Accounting

Luna API supports a data separation by accounts. All resources (attributes, faces, lists, handlers, events, samples) must have an account mark (account id). The mark is id (uuid). User should set a special header Luna-Account-Id for all requests which changes state of these resources. If user does not set this header in corresponding request, an error with status code 403 will returned. The account header limitates all user actions (matching, removing, updating and other) to be done only with data having corresponding account id. For example: it is impossible to attach a face with one account id to a list with another account id.

Authorization

Account id is not an authorization. We assume that a question of authorization and security is resolved by organization that installs luna api.

Root user

We have a root account concept. It means that there are requests which do not require header Luna-Account-Id. These are all requests withmethods GET, HEAD, OPTIONS, match requests and getting events statistics requests.

Module .. attribute:: WHITE_METHODS

variable contains list of resources which allowed root

type:

Tuple

luna_api.app.auth.white_resources_list.WHITE_LIST

variable contains list of resources which allowed root user for requests with not in WHITE_METHODS

Type:

Tuple

Authorization middleware

async luna_api.app.auth.auth_middleware.authMiddleware(request)

Authorization middleware, check a request account id

Parameters:

request – request