feat: add jwt demo (#19)

Nekotoxin · web-flow · commit 8a3b50e58e53 · 2022-08-21T00:21:41.000+08:00
* docs: add jwt demo(inherited from @yance-dev) * fix: lint * fix: update pytest to fix err `TypeError: required field "lineno" missing from alias`
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -1,4 +1,4 @@
-on: ["push", "pull_request"]
+on: [ "push", "pull_request" ]
 
 name: Test Coveralls
 
@@ -9,25 +9,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@v1
+      - uses: actions/checkout@v1
 
-    - uses: actions/setup-python@v2
-      with:
-        python-version: '3.9'
-        architecture: 'x64'
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+          architecture: 'x64'
 
 
-    - name: Install Dependency
-      run: |
-        python -m pip install -r dev-requirements.txt
-        python -m pip install coveralls
+      - name: Install Dependency
+        run: |
+          python -m pip install -r dev-requirements.txt
+          python -m pip install coveralls
 
-    - name: Run Coverage
-      run: |
-        python -m pytest --cov=fastapi_authz tests/
-        coveralls --service=github
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run Coverage
+        run: |
+          python -m pytest --cov=fastapi_authz tests/
+          coveralls --service=github
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 #    - name: Coveralls
 #      uses: coverallsapp/github-action@master
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,22 +13,22 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-          
+
       - uses: actions/setup-node@v2
         with:
           node-version: '16'
 
       - name: Setup
         run: npm install -g semantic-release @semantic-release/github @semantic-release/changelog @semantic-release/commit-analyzer @semantic-release/git @semantic-release/release-notes-generator semantic-release-pypi
-      
+
       - name: Set up python
         uses: actions/setup-python@v2
         with:
           python-version: 3.9
-      
+
       - name: Install setuptools
         run: python -m pip install --upgrade setuptools wheel twine
-      
+
       - name: Release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.releaserc.json b/.releaserc.json
@@ -11,12 +11,16 @@
         "changelogFile": "CHANGELOG.md",
         "changelogTitle": "# Semantic Versioning Changelog"
       }
-    ],     
-	  [
+    ],
+    [
       "@semantic-release/git",
       {
         "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}",
-        "assets": ["CHANGELOG.md", "setup.py", "setup.cfg"]
+        "assets": [
+          "CHANGELOG.md",
+          "setup.py",
+          "setup.cfg"
+        ]
       }
     ]
   ]
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,32 +2,34 @@
 
 # [0.1.0](https://github.com/pycasbin/fastapi-authz/compare/v0.0.5...v0.1.0) (2021-12-01)
 
-
 ### Features
 
-* add release config ([ca64044](https://github.com/pycasbin/fastapi-authz/commit/ca64044342088f36fb9822376487260a2ac2c6a1))
-* always allow OPTIONS ([#16](https://github.com/pycasbin/fastapi-authz/issues/16)) ([6576796](https://github.com/pycasbin/fastapi-authz/commit/65767963ce26d8a63115ecbc87e76f812abd430f))
+* add release
+  config ([ca64044](https://github.com/pycasbin/fastapi-authz/commit/ca64044342088f36fb9822376487260a2ac2c6a1))
+* always allow
+  OPTIONS ([#16](https://github.com/pycasbin/fastapi-authz/issues/16)) ([6576796](https://github.com/pycasbin/fastapi-authz/commit/65767963ce26d8a63115ecbc87e76f812abd430f))
 
 # [0.1.0](https://github.com/pycasbin/fastapi-authz/compare/v0.0.1...v0.1.0) (2021-03-11)
 
-
 ### Bug Fixes
 
 * fix package ([6fc0a68](https://github.com/pycasbin/fastapi-authz/commit/6fc0a68e9a6620c0e67f355d82894b09aa5da1ef))
-* fix package build ([6ec4f6a](https://github.com/pycasbin/fastapi-authz/commit/6ec4f6a58e205bf70913b21cf7102282f4435939))
-* fix package install ([98f7a34](https://github.com/pycasbin/fastapi-authz/commit/98f7a34c2ee70b39a25f11d64746078253fb03ba))
+* fix package
+  build ([6ec4f6a](https://github.com/pycasbin/fastapi-authz/commit/6ec4f6a58e205bf70913b21cf7102282f4435939))
+* fix package
+  install ([98f7a34](https://github.com/pycasbin/fastapi-authz/commit/98f7a34c2ee70b39a25f11d64746078253fb03ba))
 * typo ([5081da4](https://github.com/pycasbin/fastapi-authz/commit/5081da46b99d1b8d1746f683d675bde17566d659))
 * typo ([fe5800f](https://github.com/pycasbin/fastapi-authz/commit/fe5800f0f5af1b13a45721b24cfbdc48beabc8a2))
 
