discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity
core/services/auth.py

138 lines
5.3 KiB
Python
Raw Normal View History

granian+precommit
2024-01-25 19:41:27 +00:00
from functools import wraps
precommit
2024-04-08 07:38:58 +00:00
depfix
2024-02-19 09:49:33 +00:00
import httpx
cache-fix
2024-01-23 18:59:46 +00:00
moved
2024-08-07 05:57:56 +00:00
from cache.cache import get_cached_author_by_user_id
imports sort
2024-08-09 06:37:06 +00:00
from resolvers.stat import get_with_stat
query-time-log
2024-02-19 08:10:12 +00:00
from settings import ADMIN_SECRET, AUTH_URL
imports sort
2024-08-09 06:37:06 +00:00
from utils.logger import root_logger as logger
from-topic-follower-fix
2024-01-13 08:49:12 +00:00
fmt
2024-02-21 07:27:16 +00:00
granian+precommit
2024-01-25 19:41:27 +00:00
async def request_data(gql, headers=None):
if headers is None:
fmt
2024-04-17 15:32:23 +00:00
headers = {"Content-Type": "application/json"}
0.2.19-fixes
2024-01-10 13:29:49 +00:00
try:
stat-aliased-select-fix-3
2024-06-12 09:48:09 +00:00
# logger.debug(f"{AUTH_URL} {gql} {headers}")
query-time-log
2024-02-19 08:10:12 +00:00
async with httpx.AsyncClient() as client:
response = await client.post(AUTH_URL, json=gql, headers=headers)
if response.status_code == 200:
data = response.json()
fmt
2024-04-17 15:32:23 +00:00
errors = data.get("errors")
query-time-log
2024-02-19 08:10:12 +00:00
if errors:
log-response
2024-06-06 08:24:26 +00:00
logger.error(f"{AUTH_URL} response: {data}")
query-time-log
2024-02-19 08:10:12 +00:00
else:
return data
load_shouts_unrated-fix
2024-06-06 08:13:54 +00:00
except Exception as _e:
auth-uncache
2024-01-23 19:12:22 +00:00
# Handling and logging exceptions during authentication check
auth-request-data-log
2024-04-22 09:48:57 +00:00
import traceback
separate-stat-query
2024-04-23 11:31:34 +00:00
load_shouts_unrated-fix
2024-06-06 08:13:54 +00:00
logger.error(f"request_data error: {traceback.format_exc()}")
auth-fix
2024-02-27 11:16:54 +00:00
return None
0.2.19-fixes
2024-01-10 13:29:49 +00:00
handle-exception
2024-02-19 12:51:09 +00:00
async def check_auth(req):
fmt
2024-04-17 15:32:23 +00:00
token = req.headers.get("Authorization")
user_id = ""
unauthorized-fix
2024-02-23 21:00:46 +00:00
user_roles = []
debug-auth
2024-02-20 15:20:57 +00:00
if token:
revert-auth-nocache
2024-02-23 11:53:14 +00:00
# Logging the authentication token
fmt
2024-04-17 15:32:23 +00:00
logger.debug(f"{token}")
query_name = "validate_jwt_token"
operation = "ValidateToken"
variables = {"params": {"token_type": "access_token", "token": token}}
revert-auth-nocache
2024-02-23 11:53:14 +00:00
gql = {
fmt
2024-04-17 15:32:23 +00:00
"query": f"query {operation}($params: ValidateJWTTokenInput!) {{"
+ f"{query_name}(params: $params) {{ is_valid claims }} "
+ "}",
"variables": variables,
"operationName": operation,
revert-auth-nocache
2024-02-23 11:53:14 +00:00
}
data = await request_data(gql)
if data:
error-handle-create-shout-2
2024-02-26 09:52:22 +00:00
logger.debug(data)
fmt
2024-04-17 15:32:23 +00:00
user_data = data.get("data", {}).get(query_name, {}).get("claims", {})
user_id = user_data.get("sub", "")
user_roles = user_data.get("allowed_roles", [])
notuple
2024-02-27 10:40:56 +00:00
return user_id, user_roles
auth-uncache
2024-01-23 19:12:22 +00:00
add-role-feature
2023-12-24 22:42:39 +00:00
0.2.19-fixes
2024-01-10 13:29:49 +00:00
async def add_user_role(user_id):
fmt
2024-04-17 15:32:23 +00:00
logger.info(f"add author role for user_id: {user_id}")
query_name = "_update_user"
operation = "UpdateUserRoles"
granian+precommit
2024-01-25 19:41:27 +00:00
headers = {
fmt
2024-04-17 15:32:23 +00:00
"Content-Type": "application/json",
"x-authorizer-admin-secret": ADMIN_SECRET,
granian+precommit
