def get_me():
try:
access_token = get_access_token(request)
except:
return '', 403
user_id = db_load_or_install.token(access=access_token)[0]['user_id']
return json.dumps({
'login': db_load_or_install.user[user_id]['login'],
'name': db_load_or_install.user[user_id]['name'],
'email': db_load_or_install.user[user_id]['email'],
'phone': db_load_or_install.user[user_id]['phone'],
}, indent=4), 200, {
'Content-Type': 'application/json;charset=UTF-8'
}
def get_access_token(request):
access_token = request.headers.get('Authorization', '')[len('Bearer '):]
if not db_load_or_install.token(access=access_token) or db_load_or_install.token(access=access_token)[0]['expire_time'] < datetime.now():
raise Exception()
return access_token
def token():
try:
grant_type = request.form.get('grant_type')
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
except KeyError:
return json.dumps({'error': 'invalid_request'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
try:
client_id = int(client_id)
except:
client_id = None
if client_id not in db_load_or_install.client or db_load_or_install.client[client_id]['secret'] != client_secret:
return json.dumps({'error': 'invalid_client'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
if grant_type == 'authorization_code':
try:
code = request.form.get('code')
except KeyError:
return json.dumps({'error': 'invalid_request'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
if not db_load_or_install.authorization_code(code=code) or db_load_or_install.authorization_code(code=code)[0]['expire_time'] < datetime.now():
return json.dumps({'error': 'invalid_grant'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
user_id = db_load_or_install.authorization_code(code=code)[0]['user_id']
db_load_or_install.authorization_code.delete(db_load_or_install.authorization_code(code=code))
db_load_or_install.authorization_code.commit()
elif grant_type == 'refresh_token':
try:
refresh_token = request.form.get('refresh_token')
except KeyError:
return json.dumps({'error': 'invalid_request'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
if not db_load_or_install.token(refresh=refresh_token):
return json.dumps({'error': 'invalid_grant'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
user_id = db_load_or_install.token(refresh=refresh_token)[0]['user_id']
db_load_or_install.token.delete(db_load_or_install.token(refresh=refresh_token))
db_load_or_install.token.commit()
else:
traceback.print_exc(file=sys.stdout)
return json.dumps({'error': 'unsupported_grant_type'}), 400, {
'Content-Type': 'application/json;charset=UTF-8',
}
access_token = sha256(str(uuid4()).encode('UTF-8')).hexdigest()
expire_time = datetime.now() + timedelta(hours=1)
refresh_token = sha256(str(uuid4()).encode('UTF-8')).hexdigest()
db_load_or_install.token.insert(user_id=user_id,
access=access_token,
expire_time=expire_time,
refresh=refresh_token)
db_load_or_install.token.commit()
return json.dumps({
'access_token': access_token,
'token_type': 'bearer',
'expires_in': 3600,
'refresh_token': refresh_token,
}), 200, {
'Content-Type': 'application/json;charset=UTF-8',
'Cache-Control': 'no-store',
'Pragma': 'no-cache',
}