diff --git a/ee/api/.chalice/config.json b/ee/api/.chalice/config.json index d4e130688..691429329 100644 --- a/ee/api/.chalice/config.json +++ b/ee/api/.chalice/config.json @@ -64,7 +64,8 @@ "invitation_link": "/api/users/invitation?token=%s", "change_password_link": "/reset-password?invitation=%s&&pass=%s", "iosBucket": "openreplay-ios-images", - "version_number": "1.4.0" + "version_number": "1.3.6", + "assist_secret": "" }, "lambda_timeout": 150, "lambda_memory_size": 400, diff --git a/ee/api/chalicelib/blueprints/bp_ee.py b/ee/api/chalicelib/blueprints/bp_ee.py index b32bd6f52..7c9bbd8bf 100644 --- a/ee/api/chalicelib/blueprints/bp_ee.py +++ b/ee/api/chalicelib/blueprints/bp_ee.py @@ -1,8 +1,16 @@ +import base64 +import hashlib +import hmac +from time import time + from chalice import Blueprint from chalicelib import _overrides +from chalicelib.blueprints import bp_authorizers from chalicelib.core import roles from chalicelib.core import unlock +from chalicelib.utils import helper +from chalicelib.utils.helper import environ app = Blueprint(__name__) _overrides.chalice_app(app) @@ -50,3 +58,17 @@ def delete_role(roleId, context): return { 'data': data } + + +@app.route('/assist/credentials', methods=['GET'], authorizer=bp_authorizers.api_key_authorizer) +def get_assist_credentials(context): + user = helper.generate_salt() + secret = environ["assist_secret"] + ttl = int(environ.get("assist_ttl", 48)) * 3600 + timestamp = int(time()) + ttl + username = str(timestamp) + ':' + user + dig = hmac.new(bytes(secret, 'utf-8'), bytes(username, 'utf-8'), hashlib.sha1) + dig = dig.digest() + password = base64.b64encode(dig).decode() + + return {"data": {'username': username, 'password': password}} diff --git a/scripts/helm/app/chalice.yaml b/scripts/helm/app/chalice.yaml index 4ef1eecc7..98d580db9 100644 --- a/scripts/helm/app/chalice.yaml +++ b/scripts/helm/app/chalice.yaml @@ -63,3 +63,4 @@ env: idp_sso_url: '' idp_x509cert: '' idp_sls_url: '' + assist_secret: '' \ No newline at end of file