forked from oyd/Adunatio
parent
0a98495731
commit
4f3e40a3d2
@ -0,0 +1,92 @@ |
|||||||
|
from flask import request |
||||||
|
from flask_jwt_extended.exceptions import NoAuthorizationError |
||||||
|
from flask_jwt_extended.utils import verify_token_claims |
||||||
|
from flask_jwt_extended.view_decorators import _decode_jwt_from_request |
||||||
|
from werkzeug.exceptions import Unauthorized |
||||||
|
|
||||||
|
from internal_lib.permission_parser import parse_permission, control_permission, is_admin |
||||||
|
from models.User import User |
||||||
|
from restapi.BaseAuthModel import BaseAuth |
||||||
|
|
||||||
|
|
||||||
|
class AuthApi(BaseAuth): |
||||||
|
def authorized(self): |
||||||
|
"" |
||||||
|
|
||||||
|
|
||||||
|
class AuthJWT(BaseAuth): |
||||||
|
user = None |
||||||
|
|
||||||
|
def authorized(self): |
||||||
|
try: |
||||||
|
jwt_data, jwt_header = _decode_jwt_from_request(request_type='access') |
||||||
|
verify_token_claims(jwt_data) |
||||||
|
self.user = User.objects.get(id=jwt_data['identity']) |
||||||
|
except Exception as e: |
||||||
|
self.set_error(e) |
||||||
|
return False |
||||||
|
|
||||||
|
return True |
||||||
|
|
||||||
|
def has_model_delete_permission(self, obj, model): |
||||||
|
if self.user is None: |
||||||
|
self.authorized() |
||||||
|
|
||||||
|
if model.__name__.lower() == "union": |
||||||
|
return False, obj |
||||||
|
if control_permission(self.user.user_group, model.__name__.lower(), "delete", str(obj.id), |
||||||
|
str(self.user.union)): |
||||||
|
return True, obj |
||||||
|
else: |
||||||
|
return False, obj |
||||||
|
|
||||||
|
def has_model_update_permission(self, obj, update: dict): |
||||||
|
model = obj.__class__.__name__.lower() |
||||||
|
|
||||||
|
if self.user is None: |
||||||
|
self.authorized() |
||||||
|
if update.get('id') or update.get('pk'): |
||||||
|
return False, update |
||||||
|
if not is_admin(self.user.user_group) and update.get('union'): |
||||||
|
return False, update |
||||||
|
if control_permission(self.user.user_group, model, "update", str(obj.id), |
||||||
|
str(self.user.union.id)): |
||||||
|
return True, update |
||||||
|
|
||||||
|
return False, update |
||||||
|
|
||||||
|
def has_model_read_permission(self, qs): |
||||||
|
from flask import current_app |
||||||
|
if self.user is None: |
||||||
|
self.authorized() |
||||||
|
unions = [] |
||||||
|
has_read = False |
||||||
|
for right in self.user.user_group.rights: |
||||||
|
permission = parse_permission(right) |
||||||
|
current_app.logger.info(permission) |
||||||
|
if permission.get('read'): |
||||||
|
has_read = True |
||||||
|
unions.append(permission.get('union')) |
||||||
|
|
||||||
|
if has_read: |
||||||
|
if qs._collection.name == "union": |
||||||
|
qs = qs.filter(id__in=unions, deleted=False) |
||||||
|
else: |
||||||
|
qs = qs.filter(union__in=unions, deleted=False) |
||||||
|
else: |
||||||
|
raise Unauthorized() |
||||||
|
|
||||||
|
return qs |
||||||
|
|
||||||
|
def has_model_write_permission(self, obj): |
||||||
|
model = obj.__class__.__name__.lower() |
||||||
|
|
||||||
|
if self.user is None: |
||||||
|
self.authorized() |
||||||
|
|
||||||
|
obj.union = self.user.union.id |
||||||
|
if control_permission(self.user.user_group, model, "write", str(obj.id), |
||||||
|
str(self.user.union.id)): |
||||||
|
return True, obj |
||||||
|
|
||||||
|
return False, obj |
@ -1,27 +1,78 @@ |
|||||||
from flask import Flask |
from flask import Flask, request, jsonify |
||||||
from flask_admin.contrib.mongoengine import ModelView |
from flask_admin.contrib.mongoengine import ModelView |
||||||
|
from flask_jwt_extended import JWTManager, create_access_token |
||||||
from mongoengine import connect |
from mongoengine import connect |
