Skip to main content

JWT plugin for bottle

Project description

pythonversions Codecov Travis

bottlejwt

JWT plugin for bottle

installation

Via pip: pip install bottlejwt

Or clone: git clone https://github.com/agalera/bottlejwt.git

example server:

import time

from bottlejwt import JwtPlugin
from bottle import Bottle, request


permissions = {"user": 0, "service": 1, "admin": 2}
jwt_secret_key = "s3cr3tk3y!!ch@ng3m3"

def validation(auth, auth_value):
    return permissions[auth["type"]] >= permissions[auth_value]

app = Bottle()
app.install(JwtPlugin(validation, jwt_secret_key, algorithm="HS512"))

@app.post("/login")
def login():
    """
    receive:
    {'client_id': 'user',
     'client_secret': 'password'
    }

    response:
    {'access_token': 'token',
     'type': 'bearer'}

    """
    # example for mongodb
    '''
    user = db.users.find_one(
        {
            "client_id": request.json["client_id"],
            "client_secret": hash_password(request.json["client_secret"]),
        },
        {"_id": False, "client_secret": False},
    )
    '''
    # Any data we consider good, implement a logic instead of doing this
    user = {
        "client_id": request.json["client_id"],
        "type": "user"
    }
    if not user:
        raise HTTPError(403, "Invalid user or password")
    user["exp"] = time.time() + 86400  # 1 day
    return {"access_token": JwtPlugin.encode(user), "type": "bearer"}

@app.get('/jwt_info', auth='user')
def jwt_info(auth):
    return auth

if __name__ == '__main__':
    app.run(host='127.0.0.1', port=9999)

Test by curl:

curl http://localhost:9988/?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Example client:

import requests

response = requests.post(
    'http://localhost:9999/login',
    json={
        'client_id': 'user',
        'client_secret': 'password'
    }
).json()

token = f"{response['type']} {response['access_token']}"

# option 1 - Headers
requests.get(
    'http://localhost:9999/jwt_info',
    headers={'Authorization': token}
)
# response
'''
{'client_id': 'user',
 'type': 'user',
 'exp': 1670421559.047136,
 'token': '...'
}
'''

# option 2 - url argument
requests.get(
    f'http://localhost:9999/jwt_info?access_token={response["access_token"]}',
)

'''
{'client_id': 'user',
 'type': 'user',
 'exp': 1670421559.047136,
 'token': '...'
}
'''

Create Token:

from bottlejwt import JwtPlugin

# is a singleton, you only need to initialize once.
# * If you did install () also work
JwtPlugin(validation, 'secret', algorithm='HS256')

print(JwtPlugin.encode({'name': 'pepito'}))

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bottlejwt-1.0.2.tar.gz (4.6 kB view details)

Uploaded Source

File details

Details for the file bottlejwt-1.0.2.tar.gz.

File metadata

  • Download URL: bottlejwt-1.0.2.tar.gz
  • Upload date:
  • Size: 4.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.12.0

File hashes

Hashes for bottlejwt-1.0.2.tar.gz
Algorithm Hash digest
SHA256 9e64d9d782d1e14bec5e82c944046cbcfc1cb6d410b7e00a0de9bb8fa444bf77
MD5 903d61bac759ba3327d479ffab8633dc
BLAKE2b-256 15502cb67b6e7787cd9ae20cab62ed6444ac8a1be984b55a389d741f007a8814

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page