remove auth service

Dockerfile-auth

@@ -1,7 +0,0 @@
-FROM python:3-slim
-WORKDIR /usr/src/app
-COPY requirements-auth.txt ./
-RUN python3 -m pip install --upgrade pip && \
-    python3 -m pip install --no-cache-dir -r requirements-auth.txt
-COPY forward_auth.py ./
-CMD [ "python", "forward_auth.py" ]

docker-compose.yml

@@ -29,21 +29,6 @@ services:
     networks:
       - traefik
 
-  auth:
-    image: auth
-    hostname: auth
-    build:
-      context: .
-      dockerfile: Dockerfile-auth
-    volumes:
-      - /etc/private-ca:/etc/private-ca:ro
-      - ./hashes.py:/usr/src/app/hashes.py
-    expose:
-      - 1234
-    networks:
-      - traefik
-    restart: always
-
 networks:
   traefik:
     external: true

forward_auth.py

@@ -1,68 +0,0 @@
-import cherrypy
-from bottle import (
-  default_app,
-  auth_basic,
-  HTTPError,
-  HTTPResponse,
-  route,
-  request,
-)
-from passlib.hash import bcrypt
-from hashes import users
-
-def basic_auth(user, password, realm=None):
-  return bcrypt.verify(password, users[realm][user])
-
-def verify_cert(pem):
-    return True
-
-def auth_client_cert(check):
-    def decorator(func):
-        def wrapper(*a, **ka):
-            if 'X-Forwarded-Tls-Client-Cert' in request.headers:
-                cert = request.headers['X-Forwarded-Tls-Client-Cert']
-            else:
-                cert = None
-            if cert and verify_cert(cert):
-                return HTTPResponse(status=200)
-            return func(*a, **ka)
-        return wrapper
-    return decorator
-
-def auth_basic(check, text="Access denied"):
-    ''' Callback decorator to require HTTP auth (basic).
-        TODO: Add route(check_auth=...) parameter. '''
-    def decorator(func):
-        def wrapper(*a, **ka):
-            realm = '.'.join(request.headers['X-Forwarded-Host'].split('.')[:-2])
-            user, password = request.auth or (None, None)
-            if realm in users and user in users[realm]:
-                if user is None or not check(user, password, realm=realm):
-                    err = HTTPError(401, text)
-                    err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm)
-                    return err
-            else:
-                err = HTTPError(401, f"User not found {realm}\{user}")
-                err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm)
-                return err
-            return func(*a, **ka)
-        return wrapper
-    return decorator
-
-@route('/authenticate')
-@auth_client_cert(verify_cert)
-@auth_basic(basic_auth)
-def auth():
-    return HTTPResponse(status=200)
-
-cherrypy.server.ssl_certificate = '/etc/private-ca/server-cert.pem'
-cherrypy.server.ssl_private_key = '/etc/private-ca/server-key.pem'
-
-cherrypy.config.update({
-    'server.socket_host': "0.0.0.0",
-    'server.socket_port': 1234,
-})
-
-cherrypy.tree.graft(default_app(), "/")
-cherrypy.engine.start()
-cherrypy.engine.block()

requirements-auth.txt

@@ -1,3 +0,0 @@
-bottle
-cherrypy
-passlib