-
Notifications
You must be signed in to change notification settings - Fork 1
/
middlewares.py
82 lines (68 loc) · 2.86 KB
/
middlewares.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
from functools import wraps
from utils import get_authorization, check_user_session
from exceptions import HttpException
from flask import redirect, url_for
def validate_token_api(secret_key, token_key, db):
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
token = get_authorization(token_key)
if token:
decoded_token = check_user_session(token, secret_key, db)
if decoded_token:
return func(decoded_token, *args, **kwargs)
else:
raise HttpException(False, 401, "Failed", "Invalid Session")
else:
raise HttpException(False, 401, "Failed", "Invalid or missing token")
return wrapper
return decorator
def validate_token_template(secret_key, token_key, db, allow_guest=False):
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
token = get_authorization(token_key)
if token:
decoded_token = check_user_session(token, secret_key, db)
if decoded_token:
return func(decoded_token, *args, **kwargs)
else:
# Token is invalid, but we allow guest access
if allow_guest:
return func(None, *args, **kwargs)
else:
# Redirect to login if guest access is not allowed
return redirect(url_for('login'))
else:
# Token is missing, but we allow guest access
if allow_guest:
return func(None, *args, **kwargs)
else:
# Redirect to login if guest access is not allowed
return redirect(url_for('login'))
return wrapper
return decorator
def authorized_roles_api(roles):
def decorator(func):
@wraps(func)
def wrapper(decoded_token, *args, **kwargs):
user_roles = decoded_token.get("role", [])
has_required_role = any(required_role in user_roles for required_role in roles)
if has_required_role:
return func(decoded_token, *args, **kwargs)
else:
raise HttpException(False, 403, "Failed", f"Unauthorized Access, required roles: {roles}")
return wrapper
return decorator
def authorized_roles_template(roles):
def decorator(func):
@wraps(func)
def wrapper(decoded_token, *args, **kwargs):
user_roles = decoded_token.get("role", [])
has_required_role = any(required_role in user_roles for required_role in roles)
if has_required_role:
return func(decoded_token, *args, **kwargs)
else:
return redirect(url_for('login'))
return wrapper
return decorator