FreeBug/backend/utils/auth.py

from functools import wraps
from flask import request, jsonify, g
from sqlalchemy import select, and_
from ..db.model import User, Session, db
from ..constants import UserRole

def requires_role(roles=None):
    if roles is None:
        roles = [UserRole.USER, UserRole.ADMIN]
    roles = [int(r) for r in roles]
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            auth_header = request.headers.get('Authorization')
            if not auth_header:
                return jsonify({'error': 'No authorization header sent'}), 401
            try:
                session_key = auth_header.split(' ')[1]
            except IndexError:
                return jsonify({'error': 'Invalid authorization header format'}), 401
            session: Session = db.session.execute(
                select(Session).where(and_(Session.key == session_key, Session.isValid == True))
            ).scalar()
            if not session:
                return jsonify({'error': 'Invalid or expired session'}), 401

            user: User = session.user
            if not user:
                return jsonify({'error': 'User not found for the Access token'}), 401
            g.current_session = session
            g.current_user = user
            # If no roles specified, allow access
            if not roles:
                return f(*args, **kwargs)
            if user.role in roles:
                return f(*args, **kwargs)
            return jsonify({'error': 'Not authorized'}), 403
        return decorated_function
    return decorator
Start work on role guard 6 months ago			`from functools import wraps`
Add user and session to request globals 6 months ago			`from flask import request, jsonify, g`
Add role guard 6 months ago			`from sqlalchemy import select, and_`
Start work on role guard 6 months ago			`from ..db.model import User, Session, db`
Add role guard 6 months ago			`from ..constants import UserRole`
Start work on role guard 6 months ago
Added author->Course relationship in model, Fix require role decorator 6 months ago			`def requires_role(roles=None):`
Add role guard 6 months ago			`if roles is None:`
default require role now allows admins and users by default 6 months ago			`roles = [UserRole.USER, UserRole.ADMIN]`
Add role guard 6 months ago			`roles = [int(r) for r in roles]`
Start work on role guard 6 months ago			`def decorator(f):`
			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
			`auth_header = request.headers.get('Authorization')`
			`if not auth_header:`
			`return jsonify({'error': 'No authorization header sent'}), 401`
			`try:`
			`session_key = auth_header.split(' ')[1]`
			`except IndexError:`
			`return jsonify({'error': 'Invalid authorization header format'}), 401`
Add role guard 6 months ago			`session: Session = db.session.execute(`
minor changes 6 months ago			`select(Session).where(and_(Session.key == session_key, Session.isValid == True))`
Add role guard 6 months ago			`).scalar()`
Start work on role guard 6 months ago			`if not session:`
			`return jsonify({'error': 'Invalid or expired session'}), 401`
Add user and session to request globals 6 months ago
			`user: User = session.user`
Start work on role guard 6 months ago			`if not user:`
Add role guard 6 months ago			`return jsonify({'error': 'User not found for the Access token'}), 401`
Add user and session to request globals 6 months ago			`g.current_session = session`
			`g.current_user = user`
Start work on role guard 6 months ago			`# If no roles specified, allow access`
			`if not roles:`
			`return f(args, *kwargs)`
			`if user.role in roles:`
			`return f(args, *kwargs)`
Add role guard 6 months ago			`return jsonify({'error': 'Not authorized'}), 403`
Start work on role guard 6 months ago			`return decorated_function`
			`return decorator`