2024-01-25 19:41:27 +00:00
}
fmt
2024-04-17 15:32:23 +00:00
variables = {"params": {"roles": "author, reader", "id": user_id}}
add-role-feature
2023-12-24 22:42:39 +00:00
gql = {
fmt
2024-04-17 15:32:23 +00:00
"query": f"mutation {operation}($params: UpdateUserInput!) {{ {query_name}(params: $params) {{ id roles }} }}",
"variables": variables,
"operationName": operation,
add-role-feature
2023-12-24 22:42:39 +00:00
}
0.2.19-fixes
2024-01-10 13:29:49 +00:00
data = await request_data(gql, headers)
if data:
fmt
2024-04-17 15:32:23 +00:00
user_id = data.get("data", {}).get(query_name, {}).get("id")
0.2.19-fixes
2024-01-10 13:29:49 +00:00
return user_id
merged-isolated-core
2023-10-23 14:47:11 +00:00
granian+precommit
2024-01-25 19:41:27 +00:00
merged-isolated-core
2023-10-23 14:47:11 +00:00
def login_required(f):
cache-fix
2024-01-23 18:59:46 +00:00
@wraps(f)
merged-isolated-core
2023-10-23 14:47:11 +00:00
async def decorated_function(*args, **kwargs):
info = args[1]
fmt
2024-04-17 15:32:23 +00:00
req = info.context.get("request")
refactored-author-on-login-required
2024-04-19 15:22:07 +00:00
user_id, user_roles = await check_auth(req)
if user_id and user_roles:
logger.info(f" got {user_id} roles: {user_roles}")
info.context["user_id"] = user_id.strip()
info.context["roles"] = user_roles
postfixing-reimplemented-cache
2024-05-20 23:01:18 +00:00
author = await get_cached_author_by_user_id(user_id, get_with_stat)
auth-debug
2024-04-30 13:18:50 +00:00
if not author:
follow-fmr
2024-05-01 01:01:21 +00:00
logger.error(f"author profile not found for user {user_id}")
refactored-author-on-login-required
2024-04-19 15:22:07 +00:00
info.context["author"] = author
auth-fix
2024-02-27 11:16:54 +00:00
return await f(*args, **kwargs)
merged-isolated-core
2023-10-23 14:47:11 +00:00
return decorated_function
my_rate-stat
2024-11-12 14:56:20 +00:00
def login_accepted(f):
"""
Декоратор, который добавляет данные авторизации в контекст, если они доступны,
но не блокирует доступ для неавторизованных пользователей.
"""
@wraps(f)
async def decorated_function(*args, **kwargs):
info = args[1]
req = info.context.get("request")
no-my-rate
2024-11-18 08:31:19 +00:00
..
2024-11-14 11:00:33 +00:00
logger.debug("login_accepted: Проверка авторизации пользователя.")
my_rate-stat
2024-11-12 14:56:20 +00:00
user_id, user_roles = await check_auth(req)
..
2024-11-14 11:00:33 +00:00
logger.debug(f"login_accepted: user_id={user_id}, user_roles={user_roles}")
no-my-rate
2024-11-18 08:31:19 +00:00
my_rate-stat
2024-11-12 14:56:20 +00:00
if user_id and user_roles:
..
2024-11-14 11:00:33 +00:00
logger.info(f"login_accepted: Пользователь авторизован: {user_id} с ролями {user_roles}")
my_rate-stat
2024-11-12 14:56:20 +00:00
info.context["user_id"] = user_id.strip()
info.context["roles"] = user_roles
# Пробуем получить профиль автора
author = await get_cached_author_by_user_id(user_id, get_with_stat)
..
2024-11-14 11:00:33 +00:00
if author:
logger.debug(f"login_accepted: Найден профиль автора: {author}")
# Предполагается, что `author` является объектом с атрибутом `id`
info.context["author"] = author.dict()
else:
no-my-rate
2024-11-18 08:31:19 +00:00
logger.error(
f"login_accepted: Профиль автора не найден для пользователя {user_id}. Используем базовые данные."
) # Используем базовую информацию об автор
my_rate-stat
2024-11-12 14:56:20 +00:00
else:
..
2024-11-14 11:00:33 +00:00
logger.debug("login_accepted: Пользователь не авторизован. Очищаем контекст.")
my_rate-stat
2024-11-12 14:56:20 +00:00
info.context["user_id"] = None
info.context["roles"] = None
info.context["author"] = None
return await f(*args, **kwargs)
no-my-rate
2024-11-18 08:31:19 +00:00
my_rate-stat
2024-11-12 14:56:20 +00:00
return decorated_function
Copy Permalink