chore: move frest dir into src

author: Santo Cariotti <dcariotti24@gmail.com> 2020-03-20 11:11:03 +0100
committer: Santo Cariotti <dcariotti24@gmail.com> 2020-03-20 11:11:03 +0100
commit: a79bca799a5830b035df818d7e87425c25d081df (patch)
tree: 2089b30b66f0022cae889cb7739860dc143d5314 /src/frest/decorators.py
parent: 6f3c1d94a6a8858369256b63cec90d42d61706ae (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/src/frest/decorators.py b/src/frest/decorators.py
new file mode 100644
index 0000000..181b62d
--- /dev/null
+++ b/src/frest/decorators.py
@@ -0,0 +1,40 @@
+from flask import request, abort 
+from auth.models import Token
+from functools import wraps
+
+
+def check_token(f):
+    @wraps(f)
+    def inner(*args, **kwargs):
+        userid = request.url.split('/')[-1]
+        headers = request.headers
+        if not headers.get("Authentication"):
+            abort(403)
+
+        auth = request.headers.get("Authentication")
+        token = Token.query.filter_by(string=auth).first()
+        if not token:
+            abort(403)
+
+        if userid.isdigit():
+            if int(userid) != token.user.userId and not token.user.is_admin:
+                abort(403)
+
+        return f(*args, **kwargs)
+
+    return inner
+
+
+def admin_required(f):
+    @wraps(f)
+    def inner(*args, **kwargs):
+        header = request.headers
+
+        auth = request.headers.get("Authentication")
+        token = Token.query.filter_by(string=auth).first()
+        if not token.user.is_admin:
+            abort(403)
+
+        return f(*args, **kwargs)
+
+    return inner
author	Santo Cariotti <dcariotti24@gmail.com>	2020-03-20 11:11:03 +0100
committer	Santo Cariotti <dcariotti24@gmail.com>	2020-03-20 11:11:03 +0100
commit	a79bca799a5830b035df818d7e87425c25d081df (patch)
tree	2089b30b66f0022cae889cb7739860dc143d5314 /src/frest/decorators.py
parent	6f3c1d94a6a8858369256b63cec90d42d61706ae (diff)