Added flask-jwt-extended sample code

Author: CristianoYL

.gitignore

@@ -3,3 +3,4 @@
 __pycache__/
 *.db
 .DS_Store
+venv/

sections_flask-jwt-extended/README.md

@@ -0,0 +1,47 @@
+# Flask-jwt-extended Section
+
+This section presents the basic usage of an active flask JWT extension called `flask-jwt-extended`. We inherited and simplified the project structure from section 6 to demonstrate how to apply `flask-jwt-extended` to our project. 
+
+## Features
+ - JWT authentication
+ - Token refreshing
+ - Fresh token vs. Non-fresh token
+ - Adding claims to JWT payload
+ - Blacklist and token revoking
+ - Customize JWT response/error message callbacks
+ 
+## Related Resources
+
+### UserLogin
+- `POST: /login`
+    - Description: authenticate a user and ,if authenticated, respond with an access token and a refresh token.
+
+### UserFreshLogin
+- `POST: /fresh_login`
+    - Description: authenticate a user and ,if authenticated, respond with a fresh access token.    
+
+### Item
+
+- `GET: /item/<name>`
+    - Description: require a valid JWT to access this endpoint.
+    - Request header: `Authorization Bearer <access_token>`
+- `POST: /item/<name>`
+    - Description: require a valid and fresh JWT to access this endpoint.
+    - Request header: `Authorization Bearer <fresh_access_token>`
+    
+### ItemList
+
+- `GET: /items`
+    - Description: require a valid JWT and appropriate user privilege to access this endpoint. The user privilege is provided as claims within the JWT payload. 
+    - Request header: `Authorization Bearer <access_token>`
+    
+### TokenRefresh
+
+- `POST: /refresh`
+    - Description: This endpoint is used to refresh an expired access token. If the refresh token is valid, respond with a new valid access token. 
+    - Request header: `Authorization Bearer <refresh_token>`
+        
+
+
+
+

sections_flask-jwt-extended/app.py

@@ -0,0 +1,108 @@
+from flask import Flask, jsonify
+from flask_restful import Api
+from flask_jwt_extended import JWTManager
+
+from resources.refresh_token import TokenRefresh
+from resources.user import UserRegister, UserLogin, UserFreshLogin
+from resources.item import Item, ItemList
+from resources.store import Store, StoreList
+
+app = Flask(__name__)
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///data.db'
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+api = Api(app)
+"""
+JWT related configurations began. The following functions includes:
+1) add claims to each jwt
+2) customize the token expired error message 
+"""
+app.config['JWT_SECRET_KEY'] = 'super-secret'
+app.config['JWT_BLACKLIST_ENABLED'] = True  # enable blacklist feature
+app.config['JWT_BLACKLIST_TOKEN_CHECKS'] = ['access', 'refresh']  # allow blacklisting for access and refresh tokens
+jwt = JWTManager(app)
+
+"""
+claims are data we choose to attached to each jwt payload
+and for each jwt protected endpoint, we can retrieve these claims via `get_jwt_claims()`
+one possible use case for claims are access level control, which is shown below
+"""
+
+
+@jwt.user_claims_loader
+def add_claims_to_jwt(identity):
+    if identity == 1:
+        return {'isAdmin': True}
+    return {'isAdmin': False}
+
+
+
+black_list = [2, 4, 6]  # user.id that are black listed
+
+
+# this method will check if a token is blacklisted, and will be called automatically when blacklist is enabled
+@jwt.token_in_blacklist_loader
+def check_if_token_in_blacklist(decrypted_token):
+    return decrypted_token['identity'] in black_list
+
+
+# the following callbacks are used for customizing jwt response/error messages
+@jwt.expired_token_loader
+def expired_token_callback():
+    return jsonify({
+        'message': 'The token has expired.',
+        'error': 'token_expired'
+    }), 401
+
+
+@jwt.invalid_token_loader
+def invalid_token_callback(error):
+    return jsonify({
+        'message': 'Signature verification failed.',
+        'error': 'invalid_token'
+    }), 401
+
+
+@jwt.unauthorized_loader
+def missing_token_callback(error):
+    return jsonify({
+        "description": "Request does not contain an access token.",
+        'error': 'authorization_required'
+    }), 401
+
+
+@jwt.needs_fresh_token_loader
+def token_not_fresh_callback():
+    return jsonify({
+        "description": "The token is not fresh.",
+        'error': 'fresh_token_required'
+    }), 401
+
+
+@jwt.revoked_token_loader
+def revoked_token_callback():
+    return jsonify({
+        "description": "The token has been revoked.",
+        'error': 'token_revoked'
+    }), 401
+
+# JWT configuration ends ###################################
+
+
+@app.before_first_request
+def create_tables():
+    db.create_all()
+
+api.add_resource(TokenRefresh, '/refresh')
+api.add_resource(Store, '/store/<string:name>')
+api.add_resource(StoreList, '/stores')
+api.add_resource(Item, '/item/<string:name>')
+api.add_resource(ItemList, '/items')
+api.add_resource(UserRegister, '/register')
+api.add_resource(UserLogin, '/login')
+api.add_resource(UserFreshLogin, '/fresh_login')
+
+if __name__ == '__main__':
+    from db import db
+
+    db.init_app(app)
+    app.run(port=5000, debug=True)

