An Omnivector initiative
This plugin for Armasec provides a means to verify that a user accessing a secured endpoint also has an active submission.
The plugin verifies an active subscription by calling an endpoint that checking that the
user embedded in the auth token is an active subscriber. To enable the plugin, you need
only install it in your project's environment and set the environment variable
ARMASEC_SUB_URL to point to an endpoint that checks the user's subscription status by
comparing the sub claim in the access token against a list of subscribed users. The
endpoint should return a 200 if the user should have access and a 404 if the
subscription could not be found.
That's it! Once installed and configured, every secure endpoint will check for a subscription.
- Install
armasec-subscriptions
pip install armasec-subscriptions- Set the
ARMSEC_SUB_URLenvironment variable:
export ARMSEC_SUB_URL=https://my-api.io/sub-checkThe Armasec Subscriptions plugin caches requests to the ARMASEC_SUB_URL for
performance reasons. The cache key is the auth token itself. By default, the requests
are cached for 15 minutes. A typical auth token's access lifespan is shorter than 15
minutes, so it's probable that the token would be expired and require a refresh before
it expires in the cache. The cache automatically removes entries that are older than
the configured "Time to live" (TTL). If you wish to change the TTL for the cache, you
may set the environment variable ARMASEC_SUB_CACHE_TTL. The expected values are
integers representing the number of seconds for which each entry should be retained.
The cache retains a maximum of ~1 million entries by default. If you wish to change the
maximum size of the cache, you may set the environment varaible ARMASEC_SUB_CACHE_MAX.
The expected values are integers representing the maximum number of entries the cache
should retain.
You may also configure the plugin to allow READ operations for all routes. To enable
this, set the ARMASEC_SUB_ALLOW_READS environment variable flag.
You may also configure the plugin to allow DELETE operations for all routes. To enable
this, set the ARMASEC_SUB_ALLOW_DELETES environment variable flag.
Distributed under the MIT License. See LICENSE for more information.