-
 ### Features
 
-* add readme and demo ([191c6f1](https://github.com/pycasbin/fastapi-authz/commit/191c6f1caa812f288e8e8ecebad74762ca3b1866))
-* add release config ([ca64044](https://github.com/pycasbin/fastapi-authz/commit/ca64044342088f36fb9822376487260a2ac2c6a1))
+* add readme and
+  demo ([191c6f1](https://github.com/pycasbin/fastapi-authz/commit/191c6f1caa812f288e8e8ecebad74762ca3b1866))
+* add release
+  config ([ca64044](https://github.com/pycasbin/fastapi-authz/commit/ca64044342088f36fb9822376487260a2ac2c6a1))
 
 # [0.1.0](https://github.com/pycasbin/fastapi-authz/compare/v0.0.3...v0.1.0) (2021-03-04)
 
-
 ### Bug Fixes
 
 * ci ([bd53180](https://github.com/pycasbin/fastapi-authz/commit/bd53180565fb55907b60666fb438add7cb18e4fb))
@@ -36,14 +38,18 @@
 * ci ([df1b2cd](https://github.com/pycasbin/fastapi-authz/commit/df1b2cd7ee05ed058d009070ae2e9150c794c41b))
 * ci ([ada48e9](https://github.com/pycasbin/fastapi-authz/commit/ada48e95c38494d59eb5c93698eb939201d1a038))
 * ci ([eec5cf0](https://github.com/pycasbin/fastapi-authz/commit/eec5cf0f292044be21b264a85e391545dbf1d200))
-* fix package build ([d15f244](https://github.com/pycasbin/fastapi-authz/commit/d15f244ab257e334b9204c140a4114c84f298f73))
-* fix package build ([e190697](https://github.com/pycasbin/fastapi-authz/commit/e190697f2bc0678ee1762bb1b31c46cf4f7bd539))
-* fix package install ([61a24a8](https://github.com/pycasbin/fastapi-authz/commit/61a24a816e823001e44a35a41fae5ecf86205697))
-* fix package install ([32e85a1](https://github.com/pycasbin/fastapi-authz/commit/32e85a15475290a3128274d5fa03e82f6198edf2))
+* fix package
+  build ([d15f244](https://github.com/pycasbin/fastapi-authz/commit/d15f244ab257e334b9204c140a4114c84f298f73))
+* fix package
+  build ([e190697](https://github.com/pycasbin/fastapi-authz/commit/e190697f2bc0678ee1762bb1b31c46cf4f7bd539))
+* fix package
+  install ([61a24a8](https://github.com/pycasbin/fastapi-authz/commit/61a24a816e823001e44a35a41fae5ecf86205697))
+* fix package
+  install ([32e85a1](https://github.com/pycasbin/fastapi-authz/commit/32e85a15475290a3128274d5fa03e82f6198edf2))
 * typo ([51367ce](https://github.com/pycasbin/fastapi-authz/commit/51367ce9f189a218bfa270dbf389fda0cfed19f2))
 * typo ([843ba85](https://github.com/pycasbin/fastapi-authz/commit/843ba852a455e00ca942897363e59ee3ec1f0698))
 
-
 ### Features
 
-* add release config ([61dde88](https://github.com/pycasbin/fastapi-authz/commit/61dde885034f4ae5d32956141f8e70549088aac9))
+* add release
+  config ([61dde88](https://github.com/pycasbin/fastapi-authz/commit/61dde885034f4ae5d32956141f8e70549088aac9))
diff --git a/README.md b/README.md
@@ -113,6 +113,9 @@ It used the casbin config from `examples` folder, and you can find this demo in
 
 You can also view the unit tests to understand this middleware.
 
+Besides, there is another example for `CasbinMiddleware` which is designed to work with JWT authentication. You can find
+it in `demo/jwt_test.py`.
+
 ## Development
 