sections_flask-jwt-extended/db.py

@@ -0,0 +1,3 @@
+from flask_sqlalchemy import SQLAlchemy
+
+db = SQLAlchemy()

sections_flask-jwt-extended/models/__init__.py

@@ -0,0 +1 @@
+

sections_flask-jwt-extended/models/item.py

@@ -0,0 +1,31 @@
+from db import db
+
+class ItemModel(db.Model):
+    __tablename__ = 'items'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80))
+    price = db.Column(db.Float(precision=2))
+
+    store_id = db.Column(db.Integer, db.ForeignKey('stores.id'))
+    store = db.relationship('StoreModel')
+
+    def __init__(self, name, price, store_id):
+        self.name = name
+        self.price = price
+        self.store_id = store_id
+
+    def json(self):
+        return {'name': self.name, 'price': self.price}
+
+    @classmethod
+    def find_by_name(cls, name):
+        return cls.query.filter_by(name=name).first()
+
+    def save_to_db(self):
+        db.session.add(self)
+        db.session.commit()
+
+    def delete_from_db(self):
+        db.session.delete(self)
+        db.session.commit()

sections_flask-jwt-extended/models/store.py

@@ -0,0 +1,27 @@
+from db import db
+
+class StoreModel(db.Model):
+    __tablename__ = 'stores'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80))
+
+    items = db.relationship('ItemModel', lazy='dynamic')
+
+    def __init__(self, name):
+        self.name = name
+
+    def json(self):
+        return {'name': self.name, 'items': [item.json() for item in self.items.all()]}
+
+    @classmethod
+    def find_by_name(cls, name):
+        return cls.query.filter_by(name=name).first()
+
+    def save_to_db(self):
+        db.session.add(self)
+        db.session.commit()
+
+    def delete_from_db(self):
+        db.session.delete(self)
+        db.session.commit()

sections_flask-jwt-extended/models/user.py

@@ -0,0 +1,24 @@
+from db import db
+
+class UserModel(db.Model):
+    __tablename__ = 'users'
+
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(80))
+    password = db.Column(db.String(80))
+
+    def __init__(self, username, password):
+        self.username = username
+        self.password = password
+
+    def save_to_db(self):
+        db.session.add(self)
+        db.session.commit()
+
+    @classmethod
+    def find_by_username(cls, username):
+        return cls.query.filter_by(username=username).first()
+
+    @classmethod
+    def find_by_id(cls, _id):
+        return cls.query.filter_by(id=_id).first()

sections_flask-jwt-extended/requirement.txt

@@ -0,0 +1 @@
+