|
7 | 7 | from six.moves.urllib.request import urlopen |
8 | 8 |
|
9 | 9 | from dotenv import load_dotenv, find_dotenv |
10 | | -from flask import Flask, request, jsonify, _app_ctx_stack |
| 10 | +from flask import Flask, request, jsonify, _request_ctx_stack |
11 | 11 | from flask_cors import cross_origin |
12 | 12 | from jose import jwt |
13 | 13 |
|
@@ -131,42 +131,48 @@ def decorated(*args, **kwargs): |
131 | 131 | "Unable to parse authentication" |
132 | 132 | " token."}, 400) |
133 | 133 |
|
134 | | - _app_ctx_stack.top.current_user = payload |
| 134 | + _request_ctx_stack.top.current_user = payload |
135 | 135 | return f(*args, **kwargs) |
136 | 136 | raise AuthError({"code": "invalid_header", |
137 | 137 | "description": "Unable to find appropriate key"}, 400) |
138 | 138 | return decorated |
139 | 139 |
|
140 | 140 |
|
141 | 141 | # Controllers API |
142 | | -@APP.route("/ping") |
| 142 | +@APP.route("/api/public") |
143 | 143 | @cross_origin(headers=["Content-Type", "Authorization"]) |
144 | | -def ping(): |
| 144 | +def public(): |
145 | 145 | """No access token required to access this route |
146 | 146 | """ |
147 | | - return "All good. You don't need to be authenticated to call this" |
| 147 | + response = "All good. You don't need to be authenticated to call this" |
| 148 | + return jsonify(message=response) |
148 | 149 |
|
149 | 150 |
|
150 | | -@APP.route("/secured/ping") |
| 151 | +@APP.route("/api/private") |
151 | 152 | @cross_origin(headers=["Content-Type", "Authorization"]) |
152 | 153 | @cross_origin(headers=["Access-Control-Allow-Origin", "*"]) |
153 | 154 | @requires_auth |
154 | | -def secured_ping(): |
| 155 | +def private(): |
155 | 156 | """A valid access token is required to access this route |
156 | 157 | """ |
157 | | - return "All good. You only get this message if you're authenticated" |
| 158 | + response = "All good. You only get this message if you're authenticated" |
| 159 | + return jsonify(message=response) |
158 | 160 |
|
159 | 161 |
|
160 | | -@APP.route("/secured/private/ping") |
| 162 | +@APP.route("/api/private-scoped") |
161 | 163 | @cross_origin(headers=["Content-Type", "Authorization"]) |
162 | 164 | @cross_origin(headers=["Access-Control-Allow-Origin", "*"]) |
163 | 165 | @requires_auth |
164 | | -def secured_private_ping(): |
| 166 | +def private_scoped(): |
165 | 167 | """A valid access token and an appropriate scope are required to access this route |
166 | 168 | """ |
167 | | - if requires_scope("read:agenda"): |
168 | | - return "All good. You're authenticated and the access token has the appropriate scope" |
169 | | - return "You don't have access to this resource" |
| 169 | + if requires_scope("read:messages"): |
| 170 | + response = "All good. You're authenticated and the access token has the appropriate scope" |
| 171 | + return jsonify(message=response) |
| 172 | + raise AuthError({ |
| 173 | + "code": "Anauthorized", |
| 174 | + "desciption": "You don't have access to this resource" |
| 175 | + }, 403) |
170 | 176 |
|
171 | 177 |
|
172 | 178 | if __name__ == "__main__": |
|
0 commit comments