Merge pull request #1657 from pierotofy/cluster

Cluster mode utils
2025-04-21 17:10:28 -04:00 · 2025-04-21 17:10:28 -04:00 · a168550d3f
commit a168550d3f
--- a/app/api/externalauth.py
+++ b/app/api/externalauth.py
@ -3,7 +3,7 @@ from django.contrib.auth import login
 from rest_framework.views import APIView
 from rest_framework import exceptions, permissions, parsers
 from rest_framework.response import Response
-from app.auth.backends import get_user_from_external_auth_response
+from app.auth.backends import get_user_from_external_auth_response, cluster_mismatch
 import requests
 from webodm import settings

@ -30,6 +30,8 @@ class ExternalTokenAuth(APIView):
                if user is not None:
                    login(request, user, backend='django.contrib.auth.backends.ModelBackend')
                    return Response({'redirect': '/'})
+                elif cluster_mismatch(res) and settings.CLUSTER_URL != '':
+                    return Response({'redirect': settings.CLUSTER_URL % res['cluster_id']})
                else:
                    return Response({'error': 'Invalid credentials'})
            else:
--- a/app/auth/backends.py
+++ b/app/auth/backends.py
@ -8,11 +8,26 @@ import logging

 logger = logging.getLogger('app.logger')

+def cluster_mismatch(res):
+    if settings.CLUSTER_ID is None:
+        return False
+
+    if 'cluster_id' in res:
+        # Check cluster ID field
+        try:
+            return int(res['cluster_id']) != settings.CLUSTER_ID
+        except ValueError:
+            return True
+    return False
+
 def get_user_from_external_auth_response(res):
    if 'message' in res or 'error' in res:
        return None

    if 'user_id' in res and 'username' in res:
+        if cluster_mismatch(res):
+            return None
+        
        try:
            user = User.objects.get(pk=res['user_id'])
        except User.DoesNotExist:
--- a/webodm/settings.py
+++ b/webodm/settings.py
@ -21,7 +21,7 @@ from django.contrib.messages import constants as messages
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))


-# Quick-start development settings - unsuitable for production
+# For best practices
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/

 try:
@ -370,6 +370,13 @@ NODE_OPTIMISTIC_MODE = False
 # URL to external auth endpoint
 EXTERNAL_AUTH_ENDPOINT = ''

+# Enable cluster mode for this instance by setting an integer ID >= 1
+CLUSTER_ID = None
+
+# Set the Cluster URL pattern common to all servers in the cluster
+# e.g. https://mycluster%s.mydomain
+CLUSTER_URL = ''
+
 # URL to a page where a user can reset the password
 RESET_PASSWORD_LINK = ''