Work on API keys and tokens clean up

app/lib_general.py

@@ -68,7 +68,7 @@ def sign_jwt(
         person_id: str = None,
         user_id: str = None,
         ) -> Dict[str, str]:
-    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())
 
     payload = {
@@ -94,7 +94,7 @@ def decode_jwt(
         secret_key: str,
         token: str,
         ) -> dict:
-    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())
 
     secret = secret_key

app/routers/api.py

@@ -17,6 +17,7 @@ from app.models.response_models import Resp_Body_Base, mk_resp
 router = APIRouter()
 
 
+# ### BEGIN ### API API ### request_jwt() ###
 # Generate JWT using associated API private key
 # Verify JWT using the API public key's associated API private key
 # API server or trusted app can generate JWTs
@@ -30,6 +31,7 @@ router = APIRouter()
 # * person_id
 # * user_id
 # API server verifies JWTs
+# Updated 2021-07-14
 @router.get('/request_jwt', response_model=Resp_Body_Base)
 async def request_jwt(
         x_aether_api_secret_key: Optional[str] = Header(None, min_length=22, max_length=22), # If passed then can also set TTL
@@ -50,6 +52,9 @@ async def request_jwt(
     if x_aether_api_secret_key or x_aether_api_token: pass
     else: return mk_resp(data=False, status_code=400) # Bad Request
 
+    if not x_aether_api_secret_key: max_ttl = 300 # Override any max_ttl if no API secret
+    if not x_aether_api_secret_key: max_renew = 5 # Override any max_rewnew if no API secret
+
     api_secret_key = x_aether_api_secret_key
 
     if x_aether_api_secret_key:
@@ -63,26 +68,6 @@ async def request_jwt(
         else:
             log.warning('No results when looking up the API secret key')
             return mk_resp(data=False, status_code=401) # Unauthorized
-
-        # if api_key_rec_select_result.get('enable', None):
-        #     api_key_rec = api_key_rec_select_result
-        # else:
-        #     log.warning('API secret key not enabled')
-        #     return mk_resp(data=False, status_code=401) # Unauthorized
-
-        # current_datetime = datetime.datetime.utcnow() # datetime.datetime.now() Gets server local datetime
-        # if api_key_rec.get('enable_from', None) <= current_datetime and api_key_rec.get('enable_to', None) >= current_datetime:
-        #     pass
-        # else:
-        #     log.warning('API secret key expired')
-        #     return mk_resp(data=False, status_code=401) # Unauthorized
-
-        # if api_public_key := api_key_rec.get('public_key', None): pass
-        # else:
-        #     log.warning('Public key was not found with the API secret key that was looked up')
-        #     return mk_resp(data=False, status_code=400) # Bad Request
-
-        # max_ttl = 3600
     elif x_aether_api_public_key and x_aether_api_token:
         table_name_select = 'api_key'
         field_name = 'public_key'
@@ -125,7 +110,6 @@ async def request_jwt(
                 message = 'The JWT sent is out of allowed renewals. Try again with a current JWT or just the API secret key.'
                 log.warning(message)
                 return mk_resp(data=False, status_code=401, status_message=message) # Unauthorized
-            max_ttl = 300
             max_renew = current_token.get('max_renew', 0) - 1
             if not account_id: account_id = current_token.get('account_id', None)
             if not person_id: person_id = current_token.get('person_id', None)
@@ -135,32 +119,6 @@ async def request_jwt(
             log.warning(message)
             return mk_resp(data=False, status_code=401, status_message=message) # Unauthorized
 
-    # api_key_rec = api_key_rec_select_result
-    # api_secret_key = x_aether_api_secret_key
-
-    # if api_key_rec_select_result.get('enable', None):
-    #     api_key_rec = api_key_rec_select_result
-    # else:
-    #     log.warning('API secret key not enabled')
-    #     return mk_resp(data=False, status_code=401) # Unauthorized
-
-    # if x_aether_api_token:
-    #     if current_token := decode_jwt(secret_key=api_secret_key, token=x_aether_api_token):
-    #         if current_token.get('count', 0) > 0: pass
-    #         else:
-    #             message = 'The JWT sent is out of allowed renewals. Try again with a current JWT or just the API secret key.'
-    #             log.warning(message)
-    #             return mk_resp(data=False, status_code=401, status_message=message) # Unauthorized
-    #         max_ttl = 300
-    #         max_renew = current_token.get('max_renew', 0) - 1
-    #         if not account_id: account_id = current_token.get('account_id', None)
-    #         if not person_id: person_id = current_token.get('person_id', None)
-    #         if not user_id: user_id = current_token.get('user_id', None)
-    #     else:
-    #         message = 'The JWT sent is either expired or otherwise invalid. Try again with a current JWT or just the API secret key.'
-    #         log.warning(message)
-    #         return mk_resp(data=False, status_code=401, status_message=message) # Unauthorized
-
     payload = {}
     payload['account_id'] = account_id
     payload['person_id'] = person_id
@@ -170,6 +128,7 @@ async def request_jwt(
     response_data = { 'api_access_jwt': token }
 
     return mk_resp(data=response_data)
+# ### END ### API API ### request_jwt() ###
 
 
 @router.get('/temp_token', response_model=Resp_Body_Base)