async def create_api_keys(request: Request,
key_info: m.AddApiKey,
session: Session = Depends(db.session)):
"""
API KEY 생성
:param request:
:param key_info:
:param session:
:return:
"""
user = request.state.user
api_keys = ApiKeys.filter(session, user_id=user.id,
status='active').count()
if api_keys == MAX_API_KEY:
raise ex.MaxKeyCountEx()
alphabet = string.ascii_letters + string.digits
s_key = ''.join(secrets.choice(alphabet) for _ in range(40))
uid = None
while not uid:
uid_candidate = f"{str(uuid4())[:-12]}{str(uuid4())}"
uid_check = ApiKeys.get(access_key=uid_candidate)
if not uid_check:
uid = uid_candidate
key_info = key_info.dict()
new_key = ApiKeys.create(session,
auto_commit=True,
secret_key=s_key,
user_id=user.id,
access_key=uid,
**key_info)
return new_key
async def delete_api_keys(request: Request, key_id: int, access_key: str):
user = request.state.user
await check_api_owner(user.id, key_id)
search_by_key = ApiKeys.filter(access_key=access_key)
if not search_by_key.first():
raise ex.NoKeyMatchEx()
search_by_key.delete(auto_commit=True)
return MessageOk()
async def get_api_keys(request: Request):
"""
API KEY 조회
:param request:
:return:
"""
user = request.state.user
api_keys = ApiKeys.filter(user_id=user.id).all()
return api_keys
async def update_api_keys(request: Request, key_id: int, key_info: m.AddApiKey):
"""
API KEY User Memo Update
:param request:
:param key_id:
:param key_info:
:return:
"""
user = request.state.user
key_data = ApiKeys.filter(id=key_id)
if key_data and key_data.first().user_id == user.id:
return key_data.update(auto_commit=True, **key_info.dict())
raise ex.NoKeyMatchEx()
async def access_control(request: Request, call_next):
request.state.req_time = D.datetime()
request.state.start = time.time()
request.state.inspect = None
request.state.user = None
request.state.service = None
ip = request.headers[
"x-forwarded-for"] if "x-forwarded-for" in request.headers.keys(
) else request.client.host
request.state.ip = ip.split(",")[0] if "," in ip else ip
headers = request.headers
cookies = request.cookies
url = request.url.path
if await url_pattern_check(url,
EXCEPT_PATH_REGEX) or url in EXCEPT_PATH_LIST:
response = await call_next(request)
if url != "/":
await api_logger(request=request, response=response)
return response
try:
if url.startswith("/api"):
# api 인경우 헤더로 토큰 검사
if url.startswith("/api/services"):
qs = str(request.query_params)
qs_list = qs.split("&")
session = next(db.session())
if not config.conf().DEBUG:
try:
qs_dict = {
qs_split.split("=")[0]: qs_split.split("=")[1]
for qs_split in qs_list
}
except Exception:
raise ex.APIQueryStringEx()
qs_keys = qs_dict.keys()
if "key" not in qs_keys or "timestamp" not in qs_keys:
raise ex.APIQueryStringEx()
if "secret" not in headers.keys():
raise ex.APIHeaderInvalidEx()
api_key = ApiKeys.get(session=session,
access_key=qs_dict["key"])
if not api_key:
raise ex.NotFoundAccessKeyEx(api_key=qs_dict["key"])
mac = hmac.new(bytes(api_key.secret_key, encoding='utf8'),
bytes(qs, encoding='utf-8'),
digestmod='sha256')
d = mac.digest()
validating_secret = str(
base64.b64encode(d).decode('utf-8'))
if headers["secret"] != validating_secret:
raise ex.APIHeaderInvalidEx()
now_timestamp = int(D.datetime(diff=9).timestamp())
if now_timestamp - 10 > int(
qs_dict["timestamp"]) or now_timestamp < int(
qs_dict["timestamp"]):
raise ex.APITimestampEx()
user_info = to_dict(api_key.users)
request.state.user = UserToken(**user_info)
else:
# Request User 가 필요함
if "authorization" in headers.keys():
key = headers.get("Authorization")
api_key_obj = ApiKeys.get(session=session,
access_key=key)
user_info = to_dict(
Users.get(session=session, id=api_key_obj.user_id))
request.state.user = UserToken(**user_info)
# 토큰 없음
else:
if "Authorization" not in headers.keys():
raise ex.NotAuthorized()
session.close()
response = await call_next(request)
return response
else:
if "authorization" in headers.keys():
token_info = await token_decode(
access_token=headers.get("Authorization"))
request.state.user = UserToken(**token_info)
# 토큰 없음
else:
if "Authorization" not in headers.keys():
raise ex.NotAuthorized()
else:
# 템플릿 렌더링인 경우 쿠키에서 토큰 검사
cookies[
"Authorization"] = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTQsImVtYWlsIjoia29hbGFAZGluZ3JyLmNvbSIsIm5hbWUiOm51bGwsInBob25lX251bWJlciI6bnVsbCwicHJvZmlsZV9pbWciOm51bGwsInNuc190eXBlIjpudWxsfQ.4vgrFvxgH8odoXMvV70BBqyqXOFa2NDQtzYkGywhV48"
if "Authorization" not in cookies.keys():
raise ex.NotAuthorized()
token_info = await token_decode(
access_token=cookies.get("Authorization"))
request.state.user = UserToken(**token_info)
response = await call_next(request)
await api_logger(request=request, response=response)
except Exception as e:
error = await exception_handler(e)
error_dict = dict(status=error.status_code,
msg=error.msg,
detail=error.detail,
code=error.code)
response = JSONResponse(status_code=error.status_code,
content=error_dict)
await api_logger(request=request, error=error)
return response
async def check_api_owner(user_id, key_id):
api_keys = ApiKeys.get(id=key_id, user_id=user_id)
if not api_keys:
raise ex.NoKeyMatchEx()