A powerful, simple, and async authentication and authorization library for Sanic.
View Demo
·
Report Bug
·
Request Feature
Amy Rose is an authentication and authorization library made easy. Specifically designed for use with Sanic. Amy Rose comes packed with features not found in most open source security libraries such as
- SMS verification
- JWT
- Out of the box database integration
- Wildcard permissions
- Role permissions
Amy Rose contains all of your basic security needs.
In order to get started, please install pip.
- pip
sudo apt-get install python3-pip
- Clone the repo
git clone https://github.com/sunset-developer/Amy-Rose
- Install pip packages
pip3 install amyrose
Once Amy Rose is all setup and good to go, implementing is easy as pie.
First you have to create a configuration file called rose.ini. Below is an example of it's contents:
[ROSE]
secret=05jF8cSMAdjlXcXeS2ZJ
[TORTOISE]
username=admin
password=8KjLQtVKTCtItAi
endpoint=amyrose.cbwyreqgyzf6b.us-west-1.rds.amazonaws.com
schema=amyrose
models=['amyrose.core.models']
generate=true
[TWILIO]
from=+12058469963
token=1bcioi878ygO8fi766Fb34750e82a5ab
sid=AC6156Jg67OOYe75c26dgtoTICifIe51cbf
If you're initializing Tortoise yourself you do not have to configure it here.
If you're not using Twilio as your verification method, you do not have to configure it here.
Once you've configured Amy Rose, you can initialize Sanic with the example below:
if __name__ == '__main__':
app.add_task(tortoise_init())
app.run(host='0.0.0.0', port=8000, debug=True)
All request bodies should be sent as form-data
- Registration
Key | Value |
---|---|
username | test |
[email protected] | |
phone | +19876854892 |
password | testpass |
@app.post('/register')
async def on_register(request):
account, verification_session = await register(request)
await text_verification_code(account.phone, verification_session.code)
response = text('Registration successful')
verification_session.encode(response)
return response
- Verification
Key | Value |
---|---|
code | GUmrRLD |
@app.post('/verify')
async def on_verify(request):
account, verification_session = await verify_account(request)
return text('Verification successful')
- Login
Key | Value |
---|---|
[email protected] | |
password | testpass |
@app.post('/login')
async def on_login(request):
account, authentication_session = await login(request)
response = text('Login successful')
authentication_session.encode(response)
return response
- Logout
@app.post('/logout')
async def on_logout(request):
account, authentication_session = await logout(request)
response = text('Logout successful')
return response
- Requires Authentication
@app.get("/get")
@requires_authentication()
async def get_user_info(request):
return text('Sensitive user information')
Examples of wildcard permissions are:
admin:add,update,delete
admin:add
admin:*
employee:add,delete
employee:delete
employee:*
A library called Apache Shiro explains this concept incredibly well. I absolutely recommend this library for Java developers.
- Requires Permission
@app.get('/update')
@requires_permission('admin:update')
async def on_test_perm(request):
return text('Admin has manipulated very sensitive data')
- Requires Role
@app.get('/get')
@requires_role('Admin')
async def on_test_role(request):
return text('Admin has retrieved very sensitive data')
@app.exception(RoseError)
async def on_rose_error_test(request, exception: ServerError):
payload = {
'error': str(exception),
'code': exception.status_code
}
return json(payload, status=exception.status_code)
Keep up with Amy Rose's Trello board for a list of proposed features, known issues, and in progress development.
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the GNU General Public License v3.0. See LICENSE
for more information.
Aidan Stewart - [email protected]
Project Link: https://github.com/sunset-developer/Amy-Rose