Add authentication via UniAuth

2024-01-21 15:55:31 +00:00 · 2024-01-21 15:55:31 +00:00 · 2b89ff7ff9
commit 2b89ff7ff9
parent 6d65f5045e
2 changed files with 32 additions and 0 deletions
--- a/agenda/auth.py
+++ b/agenda/auth.py
@ -0,0 +1,29 @@
+"""Authentication via UniAuth."""
+
+import flask
+import werkzeug
+from itsdangerous.url_safe import URLSafeTimedSerializer
+
+max_age = 60 * 60 * 24 * 90
+
+
+def verify_auth_token(token: str) -> str | None:
+    """Verify the authentication token."""
+    serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
+    try:
+        username = serializer.loads(token, salt="auth", max_age=max_age)
+    except Exception:
+        return None
+
+    assert isinstance(username, str)
+    return username
+
+
+def require_authentication() -> werkzeug.Response | None:
+    """Require authentication."""
+    token = flask.request.cookies.get("auth_token")
+    return (
+        None
+        if token and verify_auth_token(token)
+        else flask.redirect(flask.current_app.config["UNIAUTH_LOGIN_URL"])
+    )