Skip to content

Commit

Permalink
CORS support
Browse files Browse the repository at this point in the history
 - added CORS support in main-module
 - login route now uses POST verbe only
 - README updates

Signed-off-by: Veljko Tekelerović <[email protected]>
  • Loading branch information
vexy committed Mar 29, 2020
2 parents deaaf32 + 5f7def9 commit 292b682
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 6 deletions.
8 changes: 6 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
This repository represents the source code template for micro webserver that provides authentication gate for your protected resources.

It is written in `Python` using `Flask` framework and relies on `JWT` authentication mechanism.
Some of the provided strategies are to basic/simple for **serious**, production level webserver. Use this template as starting point for more complex projects and requirements.
Some of the provided strategies are to basic/simple for **serious**, production level webserver.
Use this template as starting point for more complex projects and requirements.

### JWT based
`JSON Web Tokens` - or [JWT](https://jwt.io/) in short - is the foundation authentication principle used in this template.
Expand All @@ -18,9 +19,12 @@ Template is designed to support modular structure. Main application modules are
### Different authentication strategies
Presented here is basic HTTP AUTHENTICATION through Authentication field. Note there are **way secure** authentication mechanisms, such as `OAuth`.

#### CORS setup
For the sake of simplicity, CORS has been enabled completely. Server will accept all origins no matter where the request comes from. Check and/or modify `@app.after_request` directive to further customise desired behaviour (lines [20-24](https://github.com/vexy/flask-auth-template/blob/master/main-module.py#L20-L24) in `main-module.py`).

### Installation
Before you begin:
```
```bash
git clone
cd flask-auth-template
```
Expand Down
2 changes: 1 addition & 1 deletion install-dependencies.sh
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# pip packages
echo "Installing needed modules via pip..."
echo -e "\e[5mInstalling project dependencies\e[0m"
pip3 install -r requirements.txt
7 changes: 7 additions & 0 deletions main-module.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@
app.register_blueprint(authRoute)
app.register_blueprint(protectedRoute)

# make sure this is turned off
@app.after_request
def attachCORSHeader(response):
response.headers.set('Access-Control-Allow-Headers', '*')
response.headers.set('Access-Control-Allow-Origin', '*')
return response

# Publicly accessible routes
# ------------------------------
@app.route('/')
Expand Down
6 changes: 3 additions & 3 deletions modules/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
# public blueprint exposure
authRoute = Blueprint('auth', __name__)

@authRoute.route('/login')
@authRoute.route('/login', methods=['POST'])
def login():
# get authorization field from HTTP request, early exit if it's not present
auth = request.authorization
Expand All @@ -21,7 +21,7 @@ def login():
password = auth.password
storedUser = sharedStorage.find(username)

# 👇 perform validity check and password hashing 👇
# 👇 implement your strategy here 👇
if storedUser is not None and storedUser.password == password:
current_app.logger.info(f"<AUTH> Security check completed, passwords match.")
# create new token using Tokenizer
Expand Down Expand Up @@ -56,7 +56,7 @@ def registration():
body = request.json
if body:
username = body['username']
pwd = body['password'] # 👇 password hashing 👇
pwd = body['password'] # 👈 add password hashing strategy here
email = body['email']

# add to our storage
Expand Down

0 comments on commit 292b682

Please sign in to comment.