Armasec plugin for verifying subscribed user access
Project description
An Omnivector initiative
Armasec Subscriptions
This plugin for Armasec provides a means to verify that a user accessing a secured endpoint also has an active submission.
The plugin verifies an active subscription by calling an endpoint that checking that the
user embedded in the auth token is an active subscriber. To enable the plugin, you need
only install it in your project's environment and set the environment variable
ARMASEC_SUB_URL to point to an endpoint that checks the user's subscription status by
comparing the sub claim in the access token against a list of subscribed users. The
endpoint should return a 200 if the user should have access and a 404 if the
subscription could not be found.
That's it! Once installed and configured, every secure endpoint will check for a subscription.
Quickstart
- Install
armasec-subscriptions
pip install armasec-subscriptions
- Set the
ARMSEC_SUB_URLenvironment variable:
export ARMSEC_SUB_URL=https://my-api.io/sub-check
Additional Options
The Armasec Subscriptions plugin caches requests to the ARMASEC_SUB_URL for
performance reasons. The cache key is the auth token itself. By default, the requests
are cached for 15 minutes. A typical auth token's access lifespan is shorter than 15
minutes, so it's probable that the token would be expired and require a refresh before
it expires in the cache. The cache automatically removes entries that are older than
the configured "Time to live" (TTL). If you wish to change the TTL for the cache, you
may set the environment variable ARMASEC_SUB_CACHE_TTL. The expected values are
integers representing the number of seconds for which each entry should be retained.
The cache retains a maximum of ~1 million entries by default. If you wish to change the
maximum size of the cache, you may set the environment varaible ARMASEC_SUB_CACHE_MAX.
The expected values are integers representing the maximum number of entries the cache
should retain.
You may also configure the plugin to allow READ operations for all routes. To enable
this, set the ARMASEC_SUB_ALLOW_READS environment variable flag.
You may also configure the plugin to allow DELETE operations for all routes. To enable
this, set the ARMASEC_SUB_ALLOW_DELETES environment variable flag.
License
Distributed under the MIT License. See LICENSE for more information.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for armasec_subscriptions-0.1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0dea29c42ac3e4b7822a16e74a7abe89511fb7ee7391a501a9a2b3e4a66214a5 |
|
| MD5 | c0e556a94a9b456212eace18704ec1f5 |
|
| BLAKE2b-256 | db27c52da94ffbed3d34973c4724db94c9080b3334a2e8cedb9a1f398874ddd6 |
Hashes for armasec_subscriptions-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b6865de151138213777195b950e763f7b9a8df96b889eaa0b685439e92264d04 |
|
| MD5 | 533357782e96f48b838bc7e3bc88c30e |
|
| BLAKE2b-256 | ee2fe9935cf65eb431a0e3526624124218b3619b2727f1fe63efb9962c031956 |
