From 8b7c598407a5fea9a3d78473e72df87606998cd4 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 4 Aug 2023 10:10:28 +0300
Subject: Copy over files from GN3 repository.

---
 gn_auth/auth/authentication/oauth2/resource_server.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 gn_auth/auth/authentication/oauth2/resource_server.py

(limited to 'gn_auth/auth/authentication/oauth2/resource_server.py')

diff --git a/gn_auth/auth/authentication/oauth2/resource_server.py b/gn_auth/auth/authentication/oauth2/resource_server.py
new file mode 100644
index 0000000..223e811
--- /dev/null
+++ b/gn_auth/auth/authentication/oauth2/resource_server.py
@@ -0,0 +1,19 @@
+"""Protect the resources endpoints"""
+
+from flask import current_app as app
+from authlib.oauth2.rfc6750 import BearerTokenValidator as _BearerTokenValidator
+from authlib.integrations.flask_oauth2 import ResourceProtector
+
+from gn3.auth import db
+from gn3.auth.authentication.oauth2.models.oauth2token import token_by_access_token
+
+class BearerTokenValidator(_BearerTokenValidator):
+    """Extends `authlib.oauth2.rfc6750.BearerTokenValidator`"""
+    def authenticate_token(self, token_string: str):
+        with db.connection(app.config["AUTH_DB"]) as conn:
+            return token_by_access_token(conn, token_string).maybe(# type: ignore[misc]
+                None, lambda tok: tok)
+
+require_oauth = ResourceProtector()
+
+require_oauth.register_token_validator(BearerTokenValidator())
-- 
cgit v1.2.3