-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecure_auth_with_db_example.py
More file actions
156 lines (125 loc) · 3.37 KB
/
secure_auth_with_db_example.py
File metadata and controls
156 lines (125 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
from tinydb import TinyDB, Query
import hug
import hashlib
import logging
import os
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
db = TinyDB('db.json')
"""
Helper Methods
"""
def hash_password(password, salt):
"""
Securely hash a password using a provided salt
:param password:
:param salt:
:return: Hex encoded SHA512 hash of provided password
"""
password = str(password).encode('utf-8')
salt = str(salt).encode('utf-8')
return hashlib.sha512(password + salt).hexdigest()
def gen_api_key(username):
"""
Create a random API key for a user
:param username:
:return: Hex encoded SHA512 random string
"""
salt = str(os.urandom(64)).encode('utf-8')
return hash_password(username, salt)
@hug.cli()
def authenticate_user(username, password):
"""
Authenticate a username and password against our database
:param username:
:param password:
:return: authenticated username
"""
user_model = Query()
user = db.get(user_model.username == username)
if not user:
logger.warning("User %s not found", username)
return False
if user['password'] == hash_password(password, user.get('salt')):
return user['username']
return False
@hug.cli()
def authenticate_key(api_key):
"""
Authenticate an API key against our database
:param api_key:
:return: authenticated username
"""
user_model = Query()
user = db.search(user_model.api_key == api_key)[0]
if user:
return user['username']
return False
"""
API Methods start here
"""
api_key_authentication = hug.authentication.api_key(authenticate_key)
basic_authentication = hug.authentication.basic(authenticate_user)
@hug.cli()
def add_user(username, password):
"""
CLI Parameter to add a user to the database
:param username:
:param password:
:return: JSON status output
"""
user_model = Query()
if db.search(user_model.username == username):
return {
'error': 'User {0} already exists'.format(username)
}
salt = hashlib.sha512(str(os.urandom(64)).encode('utf-8')).hexdigest()
password = hash_password(password, salt)
api_key = gen_api_key(username)
user = {
'username': username,
'password': password,
'salt': salt,
'api_key': api_key
}
user_id = db.insert(user)
return {
'result': 'success',
'eid': user_id,
'user_created': user
}
@hug.get('/api/get_api_key', requires=basic_authentication)
def get_token(authed_user: hug.directives.user):
"""
Get Job details
:param authed_user:
:return:
"""
user_model = Query()
user = db.search(user_model.username == authed_user)[0]
if user:
out = {
'user': user['username'],
'api_key': user['api_key']
}
else:
# this should never happen
out = {
'error': 'User {0} does not exist'.format(authed_user)
}
return out
# Same thing, but authenticating against an API key
@hug.get(('/api/job', '/api/job/{job_id}/'), requires=api_key_authentication)
def get_job_details(job_id):
"""
Get Job details
:param job_id:
:return:
"""
job = {
'job_id': job_id,
'details': 'Details go here'
}
return job
if __name__ == '__main__':
add_user.interface.cli()