Skip to content

D
dify
Commit 34ce138b authored by crazywoola's avatar crazywoola
Browse files
Options

chore: cleanup unused vars

parent be7e367a
Hide whitespace changes
Inline Side-by-side
Showing with 47 additions and 32 deletions
api/controllers/web/passport.py
View file @ 34ce138b
...@@ -15,7 +15,6 @@ class PassportResource(Resource): ...@@ -15,7 +15,6 @@ class PassportResource(Resource):
if app_id is None: if app_id is None:
raise Unauthorized('X-Site-Code header is missing.') raise Unauthorized('X-Site-Code header is missing.')
sk = current_app.config.get('SECRET_KEY')
# get site from db and check if it is normal # get site from db and check if it is normal
site = db.session.query(Site).filter( site = db.session.query(Site).filter(
Site.code == app_id, Site.code == app_id,
...@@ -46,8 +45,8 @@ class PassportResource(Resource): ...@@ -46,8 +45,8 @@ class PassportResource(Resource):
'end_user_id': end_user.id, 'end_user_id': end_user.id,
} }
tk = PassportService(sk, payload).get_token() tk = PassportService().issue(payload)
return { return {
'access_token': tk, 'access_token': tk,
} }
......
api/controllers/web/wraps.py
View file @ 34ce138b
...@@ -2,33 +2,25 @@ ...@@ -2,33 +2,25 @@
import uuid import uuid
from functools import wraps from functools import wraps
from flask import request, session from flask import request, session, current_app
from flask_restful import Resource from flask_restful import Resource
from werkzeug.exceptions import NotFound, Unauthorized from werkzeug.exceptions import NotFound, Unauthorized
from extensions.ext_database import db from extensions.ext_database import db
from models.model import App, Site, EndUser from models.model import App, Site, EndUser
from libs.passport import PassportService
def validate_jwt_token(view=None): def validate_jwt_token(view=None):
def decorator(view): def decorator(view):
@wraps(view) @wraps(view)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
site = get_site_from_jwt_token() app_model, end_user = decode_jwt_token()
app_model = db.session.query(App).filter(App.id == site.app_id).first()
if not app_model:
raise NotFound()
if app_model.status != 'normal':
raise NotFound()
if not app_model.enable_site:
raise NotFound()
end_user = get_end_user_from_jwt_token()
return view(app_model, end_user, *args, **kwargs) return view(app_model, end_user, *args, **kwargs)
return decorated return decorated
if view:
return decorator(view)
return decorator
def validate_token(view=None): def validate_token(view=None):
def decorator(view): def decorator(view):
...@@ -67,9 +59,9 @@ def validate_and_get_site(): ...@@ -67,9 +59,9 @@ def validate_and_get_site():
if ' ' not in auth_header: if ' ' not in auth_header:
raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.') raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
auth_scheme, auth_tokens = auth_header.split(None, 1) auth_scheme, auth_token = auth_header.split(None, 1)
auth_scheme = auth_scheme.lower() auth_scheme = auth_scheme.lower()
auth_token, jwt_token = [token.strip() for token in auth_tokens.split(',')]
if auth_scheme != 'bearer': if auth_scheme != 'bearer':
raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.') raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
...@@ -124,11 +116,28 @@ def generate_session_id(): ...@@ -124,11 +116,28 @@ def generate_session_id():
return session_id return session_id
def get_site_from_jwt_token(): def decode_jwt_token():
return "site" auth_header = request.headers.get('Authorization')
if auth_header is None:
raise Unauthorized('Authorization header is missing.')
if ' ' not in auth_header:
raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
auth_scheme, tk = auth_header.split(None, 1)
auth_scheme = auth_scheme.lower()
if auth_scheme != 'bearer':
raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
decoded = PassportService().verify(tk)
app_model = db.session.query(App).filter(App.id == decoded['app_id']).first()
if not app_model:
raise NotFound()
end_user = db.session.query(EndUser).filter(EndUser.id == decoded['end_user_id']).first()
if not end_user:
raise NotFound()
def get_end_user_from_jwt_token(): return app_model, end_user
return "end_user"
class WebApiResource(Resource): class WebApiResource(Resource):
method_decorators = [validate_token] method_decorators = [validate_jwt_token]
api/libs/passport.py
View file @ 34ce138b
# -*- coding:utf-8 -*- # -*- coding:utf-8 -*-
import jwt import jwt
from werkzeug.exceptions import Unauthorized
from flask import current_app
class PassportService: class PassportService:
def __init__(self, sk, payload): def __init__(self):
self.sk = sk self.sk = current_app.config.get('SECRET_KEY')
self.payload = payload
def get_token(self): def issue(self, payload):
return jwt.encode(self.payload, self.sk, algorithm='HS256') return jwt.encode(payload, self.sk, algorithm='HS256')
def verify_token(self, token): def verify(self, token):
return jwt.decode(token, self.sk, algorithms=['HS256']) try:
return jwt.decode(token, self.sk, algorithms=['HS256'])
except jwt.exceptions.InvalidSignatureError:
raise Unauthorized('Invalid token signature.')
except jwt.exceptions.DecodeError:
raise Unauthorized('Invalid token.')
except jwt.exceptions.ExpiredSignatureError:
raise Unauthorized('Token has expired.')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment