neocrym-forks / amy-rose Goto Github PK

A powerful, simple, and async authentication and authorization library for Sanic.
View Demo · Report Bug · Request Feature

• About the Project
  • Built With
• Getting Started
  • Prerequisites
  • Installation
• Usage
  • Initial Setup
  • Authentication
  • Authorization
  • Error Handling
• Roadmap
• Contributing
• License
• Contact
• Acknowledgements

Amy Rose is an authentication and authorization library made easy. Specifically designed for use with Sanic. Amy Rose comes packed with features not found in most open source security libraries such as

• SMS verification
• JWT
• Out of the box database integration
• Wildcard permissions
• Role permissions

Amy Rose contains all of your basic security needs.

• Tortoise
• Sanic
• Twilio

In order to get started, please install pip.

• pip

sudo apt-get install python3-pip

• Clone the repo

git clone https://github.com/sunset-developer/Amy-Rose

• Install pip packages

pip3 install amyrose

Once Amy Rose is all setup and good to go, implementing is easy as pie.

First you have to create a configuration file called rose.ini. Below is an example of it's contents:

[ROSE]
secret=05jF8cSMAdjlXcXeS2ZJ

[TORTOISE]
username=admin
password=8KjLQtVKTCtItAi
endpoint=amyrose.cbwyreqgyzf6b.us-west-1.rds.amazonaws.com
schema=amyrose
models=['amyrose.core.models']
generate=true

[TWILIO]
from=+12058469963
token=1bcioi878ygO8fi766Fb34750e82a5ab
sid=AC6156Jg67OOYe75c26dgtoTICifIe51cbf

If you're initializing Tortoise yourself you do not have to configure it here.

If you're not using Twilio as your verification method, you do not have to configure it here.

Once you've configured Amy Rose, you can initialize Sanic with the example below:

if __name__ == '__main__':
    app.add_task(tortoise_init())
    app.run(host='0.0.0.0', port=8000, debug=True)

All request bodies should be sent as form-data

• Registration

@app.post('/register')
async def on_register(request):
    account, verification_session = await register(request)
    await text_verification_code(account.phone, verification_session.code)
    response = text('Registration successful')
    verification_session.encode(response)
    return response

• Verification

@app.post('/verify')
async def on_verify(request):
    account, verification_session = await verify_account(request)
    return text('Verification successful')

• Login

@app.post('/login')
async def on_login(request):
    account, authentication_session = await login(request)
    response = text('Login successful')
    authentication_session.encode(response)
    return response

• Logout

@app.post('/logout')
async def on_logout(request):
    account, authentication_session = await logout(request)
    response = text('Logout successful')
    return response

• Requires Authentication

@app.get("/get")
@requires_authentication()
async def get_user_info(request):
    return text('Sensitive user information')

Examples of wildcard permissions are:

admin:add,update,delete
admin:add
admin:*
employee:add,delete
employee:delete
employee:*

A library called Apache Shiro explains this concept incredibly well. I absolutely recommend this library for Java developers.

• Requires Permission

@app.get('/update')
@requires_permission('admin:update')
async def on_test_perm(request):
    return text('Admin has manipulated very sensitive data') 

• Requires Role

@app.get('/get')
@requires_role('Admin')
async def on_test_role(request):
    return text('Admin has retrieved very sensitive data')

@app.exception(RoseError)
async def on_rose_error_test(request, exception: ServerError):
    payload = {
        'error': str(exception),
        'code': exception.status_code
    }
    return json(payload, status=exception.status_code)

Keep up with Amy Rose's Trello board for a list of proposed features, known issues, and in progress development.

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

Distributed under the GNU General Public License v3.0. See LICENSE for more information.

Aidan Stewart - [email protected]

Project Link: https://github.com/sunset-developer/Amy-Rose

• Be the first! Submit a pull request.