nolwww
Reputation: 1715
Request validation based on header in Flask framework
I have several endpoints that I built with Flask. Some of the endpoints should approve requests only for some specific user ids.
Let's say I have:
- This endpoint: company//videos to GET all videos for this company.
- A header containing the user id of the user making the GET request.
- A mongo collection containing all user ids and the corresponding companies the said user can access.
What is the best way, with Flask, to check if the request can be approved given the corresponding header?
Edit: While there are some good Flask decorators to handle it when we use an ORM with an User table, like here: https://pypi.org/project/Flask-Authorize/ , in my case, I'm not using any ORM
Upvotes: 2
Views: 1002
Answers (1)
Kostas Livieratos
Reputation: 1067
If I were you, I'd build a custom decorator to control this kind of permissions.
The flow would look like this:
- intercept incoming request
- find out what's the request's user id
- send a query to your mongo (if not cached with ttl eg. 10sec) to retrieve the list of allowed user ids
- do your checks and allow or prohibit usage of endpoint
Let me know if that sounds realistic for your use-case, or if you have any questions.
Upvotes: 1
Related Questions
- How to add headers to flask test_request_context?
- How to generate authorization request header?
- How to get http headers in flask?
- How do I set response headers in Flask?
- Why authorization header not included in request ? - Auth0
- Flask Restplus check for required headers
- Route requests based on the Accept header in Flask
- Flask API - validate hash request
- Add response headers to flask web app
- Flask HTTPBasicAuth none token inside header