Skip to content
Snippets Groups Projects
Normal view History Permalink
auth_guard.py 1.33 KiB
Newer Older
Davor's avatar
add permission layer for admins for backend API
Davor committed
1 
from functools import wraps
Arie Peterson's avatar
Track last recovery and login times  
Arie Peterson committed
2 
import os
Davor's avatar
add permission layer for admins for backend API
Davor committed
3 4 

from areas.roles.role_service import RoleService
Arie Peterson's avatar
Track last recovery and login times  
Arie Peterson committed
5 
from helpers import Unauthorized
Davor's avatar
add permission layer for admins for backend API
Davor committed
6
Arie Peterson's avatar
Track last recovery and login times  
Arie Peterson committed
7 
from flask import request
Davor's avatar
add me endpoint  
Davor committed
8 
from flask_jwt_extended import get_jwt, verify_jwt_in_request
Davor's avatar
add permission layer for admins for backend API
Davor committed
9
Davor's avatar
add me endpoint  
Davor committed
10
Davor's avatar
add permission layer for admins for backend API
Davor committed
11 12 13 14 15 16 
def admin_required():
    def wrapper(fn):
        @wraps(fn)
        def decorator(*args, **kwargs):
            verify_jwt_in_request()
            claims = get_jwt()
Davor's avatar
changed variable names to snake case  
Davor committed
17 18 19 
            user_id = claims["user_id"]
            is_admin = RoleService.is_user_admin(user_id)
            if is_admin:
Davor's avatar
add permission layer for admins for backend API
Davor committed
20 21 
                return fn(*args, **kwargs)
            else:
Davor's avatar
MR comments  
Davor committed
22 
                raise Unauthorized("You need to have admin permissions.")
Davor's avatar
add permission layer for admins for backend API
Davor committed
23 24 25 

        return decorator
Davor's avatar
add me endpoint  
Davor committed
26 
    return wrapper
Arie Peterson's avatar
Track last recovery and login times  
Arie Peterson committed
27 28 29 30 31 32 

def kratos_webhook():
    def wrapper(fn):
        @wraps(fn)
        def decorator(*args, **kwargs):
            header = request.headers.get("Authorization")
Tin Geber's avatar
temporary change, to remove before merging to main  
Tin Geber committed
33 34 35 36 
            # TO DO: uncomment line below once merged to main
            # if header is not None and header == os.environ.get("KRATOS_WEBHOOK_SECRET"):
            # TO DO: remove line below once merged to main
            if header is not None and header == os.environ.get("KRATOS_WEBHOOK_SECRET", "test-kratos-hooks-remove-before-merge"):
Arie Peterson's avatar
Track last recovery and login times  
Arie Peterson committed
37 38 39 40 41 42 43 
                return fn(*args, **kwargs)
            else:
                raise Unauthorized("This needs a valid api key.")

        return decorator

    return wrapper