chore: cleanup unused vars

34ce138b · crazywoola · be7e367a · 34ce138b · 34ce138b · 34ce138b
Commit 34ce138b authored Jul 08, 2023 by crazywoola
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 32 deletions

passport.py api/controllers/web/passport.py +2 -3

wraps.py api/controllers/web/wraps.py +30 -21

passport.py api/libs/passport.py +15 -8

No files found.
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -15,7 +15,6 @@ class PassportResource(Resource):
        if app_id is None:
            raise Unauthorized('X-Site-Code header is missing.')

-        sk = current_app.config.get('SECRET_KEY')
        # get site from db and check if it is normal
        site = db.session.query(Site).filter(
            Site.code == app_id,
@@ -46,8 +45,8 @@ class PassportResource(Resource):
            'end_user_id': end_user.id,
        }

-        tk = PassportService(sk, payload).get_token()
-        
+        tk = PassportService().issue(payload)
+
        return {
            'access_token': tk,
        }

--- a/api/controllers/web/wraps.py
+++ b/api/controllers/web/wraps.py
@@ -2,33 +2,25 @@
 import uuid
 from functools import wraps

-from flask import request, session
+from flask import request, session, current_app
 from flask_restful import Resource
 from werkzeug.exceptions import NotFound, Unauthorized

 from extensions.ext_database import db
 from models.model import App, Site, EndUser
+from libs.passport import PassportService

 def validate_jwt_token(view=None):
    def decorator(view):
        @wraps(view)
        def decorated(*args, **kwargs):
-            site = get_site_from_jwt_token()
-
-            app_model = db.session.query(App).filter(App.id == site.app_id).first()
-            if not app_model:
-                raise NotFound()
-
-            if app_model.status != 'normal':
-                raise NotFound()
-
-            if not app_model.enable_site:
-                raise NotFound()
-
-            end_user = get_end_user_from_jwt_token()
+            app_model, end_user = decode_jwt_token()

            return view(app_model, end_user, *args, **kwargs)
        return decorated
+    if view:
+        return decorator(view)
+    return decorator
    
 def validate_token(view=None):
    def decorator(view):
@@ -67,9 +59,9 @@ def validate_and_get_site():
    if ' ' not in auth_header:
        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')

-    auth_scheme, auth_tokens = auth_header.split(None, 1)
+    auth_scheme, auth_token = auth_header.split(None, 1)
    auth_scheme = auth_scheme.lower()
-    auth_token, jwt_token = [token.strip() for token in auth_tokens.split(',')]
+
    if auth_scheme != 'bearer':
        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')

@@ -124,11 +116,28 @@ def generate_session_id():
            return session_id


-def get_site_from_jwt_token():
-    return "site"
+def decode_jwt_token():
+    auth_header = request.headers.get('Authorization')
+    if auth_header is None:
+        raise Unauthorized('Authorization header is missing.')
+
+    if ' ' not in auth_header:
+        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
+    
+    auth_scheme, tk = auth_header.split(None, 1)
+    auth_scheme = auth_scheme.lower()
+
+    if auth_scheme != 'bearer':
+        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
+    decoded = PassportService().verify(tk)
+    app_model = db.session.query(App).filter(App.id == decoded['app_id']).first()
+    if not app_model:
+        raise NotFound()
+    end_user = db.session.query(EndUser).filter(EndUser.id == decoded['end_user_id']).first()
+    if not end_user:
+        raise NotFound()

-def get_end_user_from_jwt_token():
-    return "end_user"
+    return app_model, end_user

 class WebApiResource(Resource):
-    method_decorators = [validate_token]
+    method_decorators = [validate_jwt_token]
--- a/api/libs/passport.py
+++ b/api/libs/passport.py
 # -*- coding:utf-8 -*-
 import jwt
-
+from werkzeug.exceptions import Unauthorized
+from flask import current_app
 class PassportService:
-    def __init__(self, sk, payload):
-        self.sk = sk
-        self.payload = payload
+    def __init__(self):
+        self.sk = current_app.config.get('SECRET_KEY')
    
-    def get_token(self):
-        return jwt.encode(self.payload, self.sk, algorithm='HS256')
+    def issue(self, payload):
+        return jwt.encode(payload, self.sk, algorithm='HS256')
    
-    def verify_token(self, token):
-        return jwt.decode(token, self.sk, algorithms=['HS256'])
+    def verify(self, token):
+        try:
+            return jwt.decode(token, self.sk, algorithms=['HS256'])
+        except jwt.exceptions.InvalidSignatureError:
+            raise Unauthorized('Invalid token signature.')
+        except jwt.exceptions.DecodeError:
+            raise Unauthorized('Invalid token.')
+        except jwt.exceptions.ExpiredSignatureError:
+            raise Unauthorized('Token has expired.')