Files
2026-07-13 13:22:34 +08:00

45 lines
1.5 KiB
Python

"""Sample JWT authentication module for testing purposes.
NOT SUITABLE FOR PRODUCTION USE.
"""
import logging
import jwt
from flask import Response, make_response, request
from werkzeug.datastructures import Authorization
BEARER_PREFIX = "bearer "
_logger = logging.getLogger(__name__)
def authenticate_request() -> Authorization | Response:
_logger.debug("Getting token")
error_response = make_response()
error_response.status_code = 401
error_response.set_data(
"You are not authenticated. Please provide a valid JWT Bearer token with the request."
)
error_response.headers["WWW-Authenticate"] = 'Bearer error="invalid_token"'
token = request.headers.get("Authorization")
if token is not None and token.lower().startswith(BEARER_PREFIX):
token = token[len(BEARER_PREFIX) :] # Remove prefix
try:
# NOTE:
# - This is a sample implementation for testing purposes only.
# - Here we're using a hardcoded key, which is not secure.
# - We also aren't validating that the user exists.
token_info = jwt.decode(token, "secret", algorithms=["HS256"])
if not token_info: # pragma: no cover
_logger.warning("No token_info returned")
return error_response
return Authorization(auth_type="jwt", data=token_info)
except jwt.exceptions.InvalidTokenError:
pass
_logger.warning("Missing or invalid authorization token")
return error_response