def safe_handler(*args, **kwargs): session_token = request.args.get('session_token', '') user_id = request.args.get('user_id', 0) user = session.query(User).filter_by(user_id=user_id).first() sleep_amount = random.random()/5 if user and utils.str_equal(user.session_token, session_token) and \ utils.to_timestamp(user.session_token_expires_at) > time.time(): return handler(*args, **kwargs) else: time.sleep(sleep_amount) return ApiResponse(config.ACCESS_DENIED_MSG, status='403')
def safe_handler(*args, **kwargs): session = db.Session() session_token = request.args.get('session_token', '') user_id = request.args.get('user_id', 0) user = session.query(db.User).filter_by(user_id=user_id).first() if user and utils.str_equal(user.session_token, session_token) and \ utils.to_timestamp(user.session_token_expires_at) > time.time(): response = handler(*args, **kwargs) else: response = ApiResponse(config.ACCESS_DENIED_MSG, status='403') session.close() return response
def safe_handler(*args, **kwargs): session = db.Session() session_token = request.args.get('session_token', '') hospital_id = request.args.get('hospital_id', 0) print hospital_id hospital = session.query(db.Hospital).filter_by(_id=hospital_id).first() if hospital and hospital.session_token and \ utils.str_equal(hospital.session_token, session_token): response = handler(*args, **kwargs) else: response = ApiResponse(config.ACCESS_DENIED_MSG, status='403') session.close() return response