# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import datetime import jwt import requests from flask import request, jsonify from functools import wraps import config, auth_options jwt_secret_key = '' # To be loaded from config.JWT_SECRET_KEY_PATH def load_jwt_secret_key(): with open(config.JWT_SECRET_KEY_PATH, 'r') as key_file: jwt_secret_key = key_file.read() def check_auth(token): if (config.AUTH_OPTION == 'SalesforceLWC'): return auth_options.check_salesforce_lwc_token(token) elif (config.AUTH_OPTION == 'Salesforce'): return auth_options.check_salesforce_token(token) elif (config.AUTH_OPTION == 'GenesysCloud'): return auth_options.check_genesyscloud_token(token) elif (config.AUTH_OPTION == 'Twilio'): return auth_options.check_twilio_token(token) elif (config.AUTH_OPTION == 'Skip'): return True # Customize your authentication method here. # elif (config.AUTH_OPTION == 'Your Auth Option'): # return auth_options.check_my_token(token) return False def check_jwt(token): try: # Decode the payload to fetch the stored details. data = jwt.decode(token, jwt_secret_key, algorithms=['HS256']) if 'gcp_agent_assist_project' not in data: return False, 'The target project in your token is missing.' if data['gcp_agent_assist_project'] != config.GCP_PROJECT_ID: return False, 'The target project in your token is invalid.' if 'exp' not in data: return False, 'The expiration time in your token is missing.' if data['exp'] < datetime.datetime.now().timestamp(): return False, 'Your token has expired.' return True, 'Your token is valid.' except: return False, 'Failed to parse your token.' def generate_jwt(user_info=None): gcp_agent_assist_user = '' if user_info: gcp_agent_assist_user = user_info.get('gcp_agent_assist_user') return jwt.encode({'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=config.JWT_TOKEN_LIFETIME), 'gcp_agent_assist_project': config.GCP_PROJECT_ID, 'gcp_agent_assist_user': gcp_agent_assist_user}, jwt_secret_key, 'HS256') def check_app_auth(auth): if config.APP_AUTH_OPTION == 'Twilio': response = requests.get( config.TWILIO_ACCOUNTS_API_URL, auth=(auth.get('accountSid'), auth.get('authToken'))) if response.status_code == 200: data = response.json() if data.get('sid') == config.TWILIO_ACCOUNT_SID: return True return False def token_required(f): """Verifies JWT as a function decorator.""" @wraps(f) def decorator(*args, **kwargs): token = request.headers.get('Authorization') if not token: return jsonify({'message': 'Token is missing.'}), 401 result, message = check_jwt(token) if result: return f(*args, **kwargs) else: return jsonify({'message': message}), 401 return decorator