Skip to main content

Armasec plugin for verifying subscribed user access

Project description

Build Status

Python Versions PyPI Versions License

An Omnivector initiative

omnivector-logo

Armasec Subscriptions

This plugin for Armasec provides a means to verify that a user accessing a secured endpoint also has an active submission.

The plugin verifies an active subscription by calling an endpoint that checking that the user embedded in the auth token is an active subscriber. To enable the plugin, you need only install it in your project's environment and set the environment variable ARMASEC_SUB_URL to point to an endpoint that checks the user's subscription status by comparing the sub claim in the access token against a list of subscribed users. The endpoint should return a 200 if the user should have access and a 404 if the subscription could not be found.

That's it! Once installed and configured, every secure endpoint will check for a subscription.

Quickstart

  1. Install armasec-subscriptions
pip install armasec-subscriptions
  1. Set the ARMSEC_SUB_URL environment variable:
export ARMSEC_SUB_URL=https://my-api.io/sub-check

Additional Options

The Armasec Subscriptions plugin caches requests to the ARMASEC_SUB_URL for performance reasons. The cache key is the auth token itself. By default, the requests are cached for 15 minutes. A typical auth token's access lifespan is shorter than 15 minutes, so it's probable that the token would be expired and require a refresh before it expires in the cache. The cache automatically removes entries that are older than the configured "Time to live" (TTL). If you wish to change the TTL for the cache, you may set the environment variable ARMASEC_SUB_CACHE_TTL. The expected values are integers representing the number of seconds for which each entry should be retained.

The cache retains a maximum of ~1 million entries by default. If you wish to change the maximum size of the cache, you may set the environment varaible ARMASEC_SUB_CACHE_MAX. The expected values are integers representing the maximum number of entries the cache should retain.

You may also configure the plugin to allow READ operations for all routes. To enable this, set the ARMASEC_SUB_ALLOW_READS environment variable flag.

You may also configure the plugin to allow DELETE operations for all routes. To enable this, set the ARMASEC_SUB_ALLOW_DELETES environment variable flag.

License

Distributed under the MIT License. See LICENSE for more information.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

armasec_subscriptions-0.1.0.tar.gz (4.2 kB view details)

Uploaded Source

Built Distribution

armasec_subscriptions-0.1.0-py3-none-any.whl (4.9 kB view details)

Uploaded Python 3

File details

Details for the file armasec_subscriptions-0.1.0.tar.gz.

File metadata

  • Download URL: armasec_subscriptions-0.1.0.tar.gz
  • Upload date:
  • Size: 4.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.2 CPython/3.8.17 Linux/6.5.0-1017-azure

File hashes

Hashes for armasec_subscriptions-0.1.0.tar.gz
Algorithm Hash digest
SHA256 0dea29c42ac3e4b7822a16e74a7abe89511fb7ee7391a501a9a2b3e4a66214a5
MD5 c0e556a94a9b456212eace18704ec1f5
BLAKE2b-256 db27c52da94ffbed3d34973c4724db94c9080b3334a2e8cedb9a1f398874ddd6

See more details on using hashes here.

File details

Details for the file armasec_subscriptions-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for armasec_subscriptions-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b6865de151138213777195b950e763f7b9a8df96b889eaa0b685439e92264d04
MD5 533357782e96f48b838bc7e3bc88c30e
BLAKE2b-256 ee2fe9935cf65eb431a0e3526624124218b3619b2727f1fe63efb9962c031956

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page