# -*- coding:utf-8 -*-
import urllib
from functools import wraps
from flask import current_app
from flask import g
from flask import request
from flask import abort
from flask.ext.principal import identity_changed
from flask.ext.principal import Identity
from flask.ext.principal import AnonymousIdentity
from models.account import User
from models.account import UserCache
def auth_with_key(func):
@wraps(func)
def wrapper(*args, **kwargs):
if isinstance(getattr(g, 'user', None), User):
identity_changed.send(current_app._get_current_object(),
identity=Identity(g.user.uid))
return func(*args, **kwargs)
ip = request.remote_addr
if request.data:
request_args = dict()
_args = request.data.split("&")
for arg in _args:
if arg:
request_args[arg.split("=")[0]] = \
urllib.unquote(arg.split("=")[1])
else:
request_args = request.values
key = request_args.get('_key')
secret = request_args.get('_secret')
if not key and not secret and \
ip.strip() in current_app.config.get("WHITE_LIST"):
ip = ip.strip()
user = UserCache.get(ip)
if user:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.uid))
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return abort(400, "invalid _key and _secret")
path = request.path
keys = sorted(request_args.keys())
req_args = [request_args[k] for k in keys
if str(k) not in ("_key", "_secret")]
current_app.logger.debug('args is %s' % req_args)
user, authenticated = User.query.authenticate_with_key(
key, secret, req_args, path)
if user and authenticated:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get("uid")))
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return abort(400, "invalid _key and _secret")
return wrapper