-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.py
89 lines (73 loc) · 3 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
import os
from db import db
from blacklist import BLACKLIST
from flask import Flask
from flask_restful import Resource, Api
from flask_jwt_extended import JWTManager
from resources.user import UserRegister, User, UserLogin, TokenRefresh, UserLogout
from resources.item import Item, ItemList
from resources.store import Store, StoreList
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get('DATABASE_URL','sqlite:///data.db')
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
app.config['PROPAGATE_EXCEPTIONS'] = True
app.config['JWT_BLACKLIST_ENABLED'] = True # enable blacklist feature
app.config['JWT_BLACKLIST_TOKEN_CHECKS'] = ['access', 'refresh'] # allow blacklisting for access and refresh tokens
app.secret_key = 'my_super_secret_key'
api = Api(app)
@app.before_first_request
def create_tables():
db.create_all()
jwt = JWTManager(app)
"""
`claims` are data we choose to attach to each jwt payload
and for each jwt protected endpoint, we can retrieve these claims via `get_jwt_claims()`
one possible use case for claims are access level control, which is shown below.
"""
@jwt.user_claims_loader
def add_claims_to_jwt(identity): # Remember identity is what we define when creating the access token
if identity == 1: # instead of hard-coding, we should read from a config file or database to get a list of admins instead
return {'is_admin': True}
return {'is_admin': False}
# This method will check if a token is blacklisted, and will be called automatically when blacklist is enabled
@jwt.token_in_blacklist_loader
def check_if_token_in_blacklist(decrypted_token):
return decrypted_token['jti'] in BLACKLIST # Here we blacklist particular users.
# The following callbacks are used for customizing jwt response/error messages.
# The original ones may not be in a very pretty format (opinionated)
@jwt.expired_token_loader
def expired_token_callback():
return jsonify({
'description': 'The token has expired.',
'error': 'token_expired'
}), 401
@jwt.unauthorized_loader
def missing_token_callback(error):
return jsonify({
'description': 'Request does not contain an access token.',
'error': 'authorization_required'
}), 401
@jwt.needs_fresh_token_loader
def token_not_fresh_callback():
return jsonify({
'description': 'The token is not fresh.',
'error': 'fresh_token_required'
}), 401
@jwt.revoked_token_loader
def revoked_token_callback():
return jsonify({
'description': 'The token has been revoked.',
'error': 'token_revoked'
}), 401
api.add_resource(Store, '/store/<string:name>')
api.add_resource(StoreList, '/stores')
api.add_resource(Item, '/item/<string:name>')
api.add_resource(ItemList, '/items')
api.add_resource(UserRegister, '/register')
api.add_resource(User, '/user/<int:user_id>')
api.add_resource(UserLogin, '/login')
api.add_resource(TokenRefresh, '/refresh')
api.add_resource(UserLogout, '/logout')
if __name__ == '__main__':
db.init_app(app)
app.run(port=5000, debug=True)