Merge pull request #15 from auth0-samples/update-python-flask-api

aaguiarz · web-flow · commit b613a2498ecc · 2017-09-15T15:58:08.000-03:00
Update python flask api
diff --git a/00-Starter-Seed/.dockerignore b/00-Starter-Seed/.dockerignore
@@ -0,0 +1,7 @@
+.env
+.env.example
+.gitignore
+README.md
+exec.sh
+exec.ps1
+Procfile
diff --git a/00-Starter-Seed/.gitignore b/00-Starter-Seed/.gitignore
@@ -1 +1,3 @@
-.env
+.env
+*.iml
+.idea
diff --git a/00-Starter-Seed/Dockerfile b/00-Starter-Seed/Dockerfile
@@ -0,0 +1,12 @@
+FROM python:3
+
+WORKDIR /home/app
+
+#If we add the requirements and install dependencies first, docker can use cache if requirements don't change
+ADD requirements.txt /home/app
+RUN pip install -r requirements.txt
+
+ADD . /home/app
+CMD python server.py
+
+EXPOSE 3001
diff --git a/00-Starter-Seed/README.md b/00-Starter-Seed/README.md
@@ -1,12 +1,19 @@
 # Auth0 + Python + Flask API Seed
-This is the seed project you need to use if you're going to create a Python + Flask API. If you just want to create a Regular Python WebApp, please check [this other seed project](https://github.com/auth0-samples/auth0-python-web-app/tree/master/00-Starter-Seed)
+This is the seed project you need to use if you're going to create a Python + Flask API.
+If you just want to create a Regular Python WebApp, please
+check [this project](https://github.com/auth0-samples/auth0-python-web-app/tree/master/01-Login)
+
+Please check our [Quickstart](https://auth0.com/docs/quickstart/backend/python) to better understand this sample.
 
 # Running the example
 In order to run the example you need to have `python` and `pip` installed.
 
-You also need to set your Auth0 Domain and the API's audience as environment variables with the following names respectively: `AUTH0_DOMAIN` and `API_ID`, which is the audience of your API. You can find an example in the `env.example` file.
+You also need to set your Auth0 Domain and the API's audience as environment variables with the following names
+respectively: `AUTH0_DOMAIN` and `API_ID`, which is the audience of your API. You can find an example in the
+`env.example` file.
 
