forked from arti/doors
Add API auth for doors
This commit is contained in:
parent
7878cadb30
commit
3551611c85
@ -1,29 +1,33 @@
|
||||
from bottle import Bottle, request, response
|
||||
import hashlib
|
||||
from functools import partial
|
||||
|
||||
from bottle import Bottle, request, response, HTTPError
|
||||
|
||||
|
||||
api = Bottle()
|
||||
|
||||
scrypt = partial(hashlib.scrypt, n=16384, r=8, p=1)
|
||||
|
||||
|
||||
# FIXME: Fix door api auth
|
||||
def check_api_auth(callback):
|
||||
def wrapper(*args, **kwargs):
|
||||
print("check api auth")
|
||||
user, api_key = request.auth or (None, None)
|
||||
if "db" not in kwargs:
|
||||
request.current_user = None
|
||||
return callback(*args, **kwargs)
|
||||
user = None
|
||||
request.current_user = user
|
||||
if user:
|
||||
print(f"logged in as {user['user']}")
|
||||
print(request.current_user)
|
||||
return "Auth not possible, db not available"
|
||||
user = kwargs["db"].get_door_by_name_and_api_key(user) or {}
|
||||
stored_hash, salt = dict(user).get("api_key", ":").split(":")
|
||||
api_hash = scrypt(api_key, salt=salt)
|
||||
if user and api_hash == api_key:
|
||||
request.current_door = user
|
||||
print(f"logged in as {user['name']}")
|
||||
print(user)
|
||||
return callback(*args, **kwargs)
|
||||
else:
|
||||
print("not logged in")
|
||||
return "Invalid authentication"
|
||||
return wrapper
|
||||
|
||||
# FIXME: db plugin not available yet
|
||||
api.install(check_api_auth)
|
||||
|
||||
@api.route("/")
|
||||
def index():
|
||||
|
@ -83,7 +83,7 @@ class DB:
|
||||
);
|
||||
create table doors (
|
||||
id integer primary key,
|
||||
name text,
|
||||
name text unique,
|
||||
note text,
|
||||
api_key text,
|
||||
created text,
|
||||
@ -180,6 +180,24 @@ class DB:
|
||||
""")
|
||||
return cur.fetchall()
|
||||
|
||||
def add_door(self, name, note, api_key):
|
||||
self.add_doors([name, note, api_key, ])
|
||||
|
||||
def add_doors(self, doors):
|
||||
self.db.executemany("""
|
||||
insert into doors(name, note, api_key, created, disabled)
|
||||
values(?, ?, ?, ?, ?)
|
||||
""", doors)
|
||||
self.db.commit()
|
||||
|
||||
def get_door(self, door_id):
|
||||
cur = self.db.execute("select id, name, note, api_key, created, disabled from doors where id = ?", (door_id,))
|
||||
return cur.fetchone()
|
||||
|
||||
def get_door_by_name(self, name):
|
||||
cur = self.db.execute("select id, name, note, api_key, created, disabled from doors where name = ?", (name,))
|
||||
return cur.fetchone()
|
||||
|
||||
@staticmethod
|
||||
def import_ad(json_file):
|
||||
with open(json_file) as fp:
|
||||
|
@ -5,7 +5,7 @@ from bottle import Bottle, view, TEMPLATE_PATH, static_file, \
|
||||
request, redirect, response, HTTPError
|
||||
|
||||
from .db import SQLitePlugin
|
||||
from .api import api
|
||||
from .api import api, check_api_auth
|
||||
|
||||
application = app = Bottle()
|
||||
|
||||
@ -56,6 +56,7 @@ app.install(db_plugin)
|
||||
app.install(check_auth)
|
||||
|
||||
api.install(db_plugin)
|
||||
api.install(check_api_auth)
|
||||
app.mount("/api/v1", api)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user