almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-29 17:52:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

api: add bearer token support

Browse source
This commit is contained in:
Brice Maron 2019-08-26 23:48:26 +02:00 committed by Alexis Metaireau
parent 82d94a7490
commit ad6c6a4abb
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
ihatemoney/api.py
View file

@ -26,12 +26,27 @@ def need_auth(f):
auth = request.authorization auth = request.authorization
project_id = kwargs.get("project_id") project_id = kwargs.get("project_id")
# Use Basic Auth
if auth and project_id and auth.username == project_id: if auth and project_id and auth.username == project_id:
project = Project.query.get(auth.username) project = Project.query.get(auth.username)
if project and check_password_hash(project.password, auth.password): if project and check_password_hash(project.password, auth.password):
# The whole project object will be passed instead of project_id # The whole project object will be passed instead of project_id
kwargs.pop("project_id") kwargs.pop("project_id")
return f(*args, project=project, **kwargs) return f(*args, project=project, **kwargs)
else:
# Use Bearer token Auth
auth_header = request.headers.get('Authorization', '')
auth_token = ''
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
abort(401)
project_id = Project.verify_token(auth_token, token_type='non_timed_token')
if auth_token and project_id:
project = Project.query.get(project_id)
if project:
kwargs.pop("project_id")
return f(*args, project=project, **kwargs)
abort(401) abort(401)
return wrapper return wrapper