-
Notifications
You must be signed in to change notification settings - Fork 0
/
run.py
102 lines (86 loc) · 3.69 KB
/
run.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
from eve import Eve
from flask import request
from flask.ext.bootstrap import Bootstrap
from werkzeug.security import check_password_hash, generate_password_hash
from eve_docs import eve_docs
from eve.methods.post import post
from eve.auth import TokenAuth, BasicAuth, requires_auth
from flask_cors import cross_origin
import os, json
class MyBasicAuth(BasicAuth):
def check_auth(self, username, password, allowed_roles, resource, method):
return username == 'admin' and password == 'secret'
class BCryptAuth(BasicAuth):
def check_auth(self, username, password, allowed_roles, resource, method):
if username == 'superuser' and password == 'password':
return True
else:
#use Eve's own db driver; no additional connections/resources are used
print(allowed_roles, resource, method)
accounts = app.data.driver.db['accounts']
lookup = {'username': username}
if allowed_roles:
#only retreive a user if his roles match 'allowed_roles'
lookup['roles'] = {'$in': allowed_roles}
account = accounts.find_one(lookup)
return account and \
check_password_hash(account['password'], password)
#bcrypt.hashpw(password, account['password']) == account['password']
class RolesAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
# use Eve's own db driver; no additional connections/resources are used
print(token)
accounts = app.data.driver.db['accounts']
lookup = {'token' : token}
if allowed_roles:
#only retrieve a user if his roles match ''allowed_roles''
lookup['roles'] = {'$in': allowed_roles}
account = accounts.find_one(lookup)
return account
#app = Eve(auth=MyBasicAuth)
app = Eve(auth=BCryptAuth)
#app = Eve(auth=RolesAuth)
def post_get_callback(resource, request, payload):
print('A GET on the', resource, 'was just performed!', payload)
def hash_pwd(items):
#Hooks the passwords and encrypts them before storage
for item in items:
password = item['password']
#item['password'] = bcrypt.hashpw(password, bcrypt.gensalt())
item['password'] = generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
#adds a role from this side to pervent user from creating admin accounts
def add_role(documents):
for document in documents:
document['roles'] = 'app'
def update_hash_pwd(updates, original):
#Hooks the passwords and encrypts them before storage
password = updates['password']
updates['password'] = generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
def register_users(documents):
for document in documents:
post('users', payl={"user": document['username']})
@app.route('/auth')
@cross_origin(headers='authorization')
@requires_auth('auth')
def auth():
#print(request.headers)
return "Authenticated."
if __name__ == '__main__':
Bootstrap(app)
#Hooks
app.on_inserted_accounts += register_users
app.on_insert_accounts += hash_pwd
app.on_insert_accounts += add_role
app.on_update_accounts += update_hash_pwd
app.register_blueprint(eve_docs, url_prefix='/docs')
if 'PORT' in os.environ:
port = int(os.environ.get('PORT'))
# use '0.0.0.0' to ensure your REST API is reachable from all your
# network (and not only your computer).
host = '0.0.0.0'
debug = False
else:
port = 5000
host = '127.0.0.1'
debug = True
app.run(host=host, port=port, debug=debug)