search

mrevutskyi / flask-restless-ng

A Flask extension for creating simple ReSTful JSON APIs from SQLAlchemy models.
https://flask-restless-ng.readthedocs.io
Other
64 stars 11 forks source link

Accept API Key in Preprocessing #3

Closed skoeb closed 3 years ago

skoeb commented 3 years ago

Hello, thank you for the continued work on this package, it's fitting my need perfectly.

I'm trying to do basic user authentication using some pre-assigned API Keys.

How should the user pass this with their request? (as a header, or the 'auth' keyword in python's requests library?)

Could you give me some advice as to implementing a preprocessor (or other method) to verify that the key passed by the user is in a list?

Thanks!

mrevutskyi commented 3 years ago

Hi,

yes you can pass auth token as a header (I haven't used requests's auth, so can't advice on that)

Then your preprocessor will look something like:

TOKEN_HEADER_NAME = 'authToken'

def token_auth(**kwargs):
    if TOKEN_HEADER_NAME not in request.headers:
         raise ProcessingException(status=401, code="auth", title="Unauthorized", detail="You must be logged in to perform this action.")
    if not is_token_valid(request.headers[TOKEN_HEADER_NAME]):
         raise ProcessingException(status=401, code="auth", title="Invalid token", detail="Your Auth token is invalid.")
skoeb commented 3 years ago

Thanks! this worked great.