||||||
|
from werkzeug.security import check_password_hash |
||||||
|
|
||||||
|
from internal_lib.AuthMethots import AuthJWT |
||||||
from models.Group import Group |
from models.Group import Group |
||||||
from models.Union import Union |
from models.Union import Union |
||||||
from models.User import User |
from models.User import User |
||||||
from restapi import MongoApi |
from restapi import MongoApi |
||||||
from flask_admin import Admin |
from flask_admin import Admin |
||||||
|
|
||||||
""" |
""" |
||||||
Mongodb connection string |
Mongodb connection string |
||||||
""" |
""" |
||||||
connect('adunatio', host='mongo', username="xcoder", password="4dun4710", authentication_source='admin') |
connect('adunatio', host='mongo', username="xcoder", password="4dun4710", authentication_source='admin') |
||||||
|
|
||||||
|
|
||||||
app = Flask(__name__) |
app = Flask(__name__) |
||||||
app.secret_key = "secret_key+secret_key" |
app.secret_key = "secret_key+secret_key" |
||||||
api = MongoApi(app) |
app.config["JWT_TOKEN_LOCATION"] = "headers" |
||||||
|
app.config["JWT_HEADER_NAME"] = "Adunation_Session_Token" |
||||||
|
app.config["JWT_HEADER_TYPE"] = "Bearer" |
||||||
|
|
||||||
|
""" |
||||||
|
flask jwt extended register |
||||||
|
""" |
||||||
|
jwt = JWTManager(app) |
||||||
|
|
||||||
|
""" |
||||||
|
flask mongorester register |
||||||
|
""" |
||||||
|
api = MongoApi(app, authentication_methods=[AuthJWT]) |
||||||
api.register_model(User, uri="/api/user") |
api.register_model(User, uri="/api/user") |
||||||
api.register_model(Union, uri="/api/union") |
api.register_model(Union, uri="/api/union") |
||||||
|
|
||||||
|
""" |
||||||
|
flask admin register |
||||||
|
""" |
||||||
|
|
||||||
adm = Admin(app) |
adm = Admin(app) |
||||||
adm.add_view(ModelView(User)) |
adm.add_view(ModelView(User)) |
||||||
adm.add_view(ModelView(Union)) |
adm.add_view(ModelView(Union)) |
||||||
adm.add_view(ModelView(Group)) |
adm.add_view(ModelView(Group)) |
||||||
|
|
||||||
|
""" |
||||||
|
login function |
||||||
|
""" |
||||||
|
|
||||||
|
|
||||||
|
@app.route('/auth/login', methods=['POST']) |
||||||
|
def login(): |
||||||
|
if not request.is_json: |
||||||
|
return jsonify({"message": "Missing JSON in request", "error": "parameter_error", "status":False}), 400 |
||||||
|
|
||||||
|
username = request.json.get('username', None) |
||||||
|
password = request.json.get('password', None) |
||||||
|
if not username: |
||||||
|
return jsonify({"message": "Missing username parameter", "error": "parameter_error", "status":False}), 400 |
||||||
|
if not password: |
||||||
|
return jsonify({"message": "Missing password parameter", "error": "parameter_error", "status":False}), 400 |
||||||
|
|
||||||
|
try: |
||||||
|
user = User.objects.get(username=username) |
||||||
|
except Exception as e: |
||||||
|
app.logger.error(e) |
||||||
|
return jsonify({"message": "Bad username or password", "error": "Unauthorized", "status": False}), 401 |
||||||
|
|
||||||
|
if not check_password_hash(user.password,password): |
||||||
|
return jsonify({"message": "Bad username or password", "error": "Unauthorized", "status":False}), 401 |
||||||
|
|
||||||
|
# Identity can be any data that is json serializable |
||||||
|
access_token = create_access_token(identity=str(user.id)) |
||||||
|
return jsonify(access_token=access_token,status=True), 200 |
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__': |
if __name__ == '__main__': |
||||||
app.run(host="0.0.0.0", port=5000, debug=True) |
app.run(host="0.0.0.0", port=5000, debug=True) |
@ -1 +1 @@ |
|||||||
Subproject commit b4fb234e4781092e5d8765dae527a198ab0567aa |
Subproject commit 70be57ef3681f723271cc05edcbc055417a578d8 |
Loading…
Reference in new issue