 ### Run unit tests
diff --git a/demo/jwt_test.py b/demo/jwt_test.py
@@ -0,0 +1,106 @@
+from datetime import datetime, timedelta
+from typing import Optional, Tuple, Union
+
+import casbin
+import jwt
+import uvicorn
+from fastapi import FastAPI
+from starlette.authentication import (
+    AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials)
+from starlette.middleware.authentication import AuthenticationMiddleware
+
+from fastapi_authz import CasbinMiddleware
+
+JWT_SECRET_KEY = "secret"
+app = FastAPI()
+
+
+class JWTUser(BaseUser):
+    def __init__(self, username: str, token: str, payload: dict) -> None:
+        self.username = username
+        self.token = token
+        self.payload = payload
+
+    @property
+    def is_authenticated(self) -> bool:
+        return True
+
+    @property
+    def display_name(self) -> str:
+        return self.username
+
+
+class JWTAuthenticationBackend(AuthenticationBackend):
+
+    def __init__(self,
+                 secret_key: str,
+                 algorithm: str = 'HS256',
+                 prefix: str = 'Bearer',
+                 username_field: str = 'username',
+                 audience: Optional[str] = None,
+                 options: Optional[dict] = None) -> None:
+        self.secret_key = secret_key
+        self.algorithm = algorithm
+        self.prefix = prefix
+        self.username_field = username_field
+        self.audience = audience
+        self.options = options or dict()
+
+    @classmethod
+    def get_token_from_header(cls, authorization: str, prefix: str) -> str:
+        """Parses the Authorization header and returns only the token"""
+        try:
+            scheme, token = authorization.split()
+        except ValueError as e:
+            raise AuthenticationError('Could not separate Authorization scheme and token') from e
+
+        if scheme.lower() != prefix.lower():
+            raise AuthenticationError(f'Authorization scheme {scheme} is not supported')
+        return token
+
+    async def authenticate(self, request) -> Union[None, Tuple[AuthCredentials, BaseUser]]:
+        if "Authorization" not in request.headers:
+            return None
+
+        auth = request.headers["Authorization"]
+        token = self.get_token_from_header(authorization=auth, prefix=self.prefix)
+        try:
+            payload = jwt.decode(token, key=self.secret_key, algorithms=self.algorithm, audience=self.audience,
+                                 options=self.options)
+        except jwt.InvalidTokenError as e:
+            raise AuthenticationError(str(e)) from e
+        return AuthCredentials(["authenticated"]), JWTUser(username=payload[self.username_field], token=token,
+                                                           payload=payload)
+
+
+enforcer = casbin.Enforcer('../examples/rbac_model.conf', '../examples/rbac_policy.csv')
+app.add_middleware(CasbinMiddleware, enforcer=enforcer)
+
+app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key=JWT_SECRET_KEY))
+
+
+def create_access_token(subject: str, expires_delta: timedelta = None) -> str:
+    if expires_delta:
+        expire = datetime.utcnow() + expires_delta
+    else:
+        expire = datetime.utcnow() + timedelta(
+            minutes=60
+        )
+    to_encode = {"exp": expire, "username": subject}
+    return jwt.encode(to_encode, JWT_SECRET_KEY, algorithm="HS256")
+
+
+@app.get('/')
+async def index():
+    return "If you see this, you have been authenticated."
+
+
+@app.get('/dataset1/protected')
+async def auth_test():
+    return "You must be alice to see this."
+
+
+if __name__ == '__main__':
+    print("alice:", create_access_token("alice", expires_delta=timedelta(minutes=60)))
+    print("mark:", create_access_token("mark", expires_delta=timedelta(minutes=60)))
+    uvicorn.run(app, debug=True)
diff --git a/demo/test.py b/demo/test.py
@@ -3,7 +3,6 @@
 
 import casbin
 import uvicorn
-
 from fastapi import FastAPI
 from starlette.authentication import AuthenticationBackend, AuthenticationError, SimpleUser, AuthCredentials
 from starlette.middleware.authentication import AuthenticationMiddleware
diff --git a/dev-requirements.in b/dev-requirements.in
@@ -8,4 +8,5 @@ uvicorn
 starlette-auth-toolkit
 requests
 twine
-build
+build
+pyjwt
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -25,9 +25,10 @@ pluggy==0.13.1
 py==1.10.0
 pydantic==1.7.3
 pygments==2.8.0
+pyjwt==2.3.0
 pyparsing==2.4.7
 pytest-cov==2.11.1
-pytest==6.2.2
+pytest==7.1.2
 pywin32-ctypes==0.2.0
 readme-renderer==29.0
 requests-toolbelt==0.9.1
diff --git a/fastapi_authz/__init__.py b/fastapi_authz/__init__.py
@@ -1 +1 @@
-from .middleware import CasbinMiddleware
+from .middleware import CasbinMiddleware
diff --git a/setup.py b/setup.py
@@ -1,6 +1,7 @@
-from setuptools import setup, find_packages
 from os import path
 
+from setuptools import setup, find_packages
+
 desc_file = "README.md"
 
 here = path.abspath(path.dirname(__file__))
diff --git a/tests/__init__.py b/tests/__init__.py
@@ -1 +1 @@
-import pytest
+
diff --git a/tests/conftest.py b/tests/conftest.py
diff --git a/tests/test_jwt.py b/tests/test_jwt.py

Original file line number	Diff line number	Diff line change
`@@ -11,12 +11,16 @@`
`11`	`11`	`"changelogFile": "CHANGELOG.md",`
`12`	`12`	`"changelogTitle": "# Semantic Versioning Changelog"`
`13`	`13`	`}`
`14`		`- ],`
`15`		`- [`
	`14`	`+ ],`
	`15`	`+ [`
`16`	`16`	`"@semantic-release/git",`
`17`	`17`	`{`
`18`	`18`	`"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}",`
`19`		`- "assets": ["CHANGELOG.md", "setup.py", "setup.cfg"]`
	`19`	`+ "assets": [`
	`20`	`+ "CHANGELOG.md",`
	`21`	`+ "setup.py",`
	`22`	`+ "setup.cfg"`
	`23`	`+ ]`
`20`	`24`	`}`
`21`	`25`	`]`
`22`	`26`	`]`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-from .middleware import CasbinMiddleware`
	`1`	`+from .middleware import CasbinMiddleware`