-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add auth-token for batch operations #356
Conversation
app/utils/check_utils.py
Outdated
except AuthorizationError: | ||
auth_error(request, issuer_address, "issuer does not exist") | ||
raise AuthorizationError("issuer does not exist, or password mismatch") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better to use raise Exception from None
or raise Exception from e
when re-raise Exception
because this may generate log like following.
The above exception was the direct cause of the following exception:
Alternatively, it may be better to leave error raising to each function.
(Might add more arguments for log output needed in case of authentication failure)
if auth_token is not None: | ||
# If a valid auth token already exists, return an error. | ||
if auth_token.valid_duration == 0: | ||
raise AuthTokenAlreadyExistsError() | ||
else: | ||
expiration_datetime = auth_token.usage_start + timedelta(seconds=auth_token.valid_duration) | ||
if datetime.utcnow() <= expiration_datetime: | ||
raise AuthTokenAlreadyExistsError() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AuthToken Status | => | Action |
---|---|---|
Not exist | => | Create |
Exist and not expired | => | Error |
Exist and expired | => | Renew |
LGTM
Close
close #354
Changes
New Table
auth_token
New API
POST: /accounts/{issuer_address}/auth_token
DELETE: /accounts/{issuer_address}/auth_token
Behavior Changed API
Authorization using auth-token is available for the following APIs, in addition to authorization using eoa-password.
POST: /bond/tokens
POST: /bond/tokens/{token_address}
POST: /bond/tokens/{token_address}/additional_issue
POST: /bond/tokens/{token_address}/redeem
POST: /bond/tokens/{token_address}/personal_info
POST: /bond/tokens/{token_address}/personal_info/batch
POST: /bond/tokens/{token_address}/holders/{account_address}/personal_info
POST: /bond/transfers
POST: /bond/bulk_transfer
POST: /bond/transfer_approvals/{token_address}/{id}
POST: /share/tokens
POST: /share/tokens/{token_address}
POST: /share/tokens/{token_address}/additional_issue
POST: /share/tokens/{token_address}/redeem
POST: /share/tokens/{token_address}/personal_info
POST: /share/tokens/{token_address}/personal_info/batch
POST: /share/tokens/{token_address}/holders/{account_address}/personal_info
POST: /share/transfers
POST: /share/bulk_transfer
POST: /share/transfer_approvals/{token_address}/{id}