84 lines
2.9 KiB
Python
84 lines
2.9 KiB
Python
import secrets
|
|
from typing import Optional
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request, status
|
|
from fastapi.security.http import HTTPBasic, HTTPBasicCredentials
|
|
from fastapi.security.utils import get_authorization_scheme_param
|
|
from fastapi_jwt_auth import AuthJWT
|
|
from pydantic import BaseModel
|
|
|
|
from freqtrade.rpc.api_server2.api_models import AccessAndRefreshToken, AccessToken
|
|
|
|
from .deps import get_config
|
|
|
|
|
|
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
|
|
ALGORITHM = "HS256"
|
|
ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
|
|
|
router_login = APIRouter()
|
|
|
|
|
|
class Settings(BaseModel):
|
|
# TODO: should be set as config['api_server'].get('jwt_secret_key', 'super-secret')
|
|
authjwt_secret_key: str = "secret"
|
|
|
|
|
|
@AuthJWT.load_config
|
|
def get_jwt_config():
|
|
return Settings()
|
|
|
|
|
|
def verify_auth(config, username: str, password: str):
|
|
return (secrets.compare_digest(username, config['api_server'].get('username')) and
|
|
secrets.compare_digest(password, config['api_server'].get('password')))
|
|
|
|
|
|
class HTTPBasicOrJWTToken(HTTPBasic):
|
|
description = "Token Or Pass auth"
|
|
|
|
async def __call__(self, request: Request, config=Depends(get_config) # type: ignore
|
|
) -> Optional[str]:
|
|
header_authorization: str = request.headers.get("Authorization")
|
|
header_scheme, header_param = get_authorization_scheme_param(header_authorization)
|
|
if header_scheme.lower() == 'bearer':
|
|
AuthJWT(request).jwt_required()
|
|
elif header_scheme.lower() == 'basic':
|
|
credentials: Optional[HTTPBasicCredentials] = await HTTPBasic()(request)
|
|
if credentials and verify_auth(config, credentials.username, credentials.password):
|
|
return credentials.username
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
)
|
|
|
|
|
|
@router_login.post('/token/login', response_model=AccessAndRefreshToken)
|
|
def token_login(form_data: HTTPBasicCredentials = Depends(HTTPBasic()), config=Depends(get_config)):
|
|
|
|
print(form_data)
|
|
Authorize = AuthJWT()
|
|
|
|
if verify_auth(config, form_data.username, form_data.password):
|
|
token_data = form_data.username
|
|
access_token = Authorize.create_access_token(subject=token_data)
|
|
refresh_token = Authorize.create_refresh_token(subject=token_data)
|
|
return {
|
|
"access_token": access_token,
|
|
"refresh_token": refresh_token,
|
|
}
|
|
else:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Incorrect username or password",
|
|
headers={"WWW-Authenticate": "Basic"},
|
|
)
|
|
|
|
|
|
@router_login.post('/token/refresh', response_model=AccessToken)
|
|
def token_refresh(Authorize: AuthJWT = Depends()):
|
|
Authorize.jwt_refresh_token_required()
|
|
|
|
access_token = Authorize.create_access_token(subject=Authorize.get_jwt_subject())
|
|
return {'access_token': access_token}
|