1 files changed, 31 insertions, 0 deletions

diff --git a/animism-align/cli/app/utils/auth_utils.py b/animism-align/cli/app/utils/auth_utils.py
new file mode 100644
index 0000000..71974e3
--- /dev/null
+++ b/animism-align/cli/app/utils/auth_utils.py
@@ -0,0 +1,31 @@
+from flask_jwt import JWT
+
+import hmac
+import hashlib
+from app.settings import app_cfg
+
+from app.sql.common import db, Session, User
+
+def encrypt_password(cleartext):
+  clearbytes = bytearray()
+  clearbytes.extend(map(ord, cleartext))
+  return hmac.new(app_cfg.TOKEN_SECRET_BYTES, clearbytes, hashlib.sha256).hexdigest()
+
+def authenticate(username, password):
+  session = Session()
+  password = encrypt_password(password)
+  user = session.query(User).filter(User.username == username).first()
+  session.close()
+  if user and hmac.compare_digest(user.password.encode('utf-8'), password.encode('utf-8')):
+    return user
+  return None
+
+def identity(payload):
+  session = Session()
+  user_id = payload['identity']
+  user = session.query(User).get(user_id)
+  session.close()
+  return user
+
+def setup_jwt(app):
+  return JWT(app, authenticate, identity)