Gotta get your API protected!
=============================
Token-based authentication is the most common way of protecting your APIs from unwanted folk.
Sometimes you need to do things *fast* (you know, get it to prod *yesterday*\ )
and you do not really have time to implement a proper authentication layer.
Okay, are you fine with a temporary solution? There's nothing more permanent than temporary, right.
If you can:
*
provide a simple async token verifier (say, checking it in memcached or Redis)
or
*
hard-code a token in your app prototype,
and also
*
sent the token in a request header
*
then we are ready to go.
Usage example
-------------
.. code-block:: python
from sanic import Sanic
from sanic.response import text
from sanic_token_auth import SanicTokenAuth
app = Sanic()
auth = SanicTokenAuth(app, secret_key='utee3Quaaxohh1Oo', header='X-My-App-Auth-Token')
@app.route("/")
async def index(request):
return text("Go to /protected")
@app.route("/protected")
@auth.auth_required
async def protected(request):
return text("Welcome!")
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
And let's try it:
.. code-block:: bash
$ curl http://localhost:8000/protected -H "X-My-App-Auth-Token: utee3Quaaxohh1Oo"
Welcome!
If you omit the ``header`` argument, you can instead send a token in either
``Authorization: Bearer <yourtoken>`` or ``Authorization: Token <yourtoken>``
header.
----
TODO:
[ ] Document ``token_verifier`` and implement examples of using of
[ ] Implement "protect all" behaviour
Raw data
{
"_id": null,
"home_page": "https://github.com/saabeilin/sanic-token-auth",
"name": "sanic-token-auth",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "sanic,authentication",
"author": "Sergei Beilin",
"author_email": "saabeilin@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/7e/a2/565fe111db696a982ea31fe6d4cdc9976b94d5d633d4fc2402e26e7390fe/sanic_token_auth-0.2.0.tar.gz",
"platform": null,
"description": "\nGotta get your API protected!\n=============================\n\nToken-based authentication is the most common way of protecting your APIs from unwanted folk.\n\nSometimes you need to do things *fast* (you know, get it to prod *yesterday*\\ ) \nand you do not really have time to implement a proper authentication layer.\n\nOkay, are you fine with a temporary solution? There's nothing more permanent than temporary, right.\n\nIf you can:\n\n\n* \n provide a simple async token verifier (say, checking it in memcached or Redis)\n\n or\n\n* \n hard-code a token in your app prototype,\n\n and also\n\n* \n sent the token in a request header\n\n* \n then we are ready to go.\n\nUsage example\n-------------\n\n.. code-block:: python\n\n from sanic import Sanic\n from sanic.response import text\n\n from sanic_token_auth import SanicTokenAuth\n\n app = Sanic()\n auth = SanicTokenAuth(app, secret_key='utee3Quaaxohh1Oo', header='X-My-App-Auth-Token')\n\n\n @app.route(\"/\")\n async def index(request):\n return text(\"Go to /protected\")\n\n\n @app.route(\"/protected\")\n @auth.auth_required\n async def protected(request):\n return text(\"Welcome!\")\n\n\n if __name__ == \"__main__\":\n app.run(host=\"0.0.0.0\", port=8000, debug=True)\n\nAnd let's try it:\n\n.. code-block:: bash\n\n $ curl http://localhost:8000/protected -H \"X-My-App-Auth-Token: utee3Quaaxohh1Oo\"\n\n Welcome!\n\nIf you omit the ``header`` argument, you can instead send a token in either \n``Authorization: Bearer <yourtoken>`` or ``Authorization: Token <yourtoken>`` \nheader.\n\n----\n\nTODO:\n\n [ ] Document ``token_verifier`` and implement examples of using of \n\n [ ] Implement \"protect all\" behaviour\n",
"bugtrack_url": null,
"license": "MIT license",
"summary": "A simple token-based auth plugin for Sanic",
"version": "0.2.0",
"project_urls": {
"Homepage": "https://github.com/saabeilin/sanic-token-auth"
},
"split_keywords": [
"sanic",
"authentication"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "72f97e4a936699e3d43f9c5a64fbc5de72a110c6787fcc0e75cf6477ae5d0f55",
"md5": "26295ea8d147e01eaf44536ff440e159",
"sha256": "12058acf7e6bda20fd76d444442f5c7580f31bd47fe2cdf77738e43633c582c5"
},
"downloads": -1,
"filename": "sanic_token_auth-0.2.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "26295ea8d147e01eaf44536ff440e159",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 3437,
"upload_time": "2023-08-30T20:43:32",
"upload_time_iso_8601": "2023-08-30T20:43:32.025893Z",
"url": "https://files.pythonhosted.org/packages/72/f9/7e4a936699e3d43f9c5a64fbc5de72a110c6787fcc0e75cf6477ae5d0f55/sanic_token_auth-0.2.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7ea2565fe111db696a982ea31fe6d4cdc9976b94d5d633d4fc2402e26e7390fe",
"md5": "ea1ac2d94b52183f1ec561adb800ce95",
"sha256": "87f9cd1a05f242a2664b4137e18fe868efb846228af1c76516dec279c1e96e76"
},
"downloads": -1,
"filename": "sanic_token_auth-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "ea1ac2d94b52183f1ec561adb800ce95",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 3739,
"upload_time": "2023-08-30T20:43:33",
"upload_time_iso_8601": "2023-08-30T20:43:33.318212Z",
"url": "https://files.pythonhosted.org/packages/7e/a2/565fe111db696a982ea31fe6d4cdc9976b94d5d633d4fc2402e26e7390fe/sanic_token_auth-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-30 20:43:33",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "saabeilin",
"github_project": "sanic-token-auth",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "sanic-token-auth"
}
JSON
