Change Tokens to ApiKey

Added name to ApiKey model
2026-02-01 07:35:34 -05:00 · 2016-01-19 12:07:00 +00:00
parent 6966c2484f
commit 4fc5c34320
14 changed files with 281 additions and 226 deletions
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -2,7 +2,7 @@ from flask import request, jsonify, _request_ctx_stack
 from client.authentication import decode_jwt_token, get_token_issuer
 from client.errors import TokenDecodeError, TokenRequestError, TokenExpiredError, TokenPayloadError

-from app.dao.tokens_dao import get_unsigned_token
+from app.dao.api_key_dao import get_unsigned_secret


 def authentication_response(message, code):
@@ -49,5 +49,5 @@ def requires_auth():
 def fetch_client(client):
    return {
        "client": client,
-        "secret": get_unsigned_token(client)
+        "secret": get_unsigned_secret(client)
    }
--- a/app/dao/api_key_dao.py
+++ b/app/dao/api_key_dao.py
@@ -0,0 +1,51 @@
+from flask import current_app
+from itsdangerous import URLSafeSerializer
+
+from app import db
+from app.models import ApiKey
+
+
+def save_model_api_key(api_key, update_dict={}):
+    if update_dict:
+        del update_dict['id']
+        db.session.query(ApiKey).filter_by(id=api_key.id).update(update_dict)
+    else:
+        api_key.secret = _generate_secret()
+        db.session.add(api_key)
+    db.session.commit()
+
+
+def get_model_api_keys(service_id=None, raise_=True):
+    """
+    :param raise_: when True query api_keys using one() which will raise NoResultFound exception
+                   when False query api_keys usong first() which will return None and not raise an exception.
+    """
+    if service_id:
+        # If expiry date is None the api_key is active
+        if raise_:
+            return ApiKey.query.filter_by(service_id=service_id, expiry_date=None).one()
+        else:
+            return ApiKey.query.filter_by(service_id=service_id, expiry_date=None).first()
+    return ApiKey.query.filter_by().all()
+
+
+def get_unsigned_secret(service_id):
+    """
+    There should only be one valid api_keys for each service.
+    This method can only be exposed to the Authentication of the api calls.
+    """
+    api_key = ApiKey.query.filter_by(service_id=service_id, expiry_date=None).one()
+    return _get_secret(api_key.secret)
+
+
+def _generate_secret(token=None):
+    import uuid
+    if not token:
+        token = uuid.uuid4()
+    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
+    return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))
+
+
+def _get_secret(signed_secret):
+    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
+    return serializer.loads(signed_secret, salt=current_app.config.get('DANGEROUS_SALT'))
--- a/app/dao/tokens_dao.py
+++ b/app/dao/tokens_dao.py
@@ -1,51 +0,0 @@
-from flask import current_app
-from itsdangerous import URLSafeSerializer
-
-from app import db
-from app.models import Token
-
-
-def save_model_token(token, update_dict={}):
-    if update_dict:
-        del update_dict['id']
-        db.session.query(Token).filter_by(id=token.id).update(update_dict)
-    else:
-        token.token = _generate_token()
-        db.session.add(token)
-    db.session.commit()
-
-
-def get_model_tokens(service_id=None, raise_=True):
-    """
-    :param raise_: when True query tokens using one() which will raise NoResultFound exception
-                   when False query tokens usong first() which will return None and not raise an exception.
-    """
-    if service_id:
-        # If expiry date is None the token is active
-        if raise_:
-            return Token.query.filter_by(service_id=service_id, expiry_date=None).one()
-        else:
-            return Token.query.filter_by(service_id=service_id, expiry_date=None).first()
-    return Token.query.filter_by().all()
-
-
-def get_unsigned_token(service_id):
-    """
-    There should only be one valid token for each service.
-    This method can only be exposed to the Authentication of the api calls.
-    """
-    token = Token.query.filter_by(service_id=service_id, expiry_date=None).one()
-    return _get_token(token.token)
-
-
-def _generate_token(token=None):
-    import uuid
-    if not token:
-        token = uuid.uuid4()
-    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
-    return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))
-
-
-def _get_token(token):
-    serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
-    return serializer.loads(token, salt=current_app.config.get('DANGEROUS_SALT'))
--- a/app/models.py
+++ b/app/models.py
@@ -85,13 +85,14 @@ class Service(db.Model):
    restricted = db.Column(db.Boolean, index=False, unique=False, nullable=False)


-class Token(db.Model):
-    __tablename__ = 'tokens'
+class ApiKey(db.Model):
+    __tablename__ = 'api_key'

    id = db.Column(db.Integer, primary_key=True)
-    token = db.Column(db.String(255), unique=True, nullable=False)
+    name = db.Column(db.String(255), nullable=False)
+    secret = db.Column(db.String(255), unique=True, nullable=False)
    service_id = db.Column(db.Integer, db.ForeignKey('services.id'), index=True, nullable=False)
-    service = db.relationship('Service', backref=db.backref('tokens', lazy='dynamic'))
+    service = db.relationship('Service', backref=db.backref('api_key', lazy='dynamic'))
    expiry_date = db.Column(db.DateTime)


--- a/app/schemas.py
+++ b/app/schemas.py
@@ -1,6 +1,5 @@
 from . import ma
 from . import models
-from marshmallow import post_load

