Permalink
Browse files

Show secret information

- Endpoint /user returns user information given the token
- Use this endpoint in secret controller
  • Loading branch information...
1 parent 59cba64 commit b1b170c9fc01697533bdf30fc85ffe9134fa1c22 @nguyenkims committed Dec 6, 2015
Showing with 45 additions and 2 deletions.
  1. +24 −0 app.py
  2. +13 −1 static/main.js
  3. +8 −1 static/partials/secret.tpl.html
View
@@ -4,6 +4,7 @@
from datetime import datetime, timedelta
from flask import Flask, jsonify, request
from flask.ext.sqlalchemy import SQLAlchemy
+from jwt import DecodeError, ExpiredSignature
app = Flask(__name__)
@@ -65,6 +66,29 @@ def login():
return jsonify(error="Wrong email or password"), 400
+@app.route('/user')
+def user_info():
+ if not request.headers.get('Authorization'):
+ return jsonify(error='Authorization header missing'), 401
+
+ token = request.headers.get('Authorization').split()[1]
+ try:
+ payload = jwt.decode(token, app.config['TOKEN_SECRET'])
+ except DecodeError:
+ return jsonify(error='Invalid token'), 401
+ except ExpiredSignature:
+ return jsonify(error='Expired token'), 401
+ else:
+ user_id = payload['sub']
+ user = User.query.filter_by(id=user_id).first()
+ if user is None:
+ return jsonify(error='Should not happen ...'), 500
+
+ return jsonify(id=user.id, email=user.email), 200
+
+ return jsonify(error="never reach here..."), 500
+
+
@app.route('/islive')
def islive():
return "it's live"
View
@@ -65,9 +65,21 @@ app.controller('LoginSignupCtrl', function ($scope, $auth, $state) {
};
});
-app.controller('SecretCtrl', function ($scope, $state, $auth) {
+app.controller('SecretCtrl', function ($scope, $state, $auth, $http) {
$scope.logout = function () {
$auth.logout();
$state.go("home");
};
+
+ getUserInfo();
+
+ function getUserInfo() {
+ $http.get('/user')
+ .then(function (response) {
+ $scope.user = response.data;
+ })
+ .catch(function (response) {
+ console.log("getUserInfo error", response);
+ })
+ }
});
@@ -1,3 +1,10 @@
Secret
-<button ng-click="logout()">Log out</button>
+<button ng-click="logout()">Log out</button>
+
+<p>
+ user email: {{ user.email }}
+</p>
+<p>
+ user id: {{ user.id }}
+</p>

0 comments on commit b1b170c

Please sign in to comment.