def ensure_user(view_func):
"""Decorator that errors if the user is not logged in.
This is analagous to frontend.ensure_user
"""
@wraps(view_func)
def inner(*args, **kwargs):
header_name = 'X-Session-Key'
err_msg = 'A valid {0} header is required.'.format(header_name)
key = request.headers.get(header_name, '')
try:
signer = get_signer()
token = signer.unsign(key).decode('utf-8')
except (BadSignature, ValueError):
abort(403, err_msg)
user = core.user_for_token(token)
if user is None:
abort(403, err_msg)
return view_func(user, *args, **kwargs)
return inner
评论列表
文章目录