Skip to content
Snippets Groups Projects

addded security for platform kpi

Merged Mohd Asad Shaikh requested to merge gcptokenverrification into master
+ 15
20
@@ -9,39 +9,34 @@ import datetime
# from datetime import datetime, timedelta
import json
import bcrypt
import requests
auth_api = Blueprint('auth_api', __name__)
# decorator for verifying the JWT
def token_required(f):
@wraps(f)
def decorated(*args, **kwargs):
token = None
# jwt is passed in the request header
if 'x-access-token' in request.headers:
token = request.headers['x-access-token']
# return 401 if token is not passed
if 'Authorization' in request.headers:
token = request.headers['Authorization']
# return 401 if token is not passed
if not token:
return jsonify({'message' : 'Token is missing'}), 401
try:
# decoding the payload to fetch the stored details
data = jwt.decode(token, Auth['secretekey'])
except jwt.exceptions.ExpiredSignatureError:
# print("Token expired. Get new one")
return jsonify({
'message' : 'Token expired.'
}), 401
except:
return jsonify({
'message' : 'Token is invalid'
}), 401
# returns the current logged in users contex to the routes
token_fetch_url=f"https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={token}"
res= requests.get(token_fetch_url,verify=False)
if not res.ok:
return res.json(),res.status_code
except Exception as e:
return {'error': str(e)},500
return f(*args, **kwargs)
return decorated
Loading