def require_login(request):
print(request.headers)
authorization = request.headers.get('Authorization', '')
if not authorization:
log.error('No authorization header')
raise web.HTTPForbidden()
print('authorization', authorization)
bearer = 'bearer '
if not authorization.lower().startswith(bearer):
log.error('Authorization header does not start with bearer: {0}'.format(authorization))
raise web.HTTPForbidden()
authorization = authorization[len(bearer):]
try:
jwt = jwt_decode(authorization)
except InvalidTokenError as err:
log.error('JWT is invalid: {0}'.format(err))
raise web.HTTPForbidden()