def _decorator(*args, **kwargs):
from members.models import Member
from organizations.models import Organization
if 'app-key' not in request.headers:
response = jsonify({'code': 401, 'message': 'App-Key header is required.'})
response.status_code = 401
return response
if 'auth-token' not in request.headers:
response = jsonify({'code': 401, 'message': 'Auth-Token header is required.'})
response.status_code = 401
return response
if 'organization' not in request.headers:
response = jsonify({'code': 401, 'message': 'Organization header is required.'})
response.status_code = 401
return response
session = Session.find_by_token(request.headers['auth-token'])
if not session or session.profile.application.app_key != request.headers['app-key']:
response = jsonify({'code': 401, 'message': 'Session has expired.'})
response.status_code = 401
return response
member = Member.query.filter(Member.profile_id == session.profile_id) \
.join(Member.organization) \
.filter(Organization.name == request.headers['organization']) \
.first()
if not member:
response = jsonify({'code': 401, 'message': 'Organization not found.'})
response.status_code = 401
return response
g.member = member
g.organization = member.organization
g.application = member.organization.application
return view_func(*args, **kwargs)
def wrapper(*args, **kwargs):
try:
auth = request.headers.get('Authorization', None)
assert auth is not None
if level == 'bearer':
assert auth[0:6].lower() == 'bearer'
if auth[0:6].lower() == 'bearer':
"""
Authorization: Bearer XXXXXXXX
Is for access from the web application
"""
from auth.models import Session
session = Session.find_by_token(auth[7:])
assert session is not None
g.account = session.account
elif auth[0:5].lower() == 'basic':
"""
Authorization: Basic sk_xxxxxx
Is for access from the API
"""
passwd = None
if auth[6:8] == 'sk':
passwd = auth[6:]
else:
try:
credentials = base64.b64decode(
auth[6:].encode('utf-8')).decode('utf-8')
except Exception:
raise AssertionError('Invalid credential provided')
assert credentials.find(':') > -1
assert credentials.count(':') == 1
passwd = credentials.split(':')[
1] # Authorization : api:sk_xxxxx
assert passwd[0:2] == 'sk'
from accounts.models import ApiKey
account = ApiKey.account_by_token(passwd)
assert account is not None
g.account = account
except AssertionError as e:
print(e)
abort(401)
remote_addr = request.remote_addr
if request.headers.getlist("X-Forwarded-For"):
remote_addr = request.headers.getlist("X-Forwarded-For")[0]
key = 'rate-limit/{0}/{1}'.format(remote_addr, request.endpoint)
ratelimit = RateLimit(key, limit)
g._view_rate_limit = ratelimit
if ratelimit.over_limit:
return make_response(
jsonify({
'success':
False,
'error':
'You have been rate limited. Please wait {0} seconds.'.
format(ratelimit.reset - int(time.time())),
'code':
429
}), 429)
if auth[0:5].lower() != 'basic' and g.get('_ga') is not None:
g._ga.set_uid(g.account.uuid)
return view_func(*args, **kwargs)
