hswaw/lib: add flask_spaceauth
Change-Id: I3bb47bb65e739eaf27f54c07f03df18e79b398e0
diff --git a/hswaw/lib/flask_spaceauth/spaceauth/caps.py b/hswaw/lib/flask_spaceauth/spaceauth/caps.py
new file mode 100644
index 0000000..9545b9c
--- /dev/null
+++ b/hswaw/lib/flask_spaceauth/spaceauth/caps.py
@@ -0,0 +1,55 @@
+from flask import abort, session, current_app
+from flask_login import current_user
+from flask_login.signals import user_logged_out
+import requests
+import functools
+import time
+
+
+def cap_check(capability, user=None):
+ '''Checks if specified user (or current user) has desired capacifier
+ capability'''
+ if not user and not current_user.is_authenticated:
+ return False
+
+ user = user or current_user.get_id()
+
+ cache_key = '{}-{}'.format(user, capability)
+ cached_cap = session.get('_caps', {}).get(cache_key, (False, 0))
+
+ if cached_cap[1] > time.time():
+ return cached_cap[0]
+
+ allowed = requests.get(
+ 'https://capacifier.hackerspace.pl/%s/%s' % (capability, user)
+ ).status_code == 200
+
+ if '_caps' not in session:
+ session['_caps'] = {}
+
+ session['_caps'][cache_key] = \
+ (allowed, time.time() + current_app.config.get('CAP_TTL', 3600))
+
+ return allowed
+
+
+@user_logged_out.connect
+def caps_cleanup(app, user):
+ # Cleanup caps cache
+ session.pop('_caps', None)
+
+
+def cap_required(capability):
+ '''Decorator to check if user has desired capacifier capability, returns
+ 403 otherwise'''
+
+ def inner(func):
+ @functools.wraps(func)
+ def wrapped(*args, **kwargs):
+ if not cap_check(capability):
+ abort(403)
+
+ return func(*args, **kwargs)
+
+ return wrapped
+ return inner