core/auth/authenticate.py

from functools import wraps
from typing import Optional, Tuple

from graphql.type import GraphQLResolveInfo
from sqlalchemy.orm import joinedload, exc
from starlette.authentication import AuthenticationBackend
from starlette.requests import HTTPConnection

from auth.credentials import AuthCredentials, AuthUser
from base.orm import local_session
from orm.user import User, Role

from settings import SESSION_TOKEN_HEADER
from auth.tokenstorage import SessionToken
from base.exceptions import InvalidToken, OperationNotAllowed


class JWTAuthenticate(AuthenticationBackend):
    async def authenticate(
        self, request: HTTPConnection
    ) -> Optional[Tuple[AuthCredentials, AuthUser]]:

        if SESSION_TOKEN_HEADER not in request.headers:
            return AuthCredentials(scopes=[]), AuthUser(user_id=None)

        token = request.headers.get(SESSION_TOKEN_HEADER)
        if not token:
            print("[auth.authenticate] no token in header %s" % SESSION_TOKEN_HEADER)
            return AuthCredentials(scopes=[], error_message=str("no token")), AuthUser(
                user_id=None
            )

        try:
            if len(token.split('.')) > 1:
                payload = await SessionToken.verify(token)
                if payload is None:
                    return AuthCredentials(scopes=[]), AuthUser(user_id=None)
                user = None
                with local_session() as session:
                    try:
                        user = (
                            session.query(User).options(
                                joinedload(User.roles).options(joinedload(Role.permissions)),
                                joinedload(User.ratings)
                            ).filter(
                                User.id == payload.user_id
                            ).one()
                        )
                    except exc.NoResultFound:
                        user = None

                if not user:
                    return AuthCredentials(scopes=[]), AuthUser(user_id=None)

                scopes = {}  # await user.get_permission()

                return (
                    AuthCredentials(
                        user_id=payload.user_id,
                        scopes=scopes,
                        logged_in=True
                    ),
                    AuthUser(user_id=user.id),
                )
            else:
                InvalidToken("please try again")
        except Exception as e:
            print("[auth.authenticate] session token verify error")
            print(e)
            return AuthCredentials(scopes=[], error_message=str(e)), AuthUser(user_id=None)


def login_required(func):
    @wraps(func)
    async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
        # print('[auth.authenticate] login required for %r with info %r' % (func, info))  # debug only
        auth: AuthCredentials = info.context["request"].auth
        # print(auth)
        if not auth or not auth.logged_in:
            # raise Unauthorized(auth.error_message or "Please login")
            return {
                "error": "Please login first"
            }
        return await func(parent, info, *args, **kwargs)

    return wrap


def permission_required(resource, operation, func):
    @wraps(func)
    async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
        print('[auth.authenticate] permission_required for %r with info %r' % (func, info))  # debug only
        auth: AuthCredentials = info.context["request"].auth
        if not auth.logged_in:
            raise OperationNotAllowed(auth.error_message or "Please login")

        # TODO: add actual check permission logix here

        return await func(parent, info, *args, **kwargs)

    return wrap
lintfix 2022-09-14 04:42:31 +00:00			`from functools import wraps`
			`from typing import Optional, Tuple`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
			`from graphql.type import GraphQLResolveInfo`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`from sqlalchemy.orm import joinedload, exc`
lintfix 2022-09-14 04:42:31 +00:00			`from starlette.authentication import AuthenticationBackend`
			`from starlette.requests import HTTPConnection`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
lintfix 2022-09-14 04:42:31 +00:00			`from auth.credentials import AuthCredentials, AuthUser`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`from base.orm import local_session`
fixes 2022-12-01 13:24:05 +00:00			`from orm.user import User, Role`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00
auth and minor fixes 2022-11-22 03:11:26 +00:00			`from settings import SESSION_TOKEN_HEADER`
refresh-token 2022-11-24 14:31:52 +00:00			`from auth.tokenstorage import SessionToken`
less exceptions raise 2023-01-10 08:15:28 +00:00			`from base.exceptions import InvalidToken, OperationNotAllowed`
lintfix 2022-09-14 04:42:31 +00:00

