def _decorator(*args, **kwargs): from members.models import Member from organizations.models import Organization if 'app-key' not in request.headers: response = jsonify({'code': 401, 'message': 'App-Key header is required.'}) response.status_code = 401 return response if 'auth-token' not in request.headers: response = jsonify({'code': 401, 'message': 'Auth-Token header is required.'}) response.status_code = 401 return response if 'organization' not in request.headers: response = jsonify({'code': 401, 'message': 'Organization header is required.'}) response.status_code = 401 return response session = Session.find_by_token(request.headers['auth-token']) if not session or session.profile.application.app_key != request.headers['app-key']: response = jsonify({'code': 401, 'message': 'Session has expired.'}) response.status_code = 401 return response member = Member.query.filter(Member.profile_id == session.profile_id) \ .join(Member.organization) \ .filter(Organization.name == request.headers['organization']) \ .first() if not member: response = jsonify({'code': 401, 'message': 'Organization not found.'}) response.status_code = 401 return response g.member = member g.organization = member.organization g.application = member.organization.application return view_func(*args, **kwargs)
def wrapper(*args, **kwargs): try: auth = request.headers.get('Authorization', None) assert auth is not None if level == 'bearer': assert auth[0:6].lower() == 'bearer' if auth[0:6].lower() == 'bearer': """ Authorization: Bearer XXXXXXXX Is for access from the web application """ from auth.models import Session session = Session.find_by_token(auth[7:]) assert session is not None g.account = session.account elif auth[0:5].lower() == 'basic': """ Authorization: Basic sk_xxxxxx Is for access from the API """ passwd = None if auth[6:8] == 'sk': passwd = auth[6:] else: try: credentials = base64.b64decode( auth[6:].encode('utf-8')).decode('utf-8') except Exception: raise AssertionError('Invalid credential provided') assert credentials.find(':') > -1 assert credentials.count(':') == 1 passwd = credentials.split(':')[ 1] # Authorization : api:sk_xxxxx assert passwd[0:2] == 'sk' from accounts.models import ApiKey account = ApiKey.account_by_token(passwd) assert account is not None g.account = account except AssertionError as e: print(e) abort(401) remote_addr = request.remote_addr if request.headers.getlist("X-Forwarded-For"): remote_addr = request.headers.getlist("X-Forwarded-For")[0] key = 'rate-limit/{0}/{1}'.format(remote_addr, request.endpoint) ratelimit = RateLimit(key, limit) g._view_rate_limit = ratelimit if ratelimit.over_limit: return make_response( jsonify({ 'success': False, 'error': 'You have been rate limited. Please wait {0} seconds.'. format(ratelimit.reset - int(time.time())), 'code': 429 }), 429) if auth[0:5].lower() != 'basic' and g.get('_ga') is not None: g._ga.set_uid(g.account.uuid) return view_func(*args, **kwargs)