 # TODO I think marshmallow provides a better integration and error handling.
 # Would be better to replace functionality in dao with the marshmallow supported
@@ -19,7 +18,7 @@ class UserSchema(ma.ModelSchema):
 class ServiceSchema(ma.ModelSchema):
    class Meta:
        model = models.Service
-        exclude = ("updated_at", "created_at", "tokens", "templates", "jobs")
+        exclude = ("updated_at", "created_at", "api_key", "templates", "jobs")


 class TemplateSchema(ma.ModelSchema):
@@ -28,9 +27,9 @@ class TemplateSchema(ma.ModelSchema):
        exclude = ("updated_at", "created_at", "service_id", "jobs")


-class TokenSchema(ma.ModelSchema):
+class ApiKeySchema(ma.ModelSchema):
    class Meta:
-        model = models.Token
+        model = models.ApiKey
        exclude = ["service"]


@@ -45,7 +44,7 @@ service_schema = ServiceSchema()
 services_schema = ServiceSchema(many=True)
 template_schema = TemplateSchema()
 templates_schema = TemplateSchema(many=True)
-token_schema = TokenSchema()
-tokens_schema = TokenSchema(many=True)
+api_key_schema = ApiKeySchema()
+api_keys_schema = ApiKeySchema(many=True)
 job_schema = JobSchema()
 jobs_schema = JobSchema(many=True)
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -1,6 +1,6 @@
 from datetime import datetime

-from flask import (jsonify, request, current_app)
+from flask import (jsonify, request)
 from sqlalchemy.exc import DataError
 from sqlalchemy.orm.exc import NoResultFound

@@ -10,8 +10,8 @@ from app.dao.services_dao import (
    save_model_service, get_model_services, delete_model_service)
 from app.dao.templates_dao import (
    save_model_template, get_model_templates, delete_model_template)
-from app.dao.tokens_dao import (save_model_token, get_model_tokens, get_unsigned_token)
-from app.models import Token
+from app.dao.api_key_dao import (save_model_api_key, get_model_api_keys, get_unsigned_secret)
+from app.models import ApiKey
 from app.schemas import (
    services_schema, service_schema, template_schema)

@@ -29,13 +29,11 @@ def create_service():
    # db.session.commit
    try:
        save_model_service(service)
-        save_model_token(Token(service_id=service.id))
    except DAOException as e:
        return jsonify(result="error", message=str(e)), 400
-    return jsonify(data=service_schema.dump(service).data, token=get_unsigned_token(service.id)), 201
+    return jsonify(data=service_schema.dump(service).data), 201


-# TODO auth to be added
@service.route('/<int:service_id>', methods=['PUT', 'DELETE'])
 def update_service(service_id):
    try:
@@ -64,7 +62,6 @@ def update_service(service_id):
    return jsonify(data=service_schema.dump(service).data), status_code


-# TODO auth to be added.
@service.route('/<int:service_id>', methods=['GET'])
@service.route('/', methods=['GET'])
 def get_service(service_id=None):
@@ -78,9 +75,8 @@ def get_service(service_id=None):
    return jsonify(data=data)


-# TODO auth to be added
-@service.route('/<int:service_id>/token/renew', methods=['POST'])
-def renew_token(service_id=None):
+@service.route('/<int:service_id>/api-key/renew', methods=['POST'])
+def renew_api_key(service_id=None):
    try:
        get_model_services(service_id=service_id)
    except DataError:
@@ -89,20 +85,22 @@ def renew_token(service_id=None):
        return jsonify(result="error", message="Service not found"), 404

    try:
-        service_token = get_model_tokens(service_id=service_id, raise_=False)
-        if service_token:
-            # expire existing token
-            save_model_token(service_token, update_dict={'id': service_token.id, 'expiry_date': datetime.now()})
+        service_api_key = get_model_api_keys(service_id=service_id, raise_=False)
+        if service_api_key:
+            # expire existing api_key
+            save_model_api_key(service_api_key, update_dict={'id': service_api_key.id, 'expiry_date': datetime.now()})
        # create a new one
-        save_model_token(Token(service_id=service_id))
+        # TODO: what validation should be done here?
+        secret_name = request.get_json()['name']
+        save_model_api_key(ApiKey(service_id=service_id, name=secret_name))
    except DAOException as e:
        return jsonify(result='error', message=str(e)), 400
-    unsigned_token = get_unsigned_token(service_id)
-    return jsonify(data=unsigned_token), 201
+    unsigned_api_key = get_unsigned_secret(service_id)
+    return jsonify(data=unsigned_api_key), 201


-@service.route('/<int:service_id>/token/revoke', methods=['POST'])
-def revoke_token(service_id):
+@service.route('/<int:service_id>/api-key/revoke', methods=['POST'])
+def revoke_api_key(service_id):
    try:
        get_model_services(service_id=service_id)
    except DataError:
@@ -110,13 +108,12 @@ def revoke_token(service_id):
    except NoResultFound:
        return jsonify(result="error", message="Service not found"), 404

-    service_token = get_model_tokens(service_id=service_id, raise_=False)
-    if service_token:
-        save_model_token(service_token, update_dict={'id': service_token.id, 'expiry_date': datetime.now()})
+    service_api_key = get_model_api_keys(service_id=service_id, raise_=False)
+    if service_api_key:
+        save_model_api_key(service_api_key, update_dict={'id': service_api_key.id, 'expiry_date': datetime.now()})
    return jsonify(), 202


-# TODO auth to be added.
@service.route('/<int:service_id>/template/', methods=['POST'])
 def create_template(service_id):
    try:
@@ -135,7 +132,6 @@ def create_template(service_id):
    return jsonify(data=template_schema.dump(template).data), 201


-# TODO auth to be added
@service.route('/<int:service_id>/template/<int:template_id>', methods=['PUT', 'DELETE'])
 def update_template(service_id, template_id):
    try: