WIP: Updating allocations was not authenticated

Use a simple authentication method: the hash of the signature should match the value in the settings

Author: hoh

vm_supervisor/conf.py

@@ -105,6 +105,9 @@ class Settings(BaseSettings):
     MAX_PROGRAM_ARCHIVE_SIZE = 10_000_000  # 10 MB
     MAX_DATA_ARCHIVE_SIZE = 10_000_000  # 10 MB
 
+    # hashlib.sha256(b"secret-token").hexdigest()
+    ALLOCATION_TOKEN_HASH = "151ba92f2eb90bce67e912af2f7a5c17d8654b3d29895b042107ea312a7eebda"
+
     FAKE_DATA_PROGRAM: Optional[Path] = None
     BENCHMARK_FAKE_DATA_PROGRAM = Path(
         abspath(join(__file__, "../../examples/example_fastapi"))

vm_supervisor/views.py

@@ -1,6 +1,7 @@
 import binascii
 import logging
 import os.path
+from hashlib import sha256
 from string import Template
 from typing import Awaitable, Optional
 
@@ -170,8 +171,26 @@ async def status_check_version(request: web.Request):
         return web.HTTPForbidden(text=f"Outdated: version {current} < {reference}")
 
 
+def authenticate_api_request(request: web.Request) -> bool:
+    """Authenticate an API request to update the VM allocations.
+    """
+    signature: str = request.headers.get('X-Auth-Signature')
+    # body: bytes = await request.read()
+    if not signature:
+        raise web.HTTPUnauthorized(text="Authentication token is missing")
+
+    # Use a simple authentication method: the hash of the signature should match the value in the settings
+    if sha256(signature).hexdigest() != settings.ALLOCATION_TOKEN_HASH:
+        raise web.HTTPUnauthorized(text="Authentication token received is invalid")
+
+    return True
+
+
+
 async def update_allocations(request: web.Request):
-    # TODO: Add some form of authentication
+    if not authenticate_api_request(request):
+        return web.HTTPUnauthorized(text="Invalid authentication")
+
     try:
         data = await request.json()
         allocation = Allocation(**data)