forked from oyd/Adunatio
jwt auth added deleted field all models encrypyed field logging disabledremotes/1725865088694522691/master
parent
0a98495731
commit
4f3e40a3d2
@ -0,0 +1,92 @@ |
||||
from flask import request |
||||
from flask_jwt_extended.exceptions import NoAuthorizationError |
||||
from flask_jwt_extended.utils import verify_token_claims |
||||
from flask_jwt_extended.view_decorators import _decode_jwt_from_request |
||||
from werkzeug.exceptions import Unauthorized |
||||
|
||||
from internal_lib.permission_parser import parse_permission, control_permission, is_admin |
||||
from models.User import User |
||||
from restapi.BaseAuthModel import BaseAuth |
||||
|
||||
|
||||
class AuthApi(BaseAuth): |
||||
def authorized(self): |
||||
"" |
||||
|
||||
|
||||
class AuthJWT(BaseAuth): |
||||
user = None |
||||
|
||||
def authorized(self): |
||||
try: |
||||
jwt_data, jwt_header = _decode_jwt_from_request(request_type='access') |
||||
verify_token_claims(jwt_data) |
||||
self.user = User.objects.get(id=jwt_data['identity']) |
||||
except Exception as e: |
||||
self.set_error(e) |
||||
return False |
||||
|
||||
return True |
||||
|
||||
def has_model_delete_permission(self, obj, model): |
||||
if self.user is None: |
||||
self.authorized() |
||||
|
||||
if model.__name__.lower() == "union": |
||||
return False, obj |
||||
if control_permission(self.user.user_group, model.__name__.lower(), "delete", str(obj.id), |
||||
str(self.user.union)): |
||||
return True, obj |
||||
else: |
||||
return False, obj |
||||
|
||||
def has_model_update_permission(self, obj, update: dict): |
||||
model = obj.__class__.__name__.lower() |
||||
|
||||
if self.user is None: |
||||
self.authorized() |
||||
if update.get('id') or update.get('pk'): |
||||
return False, update |
||||
if not is_admin(self.user.user_group) and update.get('union'): |
||||
return False, update |
||||
if control_permission(self.user.user_group, model, "update", str(obj.id), |
||||
str(self.user.union.id)): |
||||
return True, update |
||||
|
||||
return False, update |
||||
|
||||
def has_model_read_permission(self, qs): |
||||
from flask import current_app |
||||
if self.user is None: |
||||
self.authorized() |
||||
unions = [] |
||||
has_read = False |
||||
for right in self.user.user_group.rights: |
||||
permission = parse_permission(right) |
||||
current_app.logger.info(permission) |
||||
if permission.get('read'): |
||||
has_read = True |
||||
unions.append(permission.get('union')) |
||||
|
||||
if has_read: |
||||
if qs._collection.name == "union": |
||||
qs = qs.filter(id__in=unions, deleted=False) |
||||
else: |
||||
qs = qs.filter(union__in=unions, deleted=False) |
||||
else: |
||||
raise Unauthorized() |
||||
|
||||
return qs |
||||
|
||||
def has_model_write_permission(self, obj): |
||||
model = obj.__class__.__name__.lower() |
||||
|
||||
if self.user is None: |
||||
self.authorized() |
||||
|
||||
obj.union = self.user.union.id |
||||
if control_permission(self.user.user_group, model, "write", str(obj.id), |
||||
str(self.user.union.id)): |
||||
return True, obj |
||||
|
||||
return False, obj |
@ -1,27 +1,78 @@ |
||||
from flask import Flask |
||||
from flask import Flask, request, jsonify |
||||
from flask_admin.contrib.mongoengine import ModelView |
||||
from flask_jwt_extended import JWTManager, create_access_token |
||||
from mongoengine import connect |
||||
from werkzeug.security import check_password_hash |
||||
|
||||
from internal_lib.AuthMethots import AuthJWT |
||||
from models.Group import Group |
||||
from models.Union import Union |
||||
from models.User import User |
||||
from restapi import MongoApi |
||||
from flask_admin import Admin |
||||
|
||||
""" |
||||
Mongodb connection string |
||||
""" |
||||
connect('adunatio', host='mongo', username="xcoder", password="4dun4710", authentication_source='admin') |
||||
|
||||
|
||||
app = Flask(__name__) |
||||
app.secret_key = "secret_key+secret_key" |
||||
api = MongoApi(app) |
||||
app.config["JWT_TOKEN_LOCATION"] = "headers" |
||||
app.config["JWT_HEADER_NAME"] = "Adunation_Session_Token" |
||||
app.config["JWT_HEADER_TYPE"] = "Bearer" |
||||
|
||||
""" |
||||
flask jwt extended register |
||||
""" |
||||
jwt = JWTManager(app) |
||||
|
||||
""" |
||||
flask mongorester register |
||||
""" |
||||
api = MongoApi(app, authentication_methods=[AuthJWT]) |
||||
api.register_model(User, uri="/api/user") |
||||
api.register_model(Union, uri="/api/union") |
||||
|
||||
""" |
||||
flask admin register |
||||
""" |
||||
|
||||
adm = Admin(app) |
||||
adm.add_view(ModelView(User)) |
||||
adm.add_view(ModelView(Union)) |
||||
adm.add_view(ModelView(Group)) |
||||
|
||||
""" |
||||
login function |
||||
""" |
||||
|
||||
|
||||
@app.route('/auth/login', methods=['POST']) |
||||
def login(): |
||||
if not request.is_json: |
||||
return jsonify({"message": "Missing JSON in request", "error": "parameter_error", "status":False}), 400 |
||||
|
||||
username = request.json.get('username', None) |
||||
password = request.json.get('password', None) |
||||
if not username: |
||||
return jsonify({"message": "Missing username parameter", "error": "parameter_error", "status":False}), 400 |
||||
if not password: |
||||
return jsonify({"message": "Missing password parameter", "error": "parameter_error", "status":False}), 400 |
||||
|
||||
try: |
||||
user = User.objects.get(username=username) |
||||
except Exception as e: |
||||
app.logger.error(e) |
||||
return jsonify({"message": "Bad username or password", "error": "Unauthorized", "status": False}), 401 |
||||
|
||||
if not check_password_hash(user.password,password): |
||||
return jsonify({"message": "Bad username or password", "error": "Unauthorized", "status":False}), 401 |
||||
|
||||
# Identity can be any data that is json serializable |
||||
access_token = create_access_token(identity=str(user.id)) |
||||
return jsonify(access_token=access_token,status=True), 200 |
||||
|
||||
|
||||
if __name__ == '__main__': |
||||
app.run(host="0.0.0.0", port=5000, debug=True) |
@ -1 +1 @@ |
||||
Subproject commit b4fb234e4781092e5d8765dae527a198ab0567aa |
||||
Subproject commit 70be57ef3681f723271cc05edcbc055417a578d8 |
Loading…
Reference in new issue