Role-based access control(RBAC)ΒΆ
Sanic-JWT-Extended supports RBAC.
all you have to do is just make 'RBAC_ENABLE'
option to 'True'
, give role
to jwt with 'role'
option in create_access_token()
.
and specify role to allow or deny when using jwt_required()
and fresh_jwt_required()
Warning
'deny'
and 'allow'
option can not be used together.
from sanic import Sanic
from sanic.response import json
from sanic.request import Request
from sanic_jwt_extended import (
JWTManager,
jwt_required,
create_access_token,
create_refresh_token,
)
import uuid
from sanic_jwt_extended.tokens import Token
app = Sanic(__name__)
# Setup the Sanic-JWT-Extended extension
app.config["JWT_SECRET_KEY"] = "super-secret" # Change this!
app.config["RBAC_ENABLE"] = True
JWTManager(app)
# Provide a method to create access tokens. The create_access_token()
# function is used to actually generate the token, and you can return
# it to the caller however you choose.
@app.route("/login", methods=["POST"])
async def login(request: Request):
username = request.json.get("username", None)
# Identity can be any data that is json serializable
access_token = await create_access_token(
identity=username, role="ADMIN", app=request.app
)
return json(dict(access_token=access_token), status=200)
# Protect a view with jwt_required, which requires a valid access token
# in the request to access.
@app.route("/protected", methods=["GET"])
@jwt_required(allow=["ADMIN"]) # default to whitelist mode
async def protected(request: Request, token: Token):
# Access the identity of the current user with get_jwt_identity
current_user = token.jwt_identity
return json(dict(logined_as=current_user))
if __name__ == "__main__":
app.run(port=9000)