from . import config
# https://medium.com/data-rebels/fastapi-authentication-revisited-enabling-api-key-authentication-122dc5975680
from fastapi import Security, Depends, FastAPI, HTTPException
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey
from starlette.status import HTTP_403_FORBIDDEN
api_key_query = APIKeyQuery(name=config.Settings().api_key_name,
auto_error=False)
api_key_header = APIKeyHeader(name=config.Settings().api_key_name,
auto_error=False)
api_key_cookie = APIKeyCookie(name=config.Settings().api_key_name,
auto_error=False)
async def get_api_key(
api_key_query: str = Security(api_key_query),
api_key_header: str = Security(api_key_header),
api_key_cookie: str = Security(api_key_cookie),
):
api_tokens = config.Settings().api_tokens
org = api_tokens.get(api_key_query)
if org is not None:
return org
org = api_tokens.get(api_key_header)
if org is not None:
return org
# since we are storing org in cookie, let us do a reverse
# map lookup to see if there is a key for this org; only
# for cookies
if api_key_cookie is None:
from fastapi.params import Security
from fastapi.responses import JSONResponse
from fastapi.security.api_key import APIKey
from fastapi.security.api_key import APIKeyCookie
from fastapi.security.api_key import APIKeyHeader
from fastapi.security.api_key import APIKeyQuery
from starlette.status import HTTP_401_UNAUTHORIZED
router = APIRouter()
API_KEY = getenv("WEB_API_KEY")
API_KEY_NAME = "access_token"
api_key_query = APIKeyQuery(name=API_KEY_NAME, auto_error=False)
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=False)
api_key_cookie = APIKeyCookie(name=API_KEY_NAME, auto_error=False)
async def get_api_key(
api_key_query: str = Security(api_key_query),
api_key_header: str = Security(api_key_header),
api_key_cookie: str = Security(api_key_cookie),
):
if api_key_query == API_KEY:
return api_key_query
elif api_key_header == API_KEY:
return api_key_header
elif api_key_cookie == API_KEY:
return api_key_cookie
else:
raise HTTPException(status_code=HTTP_401_UNAUTHORIZED,
from fastapi.security.api_key import APIKeyCookie
from starlette.status import HTTP_403_FORBIDDEN
from fastapi import Depends, HTTPException, Security
from sqlalchemy.orm import Session
import jwt
from api.utils.db import get_db
from api.models.schema import User
from api.core.jwt import get_token_payload
from api import crud
import os
oauth2_scheme_header = OAuth2PasswordBearer(tokenUrl="/token/auth",
auto_error=False)
oauth2_scheme_cookie = APIKeyCookie(name="Authorization", auto_error=False)
def oauth2_cookie_password_scheme(
header_token: str = Security(oauth2_scheme_header),
cookie_token: str = Security(oauth2_scheme_cookie)):
if cookie_token:
return cookie_token
elif header_token:
return header_token
else:
raise HTTPException(status_code=HTTP_403_FORBIDDEN,
detail="Not authenticated")
async def get_current_user(token: str = Depends(oauth2_scheme_header),
from fastapi import Depends
from fastapi.security.api_key import APIKeyCookie
from jose import jwt, JWTError
from app.settings import SECRET_KEY
from services.responses import raise_http_exception
from users.shcemas import User, UserDto
#######################################
# Auth & Seciruty Constants #
#######################################
COOKIE_SESSION_NAME = "oreo_session_key" # You can change it and keep secret
auth_schema = APIKeyCookie(name=COOKIE_SESSION_NAME)
#######################################
# Auth & Seciruty Helpers #
#######################################
def create_access_token(email: str, recovery_password: bool = False) -> str:
"""
Create a encoded JWT.
