TEMP: flask-security basic setup
This commit is contained in:
parent
4321bfafb4
commit
c7b212d3b6
|
@ -7,7 +7,16 @@ from typing import Iterable, Type
|
||||||
import flask_restful
|
import flask_restful
|
||||||
from flask import Flask, Response, jsonify, send_from_directory
|
from flask import Flask, Response, jsonify, send_from_directory
|
||||||
from flask_login import LoginManager, UserMixin, login_required, logout_user
|
from flask_login import LoginManager, UserMixin, login_required, logout_user
|
||||||
from mongoengine import Document, StringField
|
from flask_mongoengine import MongoEngine
|
||||||
|
from flask_security import MongoEngineUserDatastore, RoleMixin, Security
|
||||||
|
from mongoengine import (
|
||||||
|
BooleanField,
|
||||||
|
DateTimeField,
|
||||||
|
Document,
|
||||||
|
ListField,
|
||||||
|
ReferenceField,
|
||||||
|
StringField,
|
||||||
|
)
|
||||||
from werkzeug.exceptions import NotFound
|
from werkzeug.exceptions import NotFound
|
||||||
|
|
||||||
from common import DIContainer
|
from common import DIContainer
|
||||||
|
@ -86,6 +95,7 @@ def serve_home():
|
||||||
def init_app_config(app, mongo_url):
|
def init_app_config(app, mongo_url):
|
||||||
app.config["MONGO_URI"] = mongo_url
|
app.config["MONGO_URI"] = mongo_url
|
||||||
|
|
||||||
|
# Used for signing session tokens
|
||||||
app.secret_key = str(uuid.uuid4())
|
app.secret_key = str(uuid.uuid4())
|
||||||
|
|
||||||
# By default, Flask sorts keys of JSON objects alphabetically.
|
# By default, Flask sorts keys of JSON objects alphabetically.
|
||||||
|
@ -100,29 +110,46 @@ def init_app_config(app, mongo_url):
|
||||||
app.url_map.strict_slashes = False
|
app.url_map.strict_slashes = False
|
||||||
app.json_encoder = CustomJSONEncoder
|
app.json_encoder = CustomJSONEncoder
|
||||||
|
|
||||||
|
# flask security configuration
|
||||||
# TODO move
|
# generated using: secrets.token_urlsafe()
|
||||||
class User(Document, UserMixin):
|
app.config["SECRET_KEY"] = "pf9Wkove4IKEAXvy-cQkeDPhv9Cb3Ag-wyJILbq_dFw"
|
||||||
username = StringField()
|
# argon2 uses double hashing by default - so provide key.
|
||||||
password_hash = StringField()
|
# For python3: secrets.SystemRandom().getrandbits(128)
|
||||||
|
app.config["SECURITY_PASSWORD_SALT"] = "146585145368132386173505678016728509634"
|
||||||
@staticmethod
|
|
||||||
def get_by_id(id: str):
|
|
||||||
return User.objects.get(id=id)
|
|
||||||
|
|
||||||
|
|
||||||
def init_app_services(app):
|
def init_app_services(app):
|
||||||
login_manager = LoginManager()
|
|
||||||
login_manager.init_app(app)
|
|
||||||
login_manager.session_protection = "strong"
|
|
||||||
mongo.init_app(app)
|
mongo.init_app(app)
|
||||||
|
|
||||||
|
db = MongoEngine()
|
||||||
|
app.config["MONGODB_SETTINGS"] = [
|
||||||
|
{
|
||||||
|
"db": "monkeyisland",
|
||||||
|
"host": "localhost",
|
||||||
|
"port": 27017,
|
||||||
|
"alias": "flask-security",
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
class Role(Document, RoleMixin):
|
||||||
|
name = StringField(max_length=80, unique=True)
|
||||||
|
description = StringField(max_length=255)
|
||||||
|
permissions = StringField(max_length=255)
|
||||||
|
|
||||||
|
class User(Document, UserMixin):
|
||||||
|
email = StringField(max_length=255, unique=True)
|
||||||
|
password = StringField(max_length=255)
|
||||||
|
active = BooleanField(default=True)
|
||||||
|
fs_uniquifier = StringField(max_length=64, unique=True)
|
||||||
|
confirmed_at = DateTimeField()
|
||||||
|
roles = ListField(ReferenceField(Role), default=[])
|
||||||
|
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
database.init()
|
database.init()
|
||||||
|
|
||||||
@login_manager.user_loader
|
# Setup Flask-Security
|
||||||
def load_user(user_id):
|
user_datastore = MongoEngineUserDatastore(db, User, Role)
|
||||||
return User.get_by_id(user_id)
|
security = Security(app, user_datastore)
|
||||||
|
|
||||||
|
|
||||||
def init_app_url_rules(app):
|
def init_app_url_rules(app):
|
||||||
|
|
Loading…
Reference in New Issue