flask_more_smorest.perms.models.abstract_token

Abstract Token model for API authentication.

Classes

AbstractToken(**kwargs)

Abstract Token model for API authentication.

class flask_more_smorest.perms.models.abstract_token.AbstractToken(**kwargs)[source]

Abstract Token model for API authentication.

This is an abstract base class - it does NOT create a database table. Subclasses must define concrete fields and table configuration.

Permission checks are delegated to the owning user by default (via UserOwnershipMixin). Override _can_read/_can_write/_can_create to customize.

Subclassing example:

from flask_more_smorest.perms import AbstractToken

class CustomToken(AbstractToken):
    __tablename__ = "token"

    token: Mapped[str] = mapped_column(db.String(1024), nullable=False)
    description: Mapped[str | None] = mapped_column(db.String(64), nullable=True)
    expires_at: Mapped[sa.DateTime | None] = mapped_column(sa.DateTime(), nullable=True)
    revoked: Mapped[bool] = mapped_column(db.Boolean(), nullable=False, default=False)
    revoked_at: Mapped[sa.DateTime | None] = mapped_column(sa.DateTime(), nullable=True)

    # Optional: custom fields
    last_used_at: Mapped[sa.DateTime | None] = mapped_column(sa.DateTime(), nullable=True)
    ip_address: Mapped[str | None] = mapped_column(db.String(45), nullable=True)

token: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

description: Mapped[str | None] = <sqlalchemy.orm.properties.MappedColumn object>

expires_at: Mapped[dt.datetime | None] = <sqlalchemy.orm.properties.MappedColumn object>

revoked: Mapped[bool] = <sqlalchemy.orm.properties.MappedColumn object>

revoked_at: Mapped[dt.datetime | None] = <sqlalchemy.orm.properties.MappedColumn object>