An open API service indexing awesome lists of open source software.

https://github.com/jakkso/flask_blacklist

Flask extension to help check blacklisted tokens quickly
https://github.com/jakkso/flask_blacklist

flask flask-praetorian flask-sqlalchemy

Last synced: 6 months ago
JSON representation

Flask extension to help check blacklisted tokens quickly

Awesome Lists containing this project

README

          

## 🔥Flask_Blacklist🔥
[![Build Status](https://travis-ci.com/jakkso/flask_blacklist.svg?branch=master)](https://travis-ci.com/jakkso/flask_blacklist)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/ambv/black)
### What
It's a Flask extension designed to work with `flask_sqlalchemy` and `flask_pratorian` to blacklist tokens!

It stores blacklisted JWT's jti value in an in-memory store, allowing blacklist checks without
database calls. However, when a token is blacklisted, it is also persisted to the database.

### Why

* Emulate a redis store without actually using redis! 👍
* This is almost certainly slower than redis (It's python, after all).
* Why not, it's an excuse to get to know flask and associated libraries a little bit better. 👍

### How
You *are* using a [virtualenv](https://virtualenv.pypa.io/en/latest/), right?

`pip install flask-blacklist`

Then in your app factory function, initialize `Blacklist` *after* you've initialized your ORM.

# In global scope
from flask_blacklist import Blacklist, is_blacklisted
db = SQLAlchemy()
guard = Praetorian()
bl = Blacklist()

# In the app factory function
app = Flask(__name__)
db.init_app(app)

from app.models import Token, User
bl.init_app(app, Token) # Initialize after your ORM

# is_blacklisted is a helper function that Praetorian uses to determine if a token has been blacklisted
guard.init_app(app, User, is_blacklisted)

The Token database model needs to have two different class methods:

* `Token.blacklist_jti`
* Takes a single parameter, which is the `jti` string extracted from a JWT
* This method calll persist the blacklisted `jti` string to your database.
* `Token.get_blacklisted`
* Should return a list of already blacklisted tokens from the database
* The tokens returns should have a `jti` attribute containing string extracted from the token you want to blacklist

Then, in the route that needs to invalidate the token:

@auth_blueprint.route("/v1/auth/token", methods=["DELETE"])
@auth_required
def invalidate_token():
token = guard.read_token_from_header()
jti = guard.extract_jwt_token(token)["jti"]
bl.blacklist_jti(jti)
rv, code = {"success": True, "message": "token invalidated"}, 200
return jsonify(rv), code


Copyright 2019 Alexander Potts, MIT license.