add type hints

Author: hf-kklein

00-Starter-Seed/server.py

@@ -4,10 +4,12 @@
 from functools import wraps
 import json
 from os import environ as env
+from typing import Dict
+
 from six.moves.urllib.request import urlopen
 
 from dotenv import load_dotenv, find_dotenv
-from flask import Flask, request, jsonify, _request_ctx_stack
+from flask import Flask, request, jsonify, _request_ctx_stack, Response
 from flask_cors import cross_origin
 from jose import jwt
 
@@ -22,48 +24,48 @@
 
 # Format error response and append status code.
 class AuthError(Exception):
-    def __init__(self, error, status_code):
+    def __init__(self, error: Dict[str, str], status_code: int):
         self.error = error
         self.status_code = status_code
 
 
 @APP.errorhandler(AuthError)
-def handle_auth_error(ex):
+def handle_auth_error(ex: AuthError) -> Response:
     response = jsonify(ex.error)
     response.status_code = ex.status_code
     return response
 
 
-def get_token_auth_header():
+def get_token_auth_header() -> str:
     """Obtains the access token from the Authorization Header
     """
     auth = request.headers.get("Authorization", None)
     if not auth:
         raise AuthError({"code": "authorization_header_missing",
-                        "description":
-                            "Authorization header is expected"}, 401)
+                         "description":
+                             "Authorization header is expected"}, 401)
 
     parts = auth.split()
 
     if parts[0].lower() != "bearer":
         raise AuthError({"code": "invalid_header",
-                        "description":
-                            "Authorization header must start with"
-                            " Bearer"}, 401)
+                         "description":
+                             "Authorization header must start with"
+                             " Bearer"}, 401)
     elif len(parts) == 1:
         raise AuthError({"code": "invalid_header",
-                        "description": "Token not found"}, 401)
+                         "description": "Token not found"}, 401)
     elif len(parts) > 2:
         raise AuthError({"code": "invalid_header",
-                        "description":
-                            "Authorization header must be"
-                            " Bearer token"}, 401)
+                         "description":
+                             "Authorization header must be"
+                             " Bearer token"}, 401)
 
     token = parts[1]
     return token
 
 
-def requires_scope(required_scope):
+def requires_scope(required_scope: str) -> bool:
     """Determines if the required scope is present in the access token
     Args:
         required_scope (str): The scope required to access the resource
@@ -81,23 +83,24 @@ def requires_scope(required_scope):
 def requires_auth(f):
     """Determines if the access token is valid
     """
+
     @wraps(f)
     def decorated(*args, **kwargs):
         token = get_token_auth_header()
-        jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
+        jsonurl = urlopen("https://" + AUTH0_DOMAIN + "/.well-known/jwks.json")
         jwks = json.loads(jsonurl.read())
         try:
             unverified_header = jwt.get_unverified_header(token)
         except jwt.JWTError:
             raise AuthError({"code": "invalid_header",
-                            "description":
-                                "Invalid header. "
-                                "Use an RS256 signed JWT Access Token"}, 401)
+                             "description":
+                                 "Invalid header. "
+                                 "Use an RS256 signed JWT Access Token"}, 401)
         if unverified_header["alg"] == "HS256":
             raise AuthError({"code": "invalid_header",
-                            "description":
-                                "Invalid header. "
-                                "Use an RS256 signed JWT Access Token"}, 401)
+                             "description":
+                                 "Invalid header. "
+                                 "Use an RS256 signed JWT Access Token"}, 401)
         rsa_key = {}
         for key in jwks["keys"]:
             if key["kid"] == unverified_header["kid"]:
@@ -115,26 +118,27 @@ def decorated(*args, **kwargs):
                     rsa_key,
                     algorithms=ALGORITHMS,
                     audience=API_IDENTIFIER,
-                    issuer="https://"+AUTH0_DOMAIN+"/"
+                    issuer="https://" + AUTH0_DOMAIN + "/"
                 )
             except jwt.ExpiredSignatureError:
                 raise AuthError({"code": "token_expired",
-                                "description": "token is expired"}, 401)
+                                 "description": "token is expired"}, 401)
             except jwt.JWTClaimsError:
                 raise AuthError({"code": "invalid_claims",
-                                "description":
-                                    "incorrect claims,"
-                                    " please check the audience and issuer"}, 401)
+                                 "description":
+                                     "incorrect claims,"
+                                     " please check the audience and issuer"}, 401)
             except Exception:
                 raise AuthError({"code": "invalid_header",
-                                "description":
-                                    "Unable to parse authentication"
-                                    " token."}, 401)
+                                 "description":
+                                     "Unable to parse authentication"
+                                     " token."}, 401)
 
             _request_ctx_stack.top.current_user = payload
             return f(*args, **kwargs)
         raise AuthError({"code": "invalid_header",
-                        "description": "Unable to find appropriate key"}, 401)
+                         "description": "Unable to find appropriate key"}, 401)
+
     return decorated