Skip to content

Instantly share code, notes, and snippets.

@micimize
Created August 17, 2019 14:13
Show Gist options
  • Save micimize/8a312ddc36f20f89517ca1828cc16383 to your computer and use it in GitHub Desktop.
Save micimize/8a312ddc36f20f89517ca1828cc16383 to your computer and use it in GitHub Desktop.
Full proxy control over flask app builder (and thus apache superset) authentication
from flask import Blueprint, redirect
from flask_login import current_user, logout_user
from flask_appbuilder.security.manager import AUTH_OAUTH, AUTH_REMOTE_USER
my_blueprint = Blueprint("My Blueprint", __name__)
@my_blueprint.before_app_request
def ensure_logout_correctness():
"""Ensure users are logged out when the proxy logs out
"""
remote_user = request.environ["REMOTE_USER"]
if (
current_user
and hasattr(current_user, "username")
and current_user.username != remote_user
):
logout_user()
return redirect("/login")
class RemoteUserMiddleware(object):
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
remote_username = environ.pop("HTTP_X_USER_ID", None)
environ["REMOTE_USER"] = remote_username
return self.app(environ, start_response)
ADDITIONAL_MIDDLEWARE = [RemoteUserMiddleware]
AUTH_TYPE = AUTH_REMOTE_USER
BLUEPRINTS = [my_blueprint]
@micimize
Copy link
Author

Now you just set your header in the proxying app, for example in node:

const proxy = require('http-proxy-middleware');
// ...
app.use(
  superset_routes,
  proxy({
    target: 'http://superset:8088',
    onProxyReq(proxyReq, req, res) {
      // we user superset's AUTH_REMOTE_USER to do seamless authentication,
      // and create users in superset on first signup so that user info is carried over
      proxyReq.setHeader('HTTP_X_USER_ID', req.user ? req.user.id : null);
    }
  })
);

If you only set HTTP_X_USER_ID / REMOTE_USER, all fields in superset registration will be filled with that value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment