def get_user_from_request(request): header_value = request.headers.get(HTTP_AUTH_HEADER, None) if header_value is None: return None chunks = header_value.split(" ") if len(chunks) != 2: return None key = chunks[1] token = Token.get(key) if not token: return None return token.user
def destroy(self, key): token = Token.get(key) if not token: return {"detail": "Not found"}, 404 if token.user != g.user: return {"detail": "Forbidden"}, 403 token.delete() return {}, 202