| 12345678910111213141516171819202122232425262728293031323334 |
- from collections import namedtuple
- from flask import current_app, g, request
- from flask_httpauth import HTTPBasicAuth
- from itsdangerous import Serializer, BadSignature, SignatureExpired
- from app.libs.error_code import AuthFailed, Forbidden
- from app.libs.scope import is_in_scope
- auth = HTTPBasicAuth(scheme='JWT')
- User = namedtuple('User', ['uid'])
- @auth.verify_password
- def verify_password(token, password):
- user_info = verify_auth_token(token)
- if not user_info:
- return False
- else:
- g.user = user_info
- return True
- def verify_auth_token(token):
- s = Serializer(current_app.config['SECRET_KEY'])
- try:
- data = s.loads(token)
- except SignatureExpired:
- raise AuthFailed(message='token无效', code=1003)
- except BadSignature:
- raise AuthFailed(message='token过期', code=1002)
- uid = data['uid']
- allow = is_in_scope(request.endpoint)
- if not allow:
- raise Forbidden()
- return User(uid)
|
