def login(**kwargs): # authorize a user based on the request body (if the user isn't already logged in) user = User.auth(**(request.get_json())) if not g.user else g.user return jsonify(fbid=user.fbid,**kwargs) if user else abort(403)
def before():
# authorize a user based on the fbid, fbAcessToken stored in the cookies
g.user = User.auth(fbid=request.cookies.get('fbid'),
fbAccessToken=request.cookies.get('fbAccessToken'))
