def check_auth(self):
auth = request.headers.get('Authorization', None)
message = ''
if not auth:
abort(401, message = 'Authorization header is expected')
parts = auth.split()
if parts[0].lower() != 'bearer':
message = 'Authorization header must start with Bearer'
elif len(parts) == 1:
message = 'Token not found'
elif len(parts) > 2:
message = 'Authorization header must be Bearer + \s + token'
if message:
abort(401, message = message)
token = parts[1]
try:
payload = jwt.decode(
token,
Security.get_jwt_skey(),
algorithms = ['HS256']
)
except jwt.ExpiredSignature:
message = 'token is expired'
except jwt.InvalidAudienceError:
message = 'incorrect audience'
except jwt.DecodeError:
message = 'token signature is invalid'
if message:
abort(401, message = message)
self.logger.debug('Access granted for %s!' % payload['user']['login'])
return payload
评论列表
文章目录
