2015-11-29 13:03:35 +00:00
|
|
|
import asyncio
|
|
|
|
import functools
|
|
|
|
|
|
|
|
from aiohttp import web
|
|
|
|
|
2016-02-01 17:25:14 +00:00
|
|
|
from aiohttp_security import remember, forget, authorized_userid, permits
|
2015-11-29 13:03:35 +00:00
|
|
|
|
2016-08-30 17:38:59 +00:00
|
|
|
from .db_auth import check_credentials
|
|
|
|
|
2015-11-29 13:03:35 +00:00
|
|
|
|
|
|
|
def require(permission):
|
|
|
|
def wrapper(f):
|
|
|
|
@asyncio.coroutine
|
|
|
|
@functools.wraps(f)
|
|
|
|
def wrapped(self, request):
|
2016-08-30 17:38:59 +00:00
|
|
|
has_perm = yield from permits(request, permission)
|
2015-11-29 13:03:35 +00:00
|
|
|
if not has_perm:
|
2016-08-30 17:38:59 +00:00
|
|
|
message = 'User has no permission {}'.format(permission)
|
|
|
|
raise web.HTTPForbidden(body=message.encode())
|
2015-11-29 13:03:35 +00:00
|
|
|
return (yield from f(self, request))
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2016-08-30 17:38:59 +00:00
|
|
|
class Web(object):
|
|
|
|
index_template = """
|
|
|
|
<!doctype html>
|
|
|
|
<head>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<p>{message}</p>
|
|
|
|
<form action="/login" method="post">
|
|
|
|
Login:
|
|
|
|
<input type="text" name="login">
|
|
|
|
Password:
|
|
|
|
<input type="password" name="password">
|
|
|
|
<input type="submit" value="Login">
|
|
|
|
</form>
|
|
|
|
<a href="/logout">Logout</a>
|
|
|
|
</body>
|
|
|
|
"""
|
|
|
|
|
2015-11-29 13:03:35 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def index(self, request):
|
2016-08-30 17:38:59 +00:00
|
|
|
username = yield from authorized_userid(request)
|
|
|
|
if username:
|
|
|
|
template = self.index_template.format(
|
|
|
|
message='Hello, {username}!'.format(username=username))
|
|
|
|
else:
|
|
|
|
template = self.index_template.format(message='You need to login')
|
|
|
|
response = web.Response(body=template.encode())
|
|
|
|
return response
|
2015-11-29 13:03:35 +00:00
|
|
|
|
|
|
|
@asyncio.coroutine
|
|
|
|
def login(self, request):
|
2016-08-30 17:38:59 +00:00
|
|
|
response = web.HTTPFound('/')
|
|
|
|
form = yield from request.post()
|
|
|
|
login = form.get('login')
|
|
|
|
password = form.get('password')
|
|
|
|
db_engine = request.app.db_engine
|
|
|
|
if (yield from check_credentials(db_engine, login, password)):
|
|
|
|
yield from remember(request, response, login)
|
|
|
|
return response
|
2015-11-29 13:03:35 +00:00
|
|
|
|
2016-08-30 17:38:59 +00:00
|
|
|
return web.HTTPUnauthorized(
|
|
|
|
body=b'Invalid username/password combination')
|
|
|
|
|
|
|
|
@require('public')
|
2015-11-29 13:03:35 +00:00
|
|
|
@asyncio.coroutine
|
|
|
|
def logout(self, request):
|
2016-08-30 17:38:59 +00:00
|
|
|
response = web.Response(body=b'You have been logged out')
|
|
|
|
yield from forget(request, response)
|
|
|
|
return response
|
2015-11-29 13:03:35 +00:00
|
|
|
|
|
|
|
@require('public')
|
|
|
|
@asyncio.coroutine
|
2016-08-30 17:38:59 +00:00
|
|
|
def internal_page(self, request):
|
|
|
|
response = web.Response(
|
|
|
|
body=b'This page is visible for all registered users')
|
|
|
|
return response
|
2015-11-29 13:03:35 +00:00
|
|
|
|
|
|
|
@require('protected')
|
|
|
|
@asyncio.coroutine
|
2016-08-30 17:38:59 +00:00
|
|
|
def protected_page(self, request):
|
|
|
|
response = web.Response(body=b'You are on protected page')
|
|
|
|
return response
|
2015-11-30 12:58:49 +00:00
|
|
|
|
|
|
|
def configure(self, app):
|
2016-08-30 17:38:59 +00:00
|
|
|
router = app.router
|
|
|
|
router.add_route('GET', '/', self.index, name='index')
|
|
|
|
router.add_route('POST', '/login', self.login, name='login')
|
|
|
|
router.add_route('GET', '/logout', self.logout, name='logout')
|
|
|
|
router.add_route('GET', '/public', self.internal_page, name='public')
|
|
|
|
router.add_route('GET', '/protected', self.protected_page,
|
|
|
|
name='protected')
|