From 0dd6a3b3c8464f80375918148fe2c6cdacd8f462 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 25 Jul 2024 14:54:43 -0500
Subject: authorisation module: utilities for basic authorisation.

---
 uploader/authorisation.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 uploader/authorisation.py

(limited to 'uploader/authorisation.py')

diff --git a/uploader/authorisation.py b/uploader/authorisation.py
new file mode 100644
index 0000000..71b42fa
--- /dev/null
+++ b/uploader/authorisation.py
@@ -0,0 +1,28 @@
+"""Authorisation utilities."""
+from functools import wraps
+from urllib.parse import urljoin
+
+from flask import flash, redirect
+
+from uploader import session
+from uploader.oauth2.client import oauth2_client, authserver_uri
+
+def require_login(function):
+    """Check that the user is logged in before executing `func`."""
+    @wraps(function)
+    def __is_session_valid__(*args, **kwargs):
+        """Check that the user is logged in and their token is valid."""
+        def __clear_session__(_no_token):
+            session.clear_session_info()
+            flash("You need to be logged in.", "alert-danger")
+            return redirect("/")
+
+        def __with_token__(token):
+            resp = oauth2_client().get(
+                urljoin(authserver_uri(), "auth/user/"))
+            userdetails = resp.json()
+            if not userdetails.get("error"):
+                return function(*args, **kwargs)
+            return __clear_session__(token)
+        return session.user_token().either(__clear_session__, __with_token__)
+    return __is_session_valid__
-- 
cgit v1.2.3