Restructure AuthProvider settings for more flexibility

thcrt · Dec 7, 2024 · f5ded46 · f5ded46
1 parent 4d7ab4a
commit f5ded46
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 22 deletions.
diff --git a/src/blobdash/__init__.py b/src/blobdash/__init__.py
@@ -4,7 +4,7 @@
 
 
 from .settings import Settings
-from .auth import AuthentikAuthProvider
+from .auth import AuthentikAuthProvider, KeycloakAuthProvider
 from .applications import ApplicationProvider
 
 
@@ -21,14 +21,13 @@ def create_app():
         secho(e)
         raise SystemExit(1)
 
-    if settings.auth.apps.enabled:
-        match settings.auth.apps.provider:
-            case "authentik":
-                auth_provider = AuthentikAuthProvider(
-                    settings.auth.apps.host, settings.auth.apps.token
-                )
-    else:
-        auth_provider = None
+    match settings.auth.fetch.provider:
+        case "authentik":
+            auth_provider = AuthentikAuthProvider(
+                settings.auth.fetch.host, settings.auth.fetch.token
+            )
+        case None:
+            auth_provider = None
 
     app_provider = ApplicationProvider(auth_provider, settings.apps)
 

diff --git a/src/blobdash/auth.py b/src/blobdash/auth.py
@@ -1,16 +1,13 @@
 import json
 import urllib.parse
 from abc import ABC, abstractmethod
+
 import authentik_client
 
 from .applications import Application
 
 
 class AuthProvider(ABC):
-    def __init__(self, host: str, token: str) -> None:
-        self.host = host
-        self.token = token
-
     @abstractmethod
     def get_applications(self, username):
         pass
@@ -19,9 +16,8 @@ def get_applications(self, username):
 class AuthentikAuthProvider(AuthProvider):
     def __init__(self, host, token):
         # Base path for Authentik API
-        host = urllib.parse.urljoin(host, "/api/v3")
-
-        super().__init__(host, token)
+        self.host = urllib.parse.urljoin(host, "/api/v3")
+        self.token = token
 
         # Set up API client. The `CoreAPI` is the only one we need to view users and applications
         self._api = authentik_client.CoreApi(

diff --git a/src/blobdash/settings.py b/src/blobdash/settings.py
@@ -12,19 +12,18 @@
 from .applications import Application
 
 
-class AuthApplicationSettings(BaseModel):
-    enabled: bool = False
-    provider: Literal["authentik"] = "authentik"
-    host: str = "https://auth.example.com"
-    token: str = "changeme"
+class AuthentikSettings(BaseModel):
+    provider: Literal["authentik"]
+    host: str
+    token: str
 
 
 class AuthSettings(BaseModel):
     enabled: bool = False
     header: str = "X-App-User"
     logout_url: str = "/flows/-/default/invalidation"
     default_user: Optional[str] = None
-    apps: AuthApplicationSettings = AuthApplicationSettings()
+    fetch: Optional[AuthentikSettings] = None
 
 
 class DashdotSettings(BaseModel):