			`class JWTAuthenticate(AuthenticationBackend):`
			`async def authenticate(`
			`self, request: HTTPConnection`
			`) -> Optional[Tuple[AuthCredentials, AuthUser]]:`
auth and minor fixes 2022-11-22 03:11:26 +00:00
			`if SESSION_TOKEN_HEADER not in request.headers:`
lintfix 2022-09-14 04:42:31 +00:00			`return AuthCredentials(scopes=[]), AuthUser(user_id=None)`

refresh-token 2022-11-24 14:31:52 +00:00			`token = request.headers.get(SESSION_TOKEN_HEADER)`
			`if not token:`
			`print("[auth.authenticate] no token in header %s" % SESSION_TOKEN_HEADER)`
			`return AuthCredentials(scopes=[], error_message=str("no token")), AuthUser(`
			`user_id=None`
			`)`
auth and minor fixes 2022-11-22 03:11:26 +00:00
lintfix 2022-09-14 04:42:31 +00:00			`try:`
refresh-token 2022-11-24 14:31:52 +00:00			`if len(token.split('.')) > 1:`
			`payload = await SessionToken.verify(token)`
fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`if payload is None:`
			`return AuthCredentials(scopes=[]), AuthUser(user_id=None)`
fix-auth 2022-12-02 08:47:55 +00:00			`user = None`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`with local_session() as session:`
			`try:`
			`user = (`
			`session.query(User).options(`
fixes 2022-12-01 13:24:05 +00:00			`joinedload(User.roles).options(joinedload(Role.permissions)),`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`joinedload(User.ratings)`
			`).filter(`
fixes 2022-12-01 13:24:05 +00:00			`User.id == payload.user_id`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`).one()`
			`)`
			`except exc.NoResultFound:`
			`user = None`

fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`if not user:`
			`return AuthCredentials(scopes=[]), AuthUser(user_id=None)`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00
fix-auth 2022-12-02 08:47:55 +00:00			`scopes = {} # await user.get_permission()`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00
fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`return (`
			`AuthCredentials(`
			`user_id=payload.user_id,`
			`scopes=scopes,`
			`logged_in=True`
			`),`
fixes 2022-12-01 13:24:05 +00:00			`AuthUser(user_id=user.id),`
fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`)`
refresh-token 2022-11-24 14:31:52 +00:00			`else:`
			`InvalidToken("please try again")`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`except Exception as e:`
some-fixes-chats 2022-11-23 09:57:58 +00:00			`print("[auth.authenticate] session token verify error")`
UserStorege removed, RoleStorage removed 2022-11-28 22:58:23 +00:00			`print(e)`
			`return AuthCredentials(scopes=[], error_message=str(e)), AuthUser(user_id=None)`
lintfix 2022-09-14 04:42:31 +00:00

			`def login_required(func):`
			`@wraps(func)`
			`async def wrap(parent, info: GraphQLResolveInfo, args, *kwargs):`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`# print('[auth.authenticate] login required for %r with info %r' % (func, info)) # debug only`
lintfix 2022-09-14 04:42:31 +00:00			`auth: AuthCredentials = info.context["request"].auth`
fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`# print(auth)`
fix-no-auth 2022-11-28 14:15:54 +00:00			`if not auth or not auth.logged_in:`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise Unauthorized(auth.error_message or "Please login")`
			`return {`
			`"error": "Please login first"`
			`}`
lintfix 2022-09-14 04:42:31 +00:00			`return await func(parent, info, args, *kwargs)`

			`return wrap`
init 2022-11-24 08:27:01 +00:00

			`def permission_required(resource, operation, func):`
			`@wraps(func)`
			`async def wrap(parent, info: GraphQLResolveInfo, args, *kwargs):`
fix getSession, fix getAuthor 2022-11-24 15:19:58 +00:00			`print('[auth.authenticate] permission_required for %r with info %r' % (func, info)) # debug only`
init 2022-11-24 08:27:01 +00:00			`auth: AuthCredentials = info.context["request"].auth`
			`if not auth.logged_in:`
load fixed, auth wip 2022-12-01 08:12:48 +00:00			`raise OperationNotAllowed(auth.error_message or "Please login")`
init 2022-11-24 08:27:01 +00:00
fixes-for-inbox-auth-and-startup-faster 2022-11-25 22:35:42 +00:00			`# TODO: add actual check permission logix here`
init 2022-11-24 08:27:01 +00:00
			`return await func(parent, info, args, *kwargs)`

			`return wrap`