def jwt(self, request: Request, auth: Auth): if not request.input('username') or not request.input('password'): request.status(401) return {'error': 'missing username or password'} user = auth.once().login( request.input('username'), request.input('password'), ) if user: user.__hidden__ = ['password'] payload = { 'issued': str(pendulum.now()), 'expires': str(pendulum.now().add(minutes=5)), 'refresh': str(pendulum.now().add(days=14)), 'scopes': request.input('scopes'), 'user': user.serialize() } return { 'token': bytes(jwt.encode(payload, KEY, algorithm='HS256')).decode('utf-8'), 'expires_at': payload['expires'], 'refresh_expires_at': payload['refresh'], } return {'error': 'invalid authentication credentials'}
def current_user(self, request: Request): token = jwt.decode(request.header('HTTP_AUTHORIZATION').replace( 'Token ', ''), KEY, algorithms=['HS256']) if pendulum.parse(token['expires']).is_past(): request.status(401) return {'error': 'Your token has expired'} return {'user': request.user().serialize()}
def login(self, request: Request, auth: Auth): email = request.input('user.email') password = request.input('user.password') if auth.once().login(email, password): user = User.where('email', email).first() user.generate_token() return {'user': user.serialize()} request.status(400) return {'error': 'username or password incorrect'}
def delete(self, request: Request): comment = Comment.find(request.param('id')) if comment: comment.delete() return request.status(204) return {'error': 'Comment does not exist'}
def create(self, request: Request, validator: Validator, validate: Validator): comment_data = request.input('comment') errors = validator.validate( comment_data, validate.required(['body']), ) if errors: request.status(422) return {'errors': errors} article = Article.where('slug', request.param('slug')).first() comment = Comment(body=comment_data['body'], author_id=request.user().id) article.comments().save(comment) request.status(201) return {'comment': comment.payload()}
def show(self, request: Request): request.status(203) return 'read_single'
def change_404(self, request: Request): request.status(404) return 'test'
def change_status(self, request: Request): request.status(203) return 'test'