stable/freqtrade/rpc/api_server2/api_auth.py

import secrets
from typing import Optional

from fastapi import APIRouter, Depends, HTTPException, Request, status
from fastapi.security.http import HTTPBasic, HTTPBasicCredentials
from fastapi.security.utils import get_authorization_scheme_param
from fastapi_jwt_auth import AuthJWT
from pydantic import BaseModel

from freqtrade.rpc.api_server2.api_models import AccessAndRefreshToken, AccessToken

from .deps import get_config


SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30

router_login = APIRouter()


class Settings(BaseModel):
    # TODO: should be set as config['api_server'].get('jwt_secret_key', 'super-secret')
    authjwt_secret_key: str = "secret"


@AuthJWT.load_config
def get_jwt_config():
    return Settings()


def verify_auth(config, username: str, password: str):
    return (secrets.compare_digest(username, config['api_server'].get('username')) and
            secrets.compare_digest(password, config['api_server'].get('password')))


class HTTPBasicOrJWTToken(HTTPBasic):
    description = "Token Or Pass auth"

    async def __call__(self, request: Request, config=Depends(get_config)  # type: ignore
                       ) -> Optional[str]:
        header_authorization: str = request.headers.get("Authorization")
        header_scheme, header_param = get_authorization_scheme_param(header_authorization)
        if header_scheme.lower() == 'bearer':
            AuthJWT(request).jwt_required()
        elif header_scheme.lower() == 'basic':
            credentials: Optional[HTTPBasicCredentials] = await HTTPBasic()(request)
            if credentials and verify_auth(config, credentials.username, credentials.password):
                return credentials.username
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
        )


@router_login.post('/token/login', response_model=AccessAndRefreshToken)
def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()), config=Depends(get_config)):

    print(form_data)
    Authorize = AuthJWT()

    if verify_auth(config, form_data.username, form_data.password):
        token_data = form_data.username
        access_token = Authorize.create_access_token(subject=token_data)
        refresh_token = Authorize.create_refresh_token(subject=token_data)
        return {
            "access_token": access_token,
            "refresh_token": refresh_token,
        }
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Basic"},
        )


@router_login.post('/token/refresh', response_model=AccessToken)
def token_refresh(Authorize: AuthJWT = Depends()):
    Authorize.jwt_refresh_token_required()

    access_token = Authorize.create_access_token(subject=Authorize.get_jwt_subject())
    return {'access_token': access_token}
Implement auth in fastapi 2020-12-25 14:50:19 +00:00			`import secrets`
			`from typing import Optional`

			`from fastapi import APIRouter, Depends, HTTPException, Request, status`
			`from fastapi.security.http import HTTPBasic, HTTPBasicCredentials`
			`from fastapi.security.utils import get_authorization_scheme_param`
			`from fastapi_jwt_auth import AuthJWT`
			`from pydantic import BaseModel`

Move models to apimodels 2020-12-25 19:07:12 +00:00			`from freqtrade.rpc.api_server2.api_models import AccessAndRefreshToken, AccessToken`

Implement auth in fastapi 2020-12-25 14:50:19 +00:00			`from .deps import get_config`


			`SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"`
			`ALGORITHM = "HS256"`
			`ACCESS_TOKEN_EXPIRE_MINUTES = 30`

			`router_login = APIRouter()`


			`class Settings(BaseModel):`
			`# TODO: should be set as config['api_server'].get('jwt_secret_key', 'super-secret')`
			`authjwt_secret_key: str = "secret"`


			`@AuthJWT.load_config`
			`def get_jwt_config():`
			`return Settings()`


			`def verify_auth(config, username: str, password: str):`
			`return (secrets.compare_digest(username, config['api_server'].get('username')) and`
			`secrets.compare_digest(password, config['api_server'].get('password')))`


			`class HTTPBasicOrJWTToken(HTTPBasic):`
			`description = "Token Or Pass auth"`

			`async def __call__(self, request: Request, config=Depends(get_config) # type: ignore`
			`) -> Optional[str]:`
			`header_authorization: str = request.headers.get("Authorization")`
			`header_scheme, header_param = get_authorization_scheme_param(header_authorization)`
			`if header_scheme.lower() == 'bearer':`
Move models to apimodels 2020-12-25 19:07:12 +00:00			`AuthJWT(request).jwt_required()`
Implement auth in fastapi 2020-12-25 14:50:19 +00:00			`elif header_scheme.lower() == 'basic':`
			`credentials: Optional[HTTPBasicCredentials] = await HTTPBasic()(request)`
			`if credentials and verify_auth(config, credentials.username, credentials.password):`
			`return credentials.username`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Incorrect username or password",`
			`)`


			`@router_login.post('/token/login', response_model=AccessAndRefreshToken)`
			`def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()), config=Depends(get_config)):`

			`print(form_data)`
			`Authorize = AuthJWT()`

			`if verify_auth(config, form_data.username, form_data.password):`
			`token_data = form_data.username`
			`access_token = Authorize.create_access_token(subject=token_data)`
			`refresh_token = Authorize.create_refresh_token(subject=token_data)`
			`return {`
			`"access_token": access_token,`
			`"refresh_token": refresh_token,`
			`}`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail="Incorrect username or password",`
			`headers={"WWW-Authenticate": "Basic"},`
			`)`


			`@router_login.post('/token/refresh', response_model=AccessToken)`
			`def token_refresh(Authorize: AuthJWT = Depends()):`
			`Authorize.jwt_refresh_token_required()`

			`access_token = Authorize.create_access_token(subject=Authorize.get_jwt_subject())`
			`return {'access_token': access_token}`