JWT plugin for bottle

These details have not been verified by PyPI

Project links

Homepage

Project description

bottlejwt

JWT plugin for bottle

installation

Via pip: pip install bottlejwt

Or clone: git clone https://github.com/agalera/bottlejwt.git

example server:

import time

from bottlejwt import JwtPlugin
from bottle import Bottle, request


permissions = {"user": 0, "service": 1, "admin": 2}
jwt_secret_key = "s3cr3tk3y!!ch@ng3m3"

def validation(auth, auth_value):
    return permissions[auth["type"]] >= permissions[auth_value]

app = Bottle()
app.install(JwtPlugin(validation, jwt_secret_key, algorithm="HS512"))

@app.post("/login")
def login():
    """
    receive:
    {'client_id': 'user',
     'client_secret': 'password'
    }

    response:
    {'access_token': 'token',
     'type': 'bearer'}

    """
    # example for mongodb
    '''
    user = db.users.find_one(
        {
            "client_id": request.json["client_id"],
            "client_secret": hash_password(request.json["client_secret"]),
        },
        {"_id": False, "client_secret": False},
    )
    '''
    # Any data we consider good, implement a logic instead of doing this
    user = {
        "client_id": request.json["client_id"],
        "type": "user"
    }
    if not user:
        raise HTTPError(403, "Invalid user or password")
    user["exp"] = time.time() + 86400  # 1 day
    return {"access_token": JwtPlugin.encode(user), "type": "bearer"}

@app.get('/jwt_info', auth='user')
def jwt_info(auth):
    return auth

if __name__ == '__main__':
    app.run(host='127.0.0.1', port=9999)

Test by curl:

curl http://localhost:9988/?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Example client:

import requests

response = requests.post(
    'http://localhost:9999/login',
    json={
        'client_id': 'user',
        'client_secret': 'password'
    }
).json()

token = f"{response['type']} {response['access_token']}"

# option 1 - Headers
requests.get(
    'http://localhost:9999/jwt_info',
    headers={'Authorization': token}
)
# response
'''
{'client_id': 'user',
 'type': 'user',
 'exp': 1670421559.047136,
 'token': '...'
}
'''

# option 2 - url argument
requests.get(
    f'http://localhost:9999/jwt_info?access_token={response["access_token"]}',
)

'''
{'client_id': 'user',
 'type': 'user',
 'exp': 1670421559.047136,
 'token': '...'
}
'''

Create Token:

from bottlejwt import JwtPlugin

# is a singleton, you only need to initialize once.
# * If you did install () also work
JwtPlugin(validation, 'secret', algorithm='HS256')

print(JwtPlugin.encode({'name': 'pepito'}))

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.0.2

Dec 13, 2023

1.0.1

May 31, 2022

1.0.0

Oct 19, 2021

0.0.15

Apr 6, 2021

0.0.14

Apr 19, 2018

0.0.13

Jan 11, 2017

0.0.12

Jan 6, 2017

0.0.11

Jan 5, 2017

0.0.10

Jan 5, 2017

0.0.9

Jan 5, 2017

0.0.8

Jan 4, 2017

0.0.7

Jan 4, 2017

0.0.6

Jan 1, 2017

0.0.5

Dec 7, 2016

0.0.4

Nov 28, 2016

0.0.3

Sep 26, 2016

0.0.2

Sep 26, 2016

0.0.1

Sep 26, 2016

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bottlejwt-1.0.2.tar.gz (4.6 kB view hashes)

Uploaded Dec 13, 2023 Source

Hashes for bottlejwt-1.0.2.tar.gz

Hashes for bottlejwt-1.0.2.tar.gz
Algorithm	Hash digest
SHA256	`9e64d9d782d1e14bec5e82c944046cbcfc1cb6d410b7e00a0de9bb8fa444bf77`
MD5	`903d61bac759ba3327d479ffab8633dc`
BLAKE2b-256	`15502cb67b6e7787cd9ae20cab62ed6444ac8a1be984b55a389d741f007a8814`