-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauth.py
41 lines (36 loc) · 1.58 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# auth.py
from flask import request, jsonify
from warrant import Cognito
from warrant.exceptions import TokenVerificationException
from functools import wraps
from dotenv import load_dotenv
import os
# AWS cognito account info imported from .env
load_dotenv('.api_env')
REGION = os.environ.get('REGION')
USERPOOL_ID = os.environ.get('USERPOOL_ID')
APP_CLIENT_ID = os.environ.get('APP_CLIENT_ID')
APP_CLIENT_SECRET = os.environ.get('APP_CLIENT_SECRET')
# Object (from warrant module) used to verify access tokens.
cognito_helper = Cognito(USERPOOL_ID, APP_CLIENT_ID, client_secret=APP_CLIENT_SECRET)
# This decorator only returns the decorated function if it has a valid
# access token. Otherwise, it will return json with the reason for rejection.
def required(f):
@wraps(f)
def wrapped(*args, **kwargs):
headers = request.headers
try:
auth_header = headers['Authorization']
access_token = auth_header.split()[-1]
cognito_helper.verify_token(access_token, 'access_token', 'access')
print("Token successfully verified")
return f(*args, **kwargs)
# In case there's no authorization header.
except KeyError:
print('KeyError: No authorization header value present.')
return jsonify({"error":"No authorization header present."})
# In case the token doesn't verify.
except TokenVerificationException:
print('TokenVerificationException: access token could not be verified.')
return jsonify({"error":"Access token could not be verified."})
return wrapped