-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathapi.py
More file actions
110 lines (76 loc) · 3.27 KB
/
api.py
File metadata and controls
110 lines (76 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
from os import getenv
from flask import (Flask, request, jsonify)
from flask_cors import CORS
from gevent.pywsgi import WSGIServer
import jwt
from datetime import datetime, timedelta
"""
Database connector
"""
"""
API class for verifying credentials and handling JWTs.
"""
class API:
def __init__(self):
self.API_DOMAIN = getenv('API_DOMAIN')
self.MORPHL_DASHBOARD_USERNAME = getenv('MORPHL_DASHBOARD_USERNAME')
self.MORPHL_DASHBOARD_PASSWORD = getenv('MORPHL_DASHBOARD_PASSWORD')
self.MORPHL_API_KEY = getenv('MORPHL_API_KEY')
self.MORPHL_API_SECRET = getenv('MORPHL_API_SECRET')
self.MORPHL_API_JWT_SECRET = getenv('MORPHL_API_JWT_SECRET')
# Set JWT expiration date at 30 days
self.JWT_EXP_DELTA_DAYS = 30
def verify_login_credentials(self, username, password):
return username == self.MORPHL_DASHBOARD_USERNAME and password == self.MORPHL_DASHBOARD_PASSWORD
def verify_keys(self, api_key, api_secret):
return api_key == self.MORPHL_API_KEY and api_secret == self.MORPHL_API_SECRET
def generate_jwt(self):
payload = {
'iss': self.API_DOMAIN,
'sub': self.MORPHL_API_KEY,
'iat': datetime.utcnow(),
'exp': datetime.utcnow() + timedelta(days=self.JWT_EXP_DELTA_DAYS),
}
return jwt.encode(payload, self.MORPHL_API_JWT_SECRET, 'HS256').decode('utf-8')
def verify_jwt(self, token):
try:
decoded = jwt.decode(token, self.MORPHL_API_JWT_SECRET)
except Exception:
return False
return (decoded['iss'] == self.API_DOMAIN and
decoded['sub'] == self.MORPHL_API_KEY)
app = Flask(__name__)
CORS(app)
@app.route("/")
def main():
return "MorphL Predictions API"
@app.route('/authorize', methods=['POST'])
def authorize():
if request.form.get('api_key') is None or request.form.get('api_secret') is None:
return jsonify(error='Missing API key or secret')
if app.config['API'].verify_keys(
request.form['api_key'], request.form['api_secret']) == False:
return jsonify(error='Invalid API key or secret')
return jsonify(token=app.config['API'].generate_jwt())
@app.route("/dashboard/login", methods=['POST'])
def authorize_login():
if request.form.get('username') is None or request.form.get('password') is None:
return jsonify(status=0, error='Missing username or password.')
if not app.config['API'].verify_login_credentials(request.form['username'], request.form['password']):
return jsonify(status=0, error='Invalid username or password.')
return jsonify(status=1, token=app.config['API'].generate_jwt())
@app.route("/dashboard/verify-token", methods=['GET'])
def verify_token():
if request.headers.get('Authorization') is None or not app.config['API'].verify_jwt(request.headers['Authorization']):
return jsonify(status=0, error="Token invalid.")
return jsonify(status=1)
if __name__ == '__main__':
app.config['API'] = API()
if getenv('DEBUG'):
app.config['DEBUG'] = True
flask_port = 5858
app.run(host='0.0.0.0', port=flask_port)
else:
app.config['DEBUG'] = False
flask_port = 6868
WSGIServer(('', flask_port), app).serve_forever()