async def auth(request: web.Request): logger.debug('check user: %s %s' % (request.method, request.path)) if is_exclude(request): return await handler(request) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = await cookie2user(cookie_str) if user: logger.debug('set current user: %s' % user.email) request.__user__ = user if request.path.startswith('/manage/') and ( request.__user__ is None or not request.__user__.admin): logger.info(str(request.__user__)) return web.HTTPFound('/signin') return await handler(request)
async def auth_middleware(request: web.Request, handler): """ 1. check user_cookie and bind user to request.__user__ 2. check permission for administrative operations. :param request: :param handler: :return: """ user = await cookie2user(request.cookies.get(COOKIE_NAME)) request.__user__ = user if request.path.startswith('/manage/') and not (user and user.admin): raise web.HTTPFound('/signin') return await handler(request)