diff --git a/README.md b/README.md index b3185d9..6e1d71d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ This repository represents the source code template for micro webserver that provides authentication gate for your protected resources. It is written in `Python` using `Flask` framework and relies on `JWT` authentication mechanism. -Some of the provided strategies are to basic/simple for **serious**, production level webserver. Use this template as starting point for more complex projects and requirements. +Some of the provided strategies are to basic/simple for **serious**, production level webserver. +Use this template as starting point for more complex projects and requirements. ### JWT based `JSON Web Tokens` - or [JWT](https://jwt.io/) in short - is the foundation authentication principle used in this template. @@ -18,9 +19,12 @@ Template is designed to support modular structure. Main application modules are ### Different authentication strategies Presented here is basic HTTP AUTHENTICATION through Authentication field. Note there are **way secure** authentication mechanisms, such as `OAuth`. +#### CORS setup +For the sake of simplicity, CORS has been enabled completely. Server will accept all origins no matter where the request comes from. Check and/or modify `@app.after_request` directive to further customise desired behaviour (lines [20-24](https://github.com/vexy/flask-auth-template/blob/master/main-module.py#L20-L24) in `main-module.py`). + ### Installation Before you begin: -``` +```bash git clone cd flask-auth-template ``` diff --git a/install-dependencies.sh b/install-dependencies.sh index 478822a..38b717d 100644 --- a/install-dependencies.sh +++ b/install-dependencies.sh @@ -1,3 +1,3 @@ # pip packages -echo "Installing needed modules via pip..." +echo -e "\e[5mInstalling project dependencies\e[0m" pip3 install -r requirements.txt diff --git a/main-module.py b/main-module.py index aa1dd66..703f5b1 100644 --- a/main-module.py +++ b/main-module.py @@ -16,6 +16,13 @@ app.register_blueprint(authRoute) app.register_blueprint(protectedRoute) +# make sure this is turned off +@app.after_request +def attachCORSHeader(response): + response.headers.set('Access-Control-Allow-Headers', '*') + response.headers.set('Access-Control-Allow-Origin', '*') + return response + # Publicly accessible routes # ------------------------------ @app.route('/') diff --git a/modules/auth.py b/modules/auth.py index 859af79..6c1b3fb 100644 --- a/modules/auth.py +++ b/modules/auth.py @@ -9,7 +9,7 @@ # public blueprint exposure authRoute = Blueprint('auth', __name__) -@authRoute.route('/login') +@authRoute.route('/login', methods=['POST']) def login(): # get authorization field from HTTP request, early exit if it's not present auth = request.authorization @@ -21,7 +21,7 @@ def login(): password = auth.password storedUser = sharedStorage.find(username) - # 👇 perform validity check and password hashing 👇 + # 👇 implement your strategy here 👇 if storedUser is not None and storedUser.password == password: current_app.logger.info(f" Security check completed, passwords match.") # create new token using Tokenizer @@ -56,7 +56,7 @@ def registration(): body = request.json if body: username = body['username'] - pwd = body['password'] # 👇 password hashing 👇 + pwd = body['password'] # 👈 add password hashing strategy here email = body['email'] # add to our storage