stable/freqtrade/rpc/api_server2/api_auth.py
2021-01-03 06:46:25 +01:00

84 lines
2.9 KiB
Python

import secrets
from typing import Optional
from fastapi import APIRouter, Depends, HTTPException, Request, status
from fastapi.security.http import HTTPBasic, HTTPBasicCredentials
from fastapi.security.utils import get_authorization_scheme_param
from fastapi_jwt_auth import AuthJWT
from pydantic import BaseModel
from freqtrade.rpc.api_server2.api_models import AccessAndRefreshToken, AccessToken
from .deps import get_config
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
router_login = APIRouter()
class Settings(BaseModel):
# TODO: should be set as config['api_server'].get('jwt_secret_key', 'super-secret')
authjwt_secret_key: str = "secret"
@AuthJWT.load_config
def get_jwt_config():
return Settings()
def verify_auth(config, username: str, password: str):
return (secrets.compare_digest(username, config['api_server'].get('username')) and
secrets.compare_digest(password, config['api_server'].get('password')))
class HTTPBasicOrJWTToken(HTTPBasic):
description = "Token Or Pass auth"
async def __call__(self, request: Request, config=Depends(get_config) # type: ignore
) -> Optional[str]:
header_authorization: str = request.headers.get("Authorization")
header_scheme, header_param = get_authorization_scheme_param(header_authorization)
if header_scheme.lower() == 'bearer':
AuthJWT(request).jwt_required()
elif header_scheme.lower() == 'basic':
credentials: Optional[HTTPBasicCredentials] = await HTTPBasic()(request)
if credentials and verify_auth(config, credentials.username, credentials.password):
return credentials.username
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
)
@router_login.post('/token/login', response_model=AccessAndRefreshToken)
def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()), config=Depends(get_config)):
print(form_data)
Authorize = AuthJWT()
if verify_auth(config, form_data.username, form_data.password):
token_data = form_data.username
access_token = Authorize.create_access_token(subject=token_data)
refresh_token = Authorize.create_refresh_token(subject=token_data)
return {
"access_token": access_token,
"refresh_token": refresh_token,
}
else:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Basic"},
)
@router_login.post('/token/refresh', response_model=AccessToken)
def token_refresh(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
access_token = Authorize.create_access_token(subject=Authorize.get_jwt_subject())
return {'access_token': access_token}