-For that, if you just create a file named `.env` in the directory and set the values like the following, the app will just work:
+For that, if you just create a file named `.env` in the directory and set the values like the following,
+the app will just work:
 
 ```bash
 # .env file
@@ -20,4 +27,21 @@ Once you've set those 2 enviroment variables:
 2. Start the server with `python server.py`
 3. Try calling [http://localhost:3001/ping](http://localhost:3001/ping)
 
-You can then try to do a GET to [http://localhost:3001/secured/ping](http://localhost:3001/secured/ping) which will throw an error if you don't send an access token signed with RS256 with the appropriate issuer and audience in the Authorization header. You can also try to  do a GET to [http://localhost:3001/secured/private/ping](http://localhost:3001/secured/private/ping) which will throw an error if you don't send an access token with the scope `read:agenda` signed with RS256 with the appropriate issuer and audience in the Authorization header.
+# Testing the API
+
+You can then try to do a GET to [http://localhost:3001/secured/ping](http://localhost:3001/secured/ping) which will
+throw an error if you don't send an access token signed with RS256 with the appropriate issuer and audience in the
+Authorization header. 
+
+You can also try to do a GET to 
+[http://localhost:3001/secured/private/ping](http://localhost:3001/secured/private/ping) which will throw an error if
+you don't send an access token with the scope `read:agenda` signed with RS256 with the appropriate issuer and audience
+in the Authorization header.
+
+# Running the example with Docker
+
+In order to run the sample with [Docker](https://www.docker.com/) you need to add the `AUTH0_DOMAIN` and `API_ID`
+to the `.env` filed as explained [previously](#running-the-example) and then
+
+1. Execute in command line `sh exec.sh` to run the Docker in Linux, or `.\exec.ps1` to run the Docker in Windows.
+2. Try calling [http://localhost:3001/ping](http://localhost:3001/ping)
diff --git a/00-Starter-Seed/exec.ps1 b/00-Starter-Seed/exec.ps1
@@ -0,0 +1,2 @@
+docker build -t auth0-python-api .
+docker run --env-file .env -p 3001:3001 -it auth0-python-api
diff --git a/00-Starter-Seed/exec.sh b/00-Starter-Seed/exec.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+docker build -t auth0-python-api .
+docker run --env-file .env -p 3001:3001 -it auth0-python-api
diff --git a/00-Starter-Seed/requirements.txt b/00-Starter-Seed/requirements.txt
@@ -2,3 +2,4 @@ flask
 python-dotenv
 python-jose
 flask-cors
+six
diff --git a/00-Starter-Seed/server.py b/00-Starter-Seed/server.py
@@ -3,56 +3,66 @@
 
 from functools import wraps
 import json
-from os import environ as env, path
-import urllib
+from os import environ as env
+from six.moves.urllib.request import urlopen
 
-from dotenv import load_dotenv
+from dotenv import load_dotenv, find_dotenv
 from flask import Flask, request, jsonify, _app_ctx_stack
 from flask_cors import cross_origin
 from jose import jwt
 
-load_dotenv(path.join(path.dirname(__file__), ".env"))
-AUTH0_DOMAIN = env["AUTH0_DOMAIN"]
-API_AUDIENCE = env["API_ID"]
+ENV_FILE = find_dotenv()
+if ENV_FILE:
+    load_dotenv(ENV_FILE)
+AUTH0_DOMAIN = env.get("AUTH0_DOMAIN")
+API_AUDIENCE = env.get("API_ID")
 ALGORITHMS = ["RS256"]
 APP = Flask(__name__)
 
 
 # Format error response and append status code.
-def handle_error(error, status_code):
-    """Handles the errors
-    """
-    resp = jsonify(error)
-    resp.status_code = status_code
-    return resp
+class AuthError(Exception):
+    def __init__(self, error, status_code):
+        self.error = error
+        self.status_code = status_code
+
+
+@APP.errorhandler(AuthError)
+def handle_auth_error(ex):
+    response = jsonify(ex.error)
+    response.status_code = ex.status_code
+    return response
+
 
 def get_token_auth_header():
     """Obtains the access token from the Authorization Header
     """
     auth = request.headers.get("Authorization", None)
     if not auth:
-        return handle_error({"code": "authorization_header_missing",
-                             "description":
-                                 "Authorization header is expected"}, 401)
+        raise AuthError({"code": "authorization_header_missing",
+                        "description":
+                            "Authorization header is expected"}, 401)
 
     parts = auth.split()
 
     if parts[0].lower() != "bearer":
-        return handle_error({"code": "invalid_header",
-                             "description":
-                                 "Authorization header must start with"
-                                 "Bearer"}, 401)
+        raise AuthError({"code": "invalid_header",
+                        "description":
+                            "Authorization header must start with"
+                            " Bearer"}, 401)
     elif len(parts) == 1:
-        return handle_error({"code": "invalid_header",
-                             "description": "Token not found"}, 401)
+        raise AuthError({"code": "invalid_header",
+                        "description": "Token not found"}, 401)
     elif len(parts) > 2:
-        return handle_error({"code": "invalid_header",
-                             "description": "Authorization header must be"
-                                            "Bearer token"}, 401)
+        raise AuthError({"code": "invalid_header",
+                        "description":
+                            "Authorization header must be"
+                            " Bearer token"}, 401)
 
     token = parts[1]
     return token
 
+
 def requires_scope(required_scope):
     """Determines if the required scope is present in the access token
     Args:
@@ -66,24 +76,27 @@ def requires_scope(required_scope):
             return True
     return False
 
+
 def requires_auth(f):
     """Determines if the access token is valid
     """
     @wraps(f)
     def decorated(*args, **kwargs):
         token = get_token_auth_header()
-        jsonurl = urllib.urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
+        jsonurl = urlopen("https://"+AUTH0_DOMAIN+"/.well-known/jwks.json")
         jwks = json.loads(jsonurl.read())
         try:
             unverified_header = jwt.get_unverified_header(token)
         except jwt.JWTError:
-            return handle_error({"code": "invalid_header",
-                                 "description": "Invalid header. "
-                                                "Use an RS256 signed JWT Access Token"}, 401)
+            raise AuthError({"code": "invalid_header",
+                            "description":
+                                "Invalid header. "
+                                "Use an RS256 signed JWT Access Token"}, 401)
         if unverified_header["alg"] == "HS256":
-            return handle_error({"code": "invalid_header",
-                                 "description": "Invalid header. "
-                                                "Use an RS256 signed JWT Access Token"}, 401)
+            raise AuthError({"code": "invalid_header",
+                            "description":
+                                "Invalid header. "
+                                "Use an RS256 signed JWT Access Token"}, 401)
         rsa_key = {}
         for key in jwks["keys"]:
             if key["kid"] == unverified_header["kid"]:
@@ -104,23 +117,26 @@ def decorated(*args, **kwargs):
                     issuer="https://"+AUTH0_DOMAIN+"/"
                 )
             except jwt.ExpiredSignatureError:
-                return handle_error({"code": "token_expired",
-                                     "description": "token is expired"}, 401)
+                raise AuthError({"code": "token_expired",
+                                "description": "token is expired"}, 401)
             except jwt.JWTClaimsError:
-                return handle_error({"code": "invalid_claims",
-                                     "description": "incorrect claims,"
-                                                    " please check the audience and issuer"}, 401)
+                raise AuthError({"code": "invalid_claims",
+                                "description":
+                                    "incorrect claims,"
+                                    " please check the audience and issuer"}, 401)
             except Exception:
-                return handle_error({"code": "invalid_header",
-                                     "description": "Unable to parse authentication"
-                                                    " token."}, 400)
+                raise AuthError({"code": "invalid_header",
+                                "description":
+                                    "Unable to parse authentication"
+                                    " token."}, 400)
 
             _app_ctx_stack.top.current_user = payload
             return f(*args, **kwargs)
-        return handle_error({"code": "invalid_header",
-                             "description": "Unable to find appropriate key"}, 400)
+        raise AuthError({"code": "invalid_header",
+                        "description": "Unable to find appropriate key"}, 400)
     return decorated
 
+
 # Controllers API
 @APP.route("/ping")
 @cross_origin(headers=["Content-Type", "Authorization"])
@@ -139,6 +155,7 @@ def secured_ping():
     """
     return "All good. You only get this message if you're authenticated"
 
+
 @APP.route("/secured/private/ping")
 @cross_origin(headers=["Content-Type", "Authorization"])
 @cross_origin(headers=["Access-Control-Allow-Origin", "*"])

-Original file line number
+Diff line change
@@ @@ -1 +1,3 @@ @@
 -.env
 +.env
 +*.iml
 +.idea
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+docker build -t auth0-python-api .`
	`2`	`+docker run --env-file .env -p 3001:3001 -it auth0-python-api`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/usr/bin/env bash`
	`2`	`+docker build -t auth0-python-api .`
	`3`	`+docker run --env-file .env -p 3001:3001 -it auth0-python-api`