From 82c689984a9b687fd1a6de464e8fdf85e334cbf5 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 16 Apr 2017 12:25:24 +0300
Subject: Use get_scopes in backend

---
 distix-backend | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/distix-backend b/distix-backend
index 8259c30..e4ee380 100755
--- a/distix-backend
+++ b/distix-backend
@@ -7,6 +7,24 @@ import sys
 
 import bottle
 
+import distixapi
+
+
+
+users = {
+    'users': {
+        'fooser': {
+            'salt': 'nacl',
+            'password': distixapi.encrypt_password('nacl', 'password'),
+            'scopes': ['get', 'put'],
+        },
+        'no': {
+            'salt': 'nacl',
+            'password': distixapi.encrypt_password('nacl', 'password'),
+            'scopes': [],
+        },
+    },
+}
 
 
 class AuthenticationPlugin(object):
@@ -14,8 +32,15 @@ class AuthenticationPlugin(object):
     name = 'AuthenticationPlugin'
 
     def apply(self, callback, route):
-        log('AuthenticationPlugin called on {}'.format(route['rule']))
-        return callback
+        def authorize(*args, **kwargs):
+            try:
+                scopes = distixapi.get_scopes(users, bottle.request)
+            except distixapi.AuthenticationError:
+                return bottle.abort(401, 'Unauthorized')
+            if route['method'].lower() not in scopes:
+                return bottle.abort(401, 'Unauthorized')
+            return callback(*args, **kwargs)
+        return authorize
 
 
 @bottle.route('/')
-- 
cgit v1.2.1