Moar boilerplate for authetication
This commit is contained in:
parent
83f99bd411
commit
1c87dc5c36
2 changed files with 42 additions and 1 deletions
|
|
@ -15,3 +15,6 @@ def check_password(encrypted_password,clear_password,salt=None):
|
|||
salt=binascii.unhexlify(salt) if salt else ''
|
||||
return encrypted_password==binascii.hexlify(hashlib.pbkdf2_hmac("sha512",clear_password,salt,__ROUNDS))
|
||||
|
||||
def login_validation(auth,auth_value):
|
||||
#TBD
|
||||
return True
|
||||
40
server.py
40
server.py
|
|
@ -1,13 +1,16 @@
|
|||
from bottle import route, run,template,app,default_app
|
||||
from bottle import route, run,template,app,default_app,install,request,response,post,get
|
||||
from bottlejwt import JwtPlugin
|
||||
import logging
|
||||
import json
|
||||
import os
|
||||
import password_manager
|
||||
|
||||
logging.basicConfig(level=logging.DEBUG,)
|
||||
log=logging.getLogger("rudemaps")
|
||||
CONFIG={}
|
||||
|
||||
|
||||
|
||||
def load_config(config_file="config.json"):
|
||||
global CONFIG
|
||||
log.debug("loading configuration file")
|
||||
|
|
@ -27,7 +30,42 @@ def root():
|
|||
def myName(item):
|
||||
return template('map_template', item=item)
|
||||
|
||||
@post("/login")
|
||||
def login():
|
||||
login_data=request.json
|
||||
response['Access-Control-Allow-Origin'] = '*'
|
||||
response.content_type="application/json"
|
||||
print "Loggin in: %s"%str(login_data)
|
||||
token=JwtPlugin.encode(login_data)
|
||||
return {'status':'OK','token':token}
|
||||
|
||||
@get("/secure", auth="SECURE_TEST")
|
||||
def secure(auth):
|
||||
"""Secured URL to check if auth is working"""
|
||||
response['Access-Control-Allow-Origin'] = '*'
|
||||
response.content_type = "application/json"
|
||||
return {"status":"OK","content":"secured content succesfully accessed","auth":auth}
|
||||
|
||||
|
||||
|
||||
@route('/<:re:.*>', method='OPTIONS')
|
||||
def enableCORSGenericRoute():
|
||||
"""Generic regex route to catch cors call from browser
|
||||
this should be really configured to allow the right domain
|
||||
"""
|
||||
#for h in request.headers:
|
||||
#print "%s => %s"%(h,request.headers[h])
|
||||
response.headers['Access-Control-Allow-Origin'] = '*'
|
||||
response.headers['Access-Control-Allow-Methods'] = "POST, GET, OPTIONS"
|
||||
if (request.headers.get('Access-Control-Request-Headers')):
|
||||
response.headers['Access-Control-Allow-Headers'] = request.headers['Access-Control-Request-Headers']
|
||||
|
||||
|
||||
|
||||
load_config()
|
||||
install(JwtPlugin(password_manager.login_validation,CONFIG['jwt_secret'], algorithm='HS256'))
|
||||
|
||||
|
||||
|
||||
if __name__=='__main__':
|
||||
#DEVEL SERVER
|
||||
|
|
|
|||
Loading…
Reference in a new issue