This package allows you to authorize users through a shared redis
pip install barter-auth
REDIS_AUTH_URL default 'redis://localhost:6378/1' # depracatedREDIS_AUTH_HOST default '127.0.0.1'REDIS_AUTH_PORT default 6379REDIS_AUTH_PASSWORD default NoneREDIS_AUTH_DB default 0REDIS_AUTH_ACCESS_PREFIX default = 'access'REDIS_AUTH_REFRESH_PREFIX default = 'refresh'REDIS_AUTH_TOTP_PREFIX default = 'totp'REDIS_AUTH_PROFILE_PREFIX default = 'profile'REDIS_AUTH_TOKEN_STORAGE default = 'headers'# in django
from rest_framework.permissions import AllowAny, IsAuthenticated
from barter_auth.auth import ApiTokenRedisAuthentication
class SomeView(APIView):
authentication_classes = [ApiTokenRedisAuthentication]
permission_classes = [IsAuthenticated]
# barter_auth BaseUser() is available in request.user in DRF APIView
# you can add request user or profile in apps django config <app_name>.apps.py
class BloggerConfig(AppConfig):
name = 'apps.base'
def ready(self):
HttpRequest.extuser = property(get_user)
HttpRequest.profile = property(get_profile)
def get_user(self):
from barter_auth.auth import get_token_from_cookies, get_token_from_header
from barter_auth.providers import RedisAccessClient
from django.contrib.auth.models import AnonymousUser
from django.conf import settings
token = get_token_from_header(self)
if not token:
token = get_token_from_cookies(self)
if token:
token_service = RedisAccessClient(host=settings.REDIS_AUTH_HOST)
user = token_service.get_user(token)
return user or AnonymousUser()
return AnonymousUser()
def get_profile(self):
from barter_auth.models import AnonymousProfile
extuser = self.extuser
if extuser.is_authenticated:
try:
profile = RedisProfileClient().get_model(key=self.headers.get('Profile'))
except:
profile = AnonymousProfile()
if profile.user_id and profile.user_id == extuser.id:
# print(f'profile: {profile.id}')
return profile
return AnonymousProfile()
# in settings
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"barter_auth.auth.ApiTokenRedisAuthentication",
],
"EXCEPTION_HANDLER": '<your path>.api_exception_handler',
# ...
}
# file with api_exception_handler
from rest_framework.response import Response
from rest_framework.views import exception_handler, set_rollback
from barter_auth.exceptions import BAuthAPIException
def api_exception_handler(exc, context):
# Call REST framework's default exception handler first,
# to get the standard error response.
if isinstance(exc, BAuthAPIException):
headers = {}
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
if isinstance(exc.detail, (list, dict)):
data = exc.detail
else:
data = {'detail': exc.detail}
set_rollback()
return Response(data, status=exc.status_code, headers=headers)
response = exception_handler(exc, context)
# Now add the HTTP status code to the response.
if response is not None:
response.data['status_code'] = response.status_code
return response
FAQs
Barter authentication package
We found that barter-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.