Params:
- email: str - The user email
- recovery_password: bool - Indicate if the token must have a short expiration time
Return:
async def is_authenticated(authorization: APIKey = Security(
APIKeyCookie(name="Authorization", auto_error=False))):
if authorization:
return authorization.name
return authorization
BadCredentials,
BadCredentialsKeyNotFound,
RevokedCredentials,
UnauthorizedRequest,
)
from .schema import AuthApiKeyRecord
from .utils import cookie_name_from_auth_name, header_name_from_auth_name
logger = logging.getLogger("opennem.auth")
APP_AUTH_COOKIE_NAME = cookie_name_from_auth_name(settings.api_app_auth_name)
APP_AUTH_HEADER_NAME = header_name_from_auth_name(settings.api_app_auth_name)
api_key_query = APIKeyQuery(name=APP_AUTH_COOKIE_NAME, auto_error=False)
api_key_header = APIKeyHeader(name=APP_AUTH_HEADER_NAME, auto_error=False)
api_key_cookie = APIKeyCookie(name=APP_AUTH_COOKIE_NAME, auto_error=False)
def get_api_key_record(api_key: str) -> AuthApiKeyRecord:
"""Get an API Key record from the database"""
session = get_scoped_session()
try:
api_key = validate_api_key(api_key)
except Exception as e:
logger.error("Bad API key {}: {}".format(api_key, e))
raise UnauthorizedRequest()
api_key_record: Optional[ApiKeys] = (session.query(ApiKeys).filter_by(
keyid=api_key).one_or_none())
import hashlib
from fastapi import Security, HTTPException, status, Depends
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader
from sqlalchemy import select
from sqlalchemy.sql import bindparam
from core.pydantic_models import UserInDB
from core.setting import get_setting, redisDBenum
from db.connector import db, get_redis
from db.models.user import user
access_token_query = APIKeyQuery(name="access_token", auto_error=False)
access_token_header = APIKeyHeader(name="access_token", auto_error=False)
access_token_cookie = APIKeyCookie(name="access_token", auto_error=False)
def hash_password(password: str) -> str:
temp_hash = password
for _ in range(10000):
temp_hash = hashlib.sha512(temp_hash.encode("utf-8")).hexdigest()
return temp_hash
async def get_access_token(
access_token_query: str = Security(access_token_query),
access_token_header: str = Security(access_token_header),
access_token_cookie: str = Security(access_token_cookie),
):
if access_token_query is not None:
from .exceptions import unauthorized_401
#################
# Auth Settings #
#################
SECRET = settings.SECRET_JWT
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_DAYS = 30 # One month
######################
# Security Instances #
######################
pwd_context = CryptContext(schemes=["bcrypt"])
auth_scheme = APIKeyCookie(name=settings.COOKIE_SESSION_NAME)
##########################
# Helper Auth Functions #
##########################
def verify_password(plain_password: str, hashed_password: str) -> bool:
"""Verify the enter password with the hashed password stored in db.
Params:
-------
- plain_password: str - The plain password from the request form.
- hashed_password: str -The hashed password stored in db.
Return:
from fastapi.security.api_key import APIKeyCookie, APIKeyHeader API_KEY_NAME = "api_key" cookie_scheme = APIKeyCookie(name="bgm-tv-auto-tracker", auto_error=False) API_KEY_HEADER = APIKeyHeader(name="api-key", auto_error=False) API_KEY_COOKIES = APIKeyCookie(name="api-key", auto_error=False)
from typing import List, Optional
from fastapi import Depends, HTTPException, Request, Response, Security, status
from fastapi.security.api_key import APIKeyCookie, APIKeyHeader
from sqlalchemy.orm import Session
from lation.modules.base.models.end_user import EndUser, EndUserToken
from lation.modules.base.models.payment import PaymentGateway
from lation.modules.base_fastapi.dependencies import get_session
from lation.modules.customer.customer import CustomerApp
from lation.modules.customer.models.platform import Platform
# https://medium.com/data-rebels/fastapi-authentication-revisited-enabling-api-key-authentication-122dc5975680
access_token_cookie_scheme = APIKeyCookie(scheme_name='Access Token Cookie Scheme',
name=CustomerApp.ACCESS_TOKEN_COOKIE_KEY,
auto_error=False)
access_token_header_scheme = APIKeyHeader(scheme_name='Access Token Header Scheme',
name=CustomerApp.ACCESS_TOKEN_HEADER_KEY,
auto_error=False)
async def get_access_token(access_token_cookie:Optional[str]=Security(access_token_cookie_scheme),
access_token_header:Optional[str]=Security(access_token_header_scheme)) -> str:
if access_token_cookie:
return access_token_cookie
elif access_token_header:
return access_token_header
else:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Access token required')
async def login_required(request:Request, access_token:str=Depends(get_access_token), session:Session=Depends(get_session)):
end_user_token = session.query(EndUserToken)\
# Inspired by: https://gist.github.com/nilsdebruin/a78c5e200e7df014a92580b4fc51c53f
# Purpose: Restrict access to the API with an API key.
# To chose an API key, put a file called ".env" in this folder, and write "API_KEY=something" to make "something" the key/password.
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader
from fastapi import Security, HTTPException
from starlette.status import HTTP_403_FORBIDDEN
import os
API_KEY = os.environ['API_KEY']
if not API_KEY:
print('API_KEY is not set! Exiting...')
exit(1)
api_key_query = APIKeyQuery(name='api_key', auto_error=False)
api_key_header = APIKeyHeader(name='api_key', auto_error=False)
api_key_cookie = APIKeyCookie(name='api_key', auto_error=False)
async def get_api_key(
api_key_query: str = Security(api_key_query),
api_key_header: str = Security(api_key_header),
api_key_cookie: str = Security(api_key_cookie),
):
if api_key_query == API_KEY:
return api_key_query
elif api_key_header == API_KEY:
return api_key_header
elif api_key_cookie == API_KEY:
return api_key_cookie
else:
raise HTTPException(status_code=HTTP_403_FORBIDDEN,
