Initial commit

auth_backend/server.py

@@ -0,0 +1,46 @@
+from fastapi import FastAPI, Request, Form
+from fastapi.responses import PlainTextResponse
+
+app = FastAPI()
+
+USERS = {
+    "admin": {"password": "secret", "tags": ["administrator", "management"]},
+    "user1": {"password": "password123", "tags": ["management"]},
+}
+
+@app.post("/rabbit/auth/user")
+async def auth_user(username: str = Form(...), password: str = Form(...)):
+    user = USERS.get(username)
+    if user and user["password"] == password:
+        return PlainTextResponse("allow " + ", ".join(user["tags"]))
+    return PlainTextResponse("deny", status_code=403)
+
+@app.post("/rabbit/auth/vhost")
+async def auth_vhost(username: str = Form(...), vhost: str = Form(...), ip: str = Form(...)):
+    if username in USERS:
+        return PlainTextResponse("allow")
+    return PlainTextResponse("deny", status_code=403)
+
+@app.post("/rabbit/auth/resource")
+async def auth_resource(username: str = Form(...), vhost: str = Form(...), resource: str = Form(...), name: str = Form(...), permission: str = Form(...)):
+    if username == "admin":
+        return PlainTextResponse("allow")
+
+    if username == "user1" and resource == "queue" and name.startswith("public_"):
+        if permission in ["read", "configure"]:
+            return PlainTextResponse("allow")
+
+    return PlainTextResponse("deny", status_code=403)
+
+@app.post("/rabbit/auth/topic")
+async def auth_topic(username: str = Form(...), 
+                     vhost: str = Form(...), 
+                     resource: str = Form(...), 
+                     name: str = Form(...), 
+                     permission: str = Form(...),
+                     topic_path: str = Form(...),
+                     ):
+
+    if username == "admin" or (username == "user1" and routing_key.startswith("logs.")):
+        return PlainTextResponse("allow")
+    return PlainTextResponse("deny", status_code=403)