift # past value
+    ;;
     *)    # unknown option
     POSITIONAL+=("$1") # save it in an array for later
     shift # past argument
@@ -170,6 +176,7 @@ usage(){
   echo "	--broker	Set the URL used to connect to the celery broker (default: $DEFAULT_BROKER)"
   echo "	--detached	Run WebODM in detached mode. This means WebODM will run in the background, without blocking the terminal (default: disabled)"
   echo "	--gpu	Use GPU NodeODM nodes (Linux only) (default: disabled)"
+  echo "	--external-auth-endpoint	External authentication endpoint (default: disabled)"
   exit
 }
 
@@ -339,6 +346,7 @@ start(){
 	echo "SSL insecure port redirect: $WO_SSL_INSECURE_PORT_REDIRECT"
 	echo "Celery Broker: $WO_BROKER"
 	echo "Default Nodes: $WO_DEFAULT_NODES"
+	echo "External auth endpoint: $WO_EXTERNAL_AUTH_ENDPOINT"
 	echo "================================"
 	echo "Make sure to issue a $0 down if you decide to change the environment."
 	echo ""

diff --git a/webodm/settings.py b/webodm/settings.py
@@ -391,9 +391,7 @@ def scalebyiv(color, n):
 # before it should be considered offline
 NODE_OFFLINE_MINUTES = 5 
 
-USE_EXTERNAL_AUTH = True # TODO: change
-EXTERNAL_AUTH_ENDPOINT = "http://192.168.2.253:5000/r/auth/login"
-# TODO: make these env vars?
+EXTERNAL_AUTH_ENDPOINT = os.environ.get('WO_EXTERNAL_AUTH_ENDPOINT', '')
 
 # Number of hours before tasks are automatically deleted
 # from an account that is exceeding a disk quota