caching plan, blinking eyes

sspickle · sspickle · commit 844faba770ab · 2020-09-18T17:57:35.000-04:00
diff --git a/ide/auth.py b/ide/auth.py
@@ -16,6 +16,7 @@
 
 from . import app
 from . import routes
+from . import models
 
 try:
     from . import secret
@@ -32,32 +33,66 @@
 AUTH_REDIRECT_URI = os.environ.get("FN_AUTH_REDIRECT_URI", default=False)
 BASE_URI = os.environ.get("FN_BASE_URI", default=False)
 
+def get_project_name():
+    web_setting = models.Setting.get('google_project_name')
+    return web_setting.value
+
 #
 # Robust way to check for running locally. Also easy to modify.
 #
 GRL = os.environ.get("GLOWSCRIPT_RUNNING_LOCALLY")
 GRL = GRL and GRL.lower()        # let's keep it case insenstive
 GRL = GRL not in (None, 'false') # Anything but None or 'false'
 
-if (not GRL):
-    #
-    # If we're not running locally, we should get the secrets from the secret manager.
-    #
-
-    GOOGLE_PROJECT_ID=os.environ.get('GOOGLE_PROJECT_ID') or 'glowscript-py38'
-    CLIENT_SECRET_VERSION=os.environ.get('CLIENT_SECRET_VERSION') or '1'
-    from google.cloud import secretmanager
-    secrets = secretmanager.SecretManagerServiceClient()
-    secret_path = f"projects/{GOOGLE_PROJECT_ID}/secrets/OAUTH_CLIENT_SECRETS/versions/{CLIENT_SECRET_VERSION}"
-    theSecret = secrets.access_secret_version(secret_path).payload.data.decode("utf-8")
-    client_secrets = json.loads(theSecret)
-    CLIENT_ID = client_secrets.get("FN_CLIENT_ID")
-    CLIENT_SECRET = client_secrets.get("FN_CLIENT_SECRET")
-    if CLIENT_ID is None:
-        raise RuntimeError("We are not running locally, but CLIENT_ID is not set. Dang. Did you mean to set GLOWSCRIPT_RUNNING_LOCALLY?")
-else:
-    CLIENT_ID = ''
-    CLIENT_SECRET = ''
+class ModuleCache:
+
+    def __init__(self):
+        self.cache = {}
+
+    def fillCache(self):
+        if (not GRL):
+            #
+            # If we're not running locally, we should get the secrets from the secret manager.
+            #
+            # this got much more complicated by storing the project id in the datastore.
+            # we cannot accesss the datastore unless we are in application context but that
+            # means it's got to be cached somehow if we don't want to have to keep pulling 
+            # it from the datastore on every request. Bleah.
+            #
+
+            GOOGLE_PROJECT_ID=get_project_name()
+            CLIENT_SECRET_VERSION=os.environ.get('CLIENT_SECRET_VERSION') or '1'
+            from google.cloud import secretmanager
+            secrets = secretmanager.SecretManagerServiceClient()
+            secret_path = f"projects/{GOOGLE_PROJECT_ID}/secrets/OAUTH_CLIENT_SECRETS/versions/{CLIENT_SECRET_VERSION}"
+            theSecret = secrets.access_secret_version(secret_path).payload.data.decode("utf-8")
+            client_secrets = json.loads(theSecret)
+            CLIENT_ID = client_secrets.get("FN_CLIENT_ID")
+            CLIENT_SECRET = client_secrets.get("FN_CLIENT_SECRET")
+            if CLIENT_ID is None:
+                raise RuntimeError("We are not running locally, but CLIENT_ID is not set. Dang. Did you mean to set GLOWSCRIPT_RUNNING_LOCALLY?")
+        else:
+            CLIENT_ID = ''
+            CLIENT_SECRET = ''
+
+        self.cache['CLIENT_ID'] = CLIENT_ID
+        self.cache['CLINET_SECRET'] = CLIENT_SECRET
+
+    def getID(self):
+        theID = self.cache.get('CLIENT_ID')
+        if theID is None:
+            self.fillCache()
+            theID = self.cache.get('CLIENT_ID')
+        return theID
+
+    def getSecret(self):
+        theSecret = self.cache.get('CLINET_SECRET')
+        if theSecret is None:
+            self.fillCache()
+            theSecret = self.cache.get('CLINET_SECRET')
+        return theSecret
+
+module_cache = ModuleCache()
 
 AUTH_TOKEN_KEY = 'auth_token'
 AUTH_STATE_KEY = 'auth_state'
@@ -74,8 +109,8 @@ def build_credentials():
     return google.oauth2.credentials.Credentials(
                 oauth2_tokens['access_token'],
                 refresh_token=oauth2_tokens['refresh_token'],
-                client_id=CLIENT_ID,
-                client_secret=CLIENT_SECRET,
+                client_id=module_cache.getID(),
+                client_secret=module_cache.getSecret(),
                 token_uri=ACCESS_TOKEN_URI)
 
 def get_user_info():
@@ -107,7 +142,7 @@ def no_cache_impl(*args, **kwargs):
 @no_cache
 def google_login():
 
-    session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,
+    session = OAuth2Session(module_cache.getID(), module_cache.getSecret(),
                             scope=AUTHORIZATION_SCOPE,
                             redirect_uri=AUTH_REDIRECT_URI)
   
@@ -133,7 +168,7 @@ def google_auth_redirect():
         """
         return flask.redirect('/index')
     
-    session = OAuth2Session(CLIENT_ID, CLIENT_SECRET,
+    session = OAuth2Session(module_cache.getID(), module_cache.getSecret(),
         scope=AUTHORIZATION_SCOPE,
         state=flask.session.get(AUTH_STATE_KEY),
         redirect_uri=AUTH_REDIRECT_URI)
