feat(querybook): install Querybook

2025-10-18 13:10:46 +09:00
parent c4e27f348f
commit 8d29fe25c0
10 changed files with 979 additions and 0 deletions
--- a/querybook/custom-auth/keycloak_auth.py
+++ b/querybook/custom-auth/keycloak_auth.py
@@ -0,0 +1,46 @@
+"""
+Keycloak OIDC authentication backend for Querybook
+"""
+from app.auth.oauth_auth import OAuthLoginManager, OAUTH_CALLBACK_PATH
+from env import QuerybookSettings
+
+
+class KeycloakLoginManager(OAuthLoginManager):
+    @property
+    def oauth_config(self):
+        return {
+            "callback_url": "{}{}".format(
+                QuerybookSettings.PUBLIC_URL, OAUTH_CALLBACK_PATH
+            ),
+            "client_id": QuerybookSettings.OAUTH_CLIENT_ID,
+            "client_secret": QuerybookSettings.OAUTH_CLIENT_SECRET,
+            "authorization_url": QuerybookSettings.OAUTH_AUTHORIZATION_URL,
+            "token_url": QuerybookSettings.OAUTH_TOKEN_URL,
+            "profile_url": QuerybookSettings.OAUTH_USER_PROFILE,
+            "scope": ["openid", "email", "profile"],
+        }
+
+    def _parse_user_profile(self, resp):
+        """Parse standard OIDC UserInfo response from Keycloak"""
+        user = resp.json()
+        # Keycloak returns standard OIDC claims:
+        # - preferred_username: username
+        # - email: email address
+        # - name: full name (optional)
+        username = user.get("preferred_username") or user.get("email", "").split("@")[0]
+        email = user.get("email", "")
+        fullname = user.get("name", username)
+        return username, email, fullname
+
+
+login_manager = KeycloakLoginManager()
+
+ignore_paths = [OAUTH_CALLBACK_PATH]
+
+
+def init_app(app):
+    login_manager.init_app(app)
+
+
+def login(request):
+    return login_manager.login(request)