from collections import namedtuple

from flask import current_app, g, request
from flask_httpauth import HTTPBasicAuth
from itsdangerous import Serializer, BadSignature, SignatureExpired

from app.libs.error_code import AuthFailed, Forbidden
from app.libs.scope import is_in_scope

auth = HTTPBasicAuth(scheme='JWT')
User = namedtuple('User', ['uid'])

@auth.verify_password
def verify_password(token, password):
    user_info = verify_auth_token(token)
    if not user_info:
        return False
    else:
        g.user = user_info
        return True

def verify_auth_token(token):
    s = Serializer(current_app.config['SECRET_KEY'])
    try:
        data = s.loads(token)
    except SignatureExpired:
        raise AuthFailed(message='token无效', code=1003)
    except BadSignature:
        raise AuthFailed(message='token过期', code=1002)  
    uid = data['uid']
    allow = is_in_scope(request.endpoint)
    if not allow:
        raise Forbidden()
    return User(uid)