async def authenticate(
self, request: HTTPConnection
) -> typing.Optional[typing.Tuple["AuthCredentials", "BaseUser"]]:
if request.get('method') == 'OPTIONS':
return
if "Authorization" not in request.headers:
raise AuthenticationError('Header not found')
auth = request.headers['Authorization']
schema, token = auth.split()
if schema != 'Bearer':
raise AuthenticationError('Wrong Schema')
endpoint = environ.get('AUTH_HOST', 'http://localhost') + '/validate'
r = requests.post(
endpoint,
data={'access_token': token}
)
if r.status_code != status.HTTP_200_OK:
raise AuthenticationError('Unauthorized')
return
async def authenticate(self, conn: HTTPConnection):
global payload
if conn.url.path == '/users/login' or conn.url.path == '/users/register':
return
if conn.url.path.startswith('/records/') and conn.url.path != '/records/' and conn.get('method') == 'GET':
return
if 'Authorization' not in conn.headers:
raise AuthenticationError()
# 就直接从请求头拿 jwt token ...
authorization = conn.headers.get('Authorization')
token = authorization.split(' ')[1]
try:
payload = jwt.decode(token, algorithms=['HS256'], key=config.JWT_SECRET)
except ExpiredSignatureError:
pass
username = payload.get('username')
id = payload.get('id')
user: Optional[UserModel] = UserModel.get_by_id(id)
if user:
return AuthCredentials(['user']), {'username': user.username, 'password': user.password}