def post_adminlogin():
args, code = validate_request_query()
if code != 202:
return make_response(jsonify(args), code)
auth = request.authorization
if not auth or not auth.username or not auth.password:
data = make_error_data(
error.UnauthorizedError("Authorization information missing"))
code = 401
return make_response(
jsonify(data), code,
{'WWW-Authenticate': 'Basic realm="Login required"'})
try:
data = sql.select_by_id('admin', 1)
data = schema.convert_instance_formatted_properties_to_json(
'admin', data)
code = 200
except error.NotFoundError or error.DBError:
data = make_error_data(
error.UnauthorizedError("Internal server error"))
code = 500
return make_response(jsonify(data), code)
if not auth.username == data['name'] or not check_password_hash(
data['password'], auth.password):
data = make_error_data(
error.UnauthorizedError(
"Authorization information could not be verified"))
code = 401
return make_response(
jsonify(data), code,
{'WWW-Authenticate': 'Basic realm="Login required"'})
token = jwt.encode(
{
'name': data['name'],
'exp': datetime.utcnow() + timedelta(hours=1)
},
config.rest['SECRET_KEY'],
algorithm="HS256")
data = {'token': token}
res = make_response(jsonify(data), code)
res.set_cookie('adminToken',
token,
expires=datetime.now() + timedelta(hours=1),
secure=True,
httponly=True)
return res
def verify_admin_token():
# check for token
token = None
if 'x-access-token' in request.headers:
token = request.headers['x-access-token']
# token = request.cookies.get('adminToken')
if not token:
data = make_error_data(
error.UnauthorizedError(
"Resource not available without suitable access token"))
code = 401
return data, code
# validate token
try:
token_data = jwt.decode(token,
config.rest['SECRET_KEY'],
algorithms="HS256")
except jwt.exceptions.ExpiredSignatureError:
data = make_error_data(
error.UnauthorizedError(
"Access token expired, please login again"))
code = 401
return data, code
except jwt.exceptions.InvalidTokenError:
data = make_error_data(
error.UnauthorizedError(
"Access token invalid, please login again"))
code = 401
return data, code
# validate admin user
try:
data = sql.select_by_id('admin', 1)
data = schema.convert_instance_formatted_properties_to_json(
'admin', data)
except error.NotFoundError or error.DBError:
data = make_error_data(
error.UnauthorizedError("Internal server error"))
code = 500
return data, code
if token_data['name'] != data['name']:
data = make_error_data(
error.UnauthorizedError("Insufficient permissions"))
code = 403
return data, code
data = {'token': token}
code = 202
return jsonify(data), code
def get_info():
args, code = validate_request_query()
if code != 202:
return make_response(jsonify(args), code)
try:
data = sql.select_by_id('info', 1)
data = schema.convert_instance_formatted_properties_to_json(
'info', data)
code = 200
except error.NotFoundError as e:
data = make_error_data(e)
code = 404
except error.DBError as e:
data = make_error_data(e)
code = 500
return make_response(jsonify(data), code)
def get_subscribers_id(id):
data, code = verify_admin_token()
if code != 202:
return make_response(jsonify(data), code)
args, code = validate_request_query()
if code != 202:
return make_response(jsonify(args), code)
try:
data = sql.select_by_id('subscriber', id)
data = schema.convert_instance_formatted_properties_to_json(
'subscriber', data)
code = 200
except error.NotFoundError as e:
data = make_error_data(e)
code = 404
except error.DBError as e:
data = make_error_data(e)
code = 500
return make_response(jsonify(data), code)