Commit 2291f71d authored by okhin's avatar okhin 🚴

Authentication decorator is working

parent eff37091
Pipeline #8 skipped
#!/usr/bin/env python
import sqlite3
from bottle import route, run, request, abort, install, get, post
from bottle_sqlite import SQLitePlugin
import jwt
install(SQLitePlugin(dbfile='call.db'))
# We need a decorator to check if our query is authenticated.
# We will store an API key and SECRET in ur database, the client
# needs to have both of them.
# He must then send us a JWT token with an API claim in the payload.
# The JWT token must be encoded and signed with the SECRET. If the
# token is bad, we return a 403.
def authenticated(f):
def wrapped(db, *args, **kwargs):
# Let's get the JWT token. It should be a params (from get or post or whatev')
if 'token' not in request.params:
abort(403, "No token found in the query")
# We want the api id in the params to.
if 'api' not in request.params:
abort(403, "No api id found in the params")
# Now, let's get the token on our side
try:
results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall()
assert len(results) == 1
token = results[0][0]
auth_token = jwt.decode(request.params['token'], token)
assert auth_token['api'] == request.params['api']
except (jwt.exceptions.InvalidTokenError, AssertionError) as e:
abort(403, e)
except Exception as e:
abort(500, e)
return f(db, *args, **kwargs)
return wrapped
@get('/call')
@authenticated
def call(db):
return 'Ohai'
run(host='localhost', port=8080, debug=True)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment