def post(self, data=None): """ .. http:post:: /keys Creates an API Key. **Example request**: .. sourcecode:: http POST /keys HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "name": "my custom name", "user_id": 1, "ttl": -1 } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if not ApiKeyCreatorPermission().can(): if data["user"]["id"] != g.current_user.id: return ( dict( message="You are not authorized to create tokens for: {0}".format( data["user"]["username"] ) ), 403, ) access_token = service.create( name=data["name"], user_id=data["user"]["id"], ttl=data["ttl"], revoked=False, issued_at=int(datetime.utcnow().timestamp()), ) return dict( jwt=create_token(access_token.user_id, access_token.id, access_token.ttl) )
def put(self, uid, aid, data=None): """ .. http:put:: /users/1/keys/1 update one api key **Example request**: .. sourcecode:: http PUT /users/1/keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "new_name", "revoked": false, "ttl": -1 } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict( message="You are not authorized to update this token!"), 403 service.update(access_key, name=data["name"], revoked=data["revoked"], ttl=data["ttl"]) return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))
def get(self): """ .. http:get:: /keys The current list of api keys, that you can see. **Example request**: .. sourcecode:: http GET /keys HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "custom name", "user_id": 1, "ttl": -1, "issued_at": 12, "revoked": false } ], "total": 1 } :query sortBy: field to sort on :query sortDir: asc or desc :query page: int default is 1 :query count: count number. default is 10 :query user_id: a user to filter by. :query id: an access key to filter by. :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ parser = paginated_parser.copy() args = parser.parse_args() args["has_permission"] = ApiKeyCreatorPermission().can() args["requesting_user_id"] = g.current_user.id return service.render(args)
def get(self, uid, aid): """ .. http:get:: /users/1/keys/1 Fetch one api key **Example request**: .. sourcecode:: http GET /users/1/api_keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "jwt": "" } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict( message="You are not authorized to view this token!"), 403 return dict(jwt=create_token(access_key.user_id, access_key.id, access_key.ttl))
def get(self, aid): """ .. http:get:: /keys/1/described Fetch one api key **Example request**: .. sourcecode:: http GET /keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 2, "name": "hoi", "user_id": 2, "ttl": -1, "issued_at": 1222222, "revoked": false } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict( message="You are not authorized to view this token!"), 403 return access_key
def delete(self, uid, aid): """ .. http:delete:: /users/1/keys/1 deletes one api key **Example request**: .. sourcecode:: http DELETE /users/1/keys/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "result": true } :reqheader Authorization: OAuth token to authenticate :statuscode 200: no error :statuscode 403: unauthenticated """ if uid != g.current_user.id: if not ApiKeyCreatorPermission().can(): return dict(message="You are not authorized to view this token!"), 403 access_key = service.get(aid) if access_key is None: return dict(message="This token does not exist!"), 404 if access_key.user_id != uid: return dict(message="You are not authorized to delete this token!"), 403 service.delete(access_key) return {'result': True}