auth stuff. generate secret and create user from the cli

author: Jules Laplace <julescarbon@gmail.com> 2021-03-05 18:08:17 +0100
committer: Jules Laplace <julescarbon@gmail.com> 2021-03-05 18:08:17 +0100
commit: d5b6a4ea27f8c905e613363aab365066ad6d9cda (patch)
tree: 7cbb6a3a94cb9079800023d0bf06f7bd1b1bc55c /animism-align/cli/app/utils/auth_utils.py
parent: 9893a6e30f8fdbb95fc7066db851579e2a9bfe69 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/animism-align/cli/app/utils/auth_utils.py b/animism-align/cli/app/utils/auth_utils.py
new file mode 100644
index 0000000..71974e3
--- /dev/null
+++ b/animism-align/cli/app/utils/auth_utils.py
@@ -0,0 +1,31 @@
+from flask_jwt import JWT
+
+import hmac
+import hashlib
+from app.settings import app_cfg
+
+from app.sql.common import db, Session, User
+
+def encrypt_password(cleartext):
+  clearbytes = bytearray()
+  clearbytes.extend(map(ord, cleartext))
+  return hmac.new(app_cfg.TOKEN_SECRET_BYTES, clearbytes, hashlib.sha256).hexdigest()
+
+def authenticate(username, password):
+  session = Session()
+  password = encrypt_password(password)
+  user = session.query(User).filter(User.username == username).first()
+  session.close()
+  if user and hmac.compare_digest(user.password.encode('utf-8'), password.encode('utf-8')):
+    return user
+  return None
+
+def identity(payload):
+  session = Session()
+  user_id = payload['identity']
+  user = session.query(User).get(user_id)
+  session.close()
+  return user
+
+def setup_jwt(app):
+  return JWT(app, authenticate, identity)
author	Jules Laplace <julescarbon@gmail.com>	2021-03-05 18:08:17 +0100
committer	Jules Laplace <julescarbon@gmail.com>	2021-03-05 18:08:17 +0100
commit	d5b6a4ea27f8c905e613363aab365066ad6d9cda (patch)
tree	7cbb6a3a94cb9079800023d0bf06f7bd1b1bc55c /animism-align/cli/app/utils/auth_utils.py
parent	9893a6e30f8fdbb95fc7066db851579e2a9bfe69 (diff)