quaik8/sdb-back
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
52c60db8116ce2122531715e3f9f084b075669ba
sdb-back/app/services/decorators.py
JSC 52c60db811 refactor(auth): improve code structure and add user registration endpoint 
refactor(main): update index route response and remove greeting service

refactor(decorators): streamline authentication decorators and remove unused ones

test(routes): update tests to reflect changes in main routes and error messages
2025-06-28 20:47:45 +02:00

129 lines
3.4 KiB
Python
Raw Blame History

"""Authentication decorators and middleware."""
from functools import wraps
from typing import Any
from flask import jsonify, request
from flask_jwt_extended import get_jwt, get_jwt_identity, verify_jwt_in_request
def get_user_from_jwt() -> dict[str, Any] | None:
"""Helper function to get current user from JWT token."""
try:
# Try to verify JWT token in request - this sets up the context
verify_jwt_in_request()
current_user_id = get_jwt_identity()
if not current_user_id:
return None
claims = get_jwt()
is_active = claims.get("is_active", True)
if not is_active:
return None
return {
"id": current_user_id,
"email": claims.get("email", ""),
"name": claims.get("name", ""),
"picture": claims.get("picture"),
"role": claims.get("role", "user"),
"is_active": is_active,
"provider": claims.get("provider", "unknown"),
"providers": claims.get("providers", []),
}
except Exception:
return None
def get_user_from_api_token() -> dict[str, Any] | None:
"""Get user from API token in request headers."""
try:
auth_header = request.headers.get("Authorization")
if not auth_header:
return None
parts = auth_header.split()
if len(parts) != 2 or parts[0].lower() not in ["bearer", "token"]:
return None
api_token = parts[1]
from app.models.user import User
user = User.find_by_api_token(api_token)
if user and user.is_active:
return {
"id": str(user.id),
"email": user.email,
"name": user.name,
"picture": user.picture,
"role": user.role,
"is_active": user.is_active,
"provider": "api_token",
"providers": [p.provider for p in user.oauth_providers]
+ ["api_token"],
}
return None
except Exception:
return None
def get_current_user() -> dict[str, Any] | None:
"""Get current user from either JWT or API token."""
# Try JWT first
user = get_user_from_jwt()
if user:
return user
# Try API token
return get_user_from_api_token()
def require_auth(f):
"""Decorator to require authentication (JWT or API token) for routes."""
@wraps(f)
def wrapper(*args, **kwargs):
user = get_current_user()
if not user:
return (
jsonify(
{"error": "Authentication required (JWT or API token)"}
),
401,
)
return f(*args, **kwargs)
return wrapper
def require_role(required_role: str):
"""Decorator to require specific role for routes."""
def decorator(f):
@wraps(f)
def wrapper(*args, **kwargs):
user = get_current_user()
if not user:
return jsonify({"error": "Authentication required"}), 401
if user.get("role") != required_role:
return (
jsonify(
{
"error": f"Access denied. {required_role.title()} role required"
}
),
403,
)
return f(*args, **kwargs)
return wrapper
return decorator
Reference in New Issue View Git Blame Copy Permalink