This commit is contained in:
@@ -819,16 +819,16 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
|
||||
token_data["client_secret"] = client.client_secret
|
||||
|
||||
async with httpx.AsyncClient() as http_client:
|
||||
response = await http_client.post(
|
||||
token_response = await http_client.post(
|
||||
token_endpoint, data=token_data, headers={"Accept": "application/json"}
|
||||
)
|
||||
|
||||
if response.status_code != 200:
|
||||
error_msg = f"Token request failed: {response.status_code} - {response.text}"
|
||||
if token_response.status_code != 200:
|
||||
error_msg = f"Token request failed: {token_response.status_code} - {token_response.text}"
|
||||
logger.error(f"❌ {error_msg}")
|
||||
raise ValueError(error_msg)
|
||||
|
||||
token = response.json()
|
||||
token = token_response.json()
|
||||
else:
|
||||
# Провайдеры с PKCE поддержкой
|
||||
code_verifier = oauth_data.get("code_verifier")
|
||||
@@ -865,16 +865,16 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
|
||||
token_data["client_secret"] = client.client_secret
|
||||
|
||||
async with httpx.AsyncClient() as http_client:
|
||||
response = await http_client.post(
|
||||
token_response = await http_client.post(
|
||||
token_endpoint, data=token_data, headers={"Accept": "application/json"}
|
||||
)
|
||||
|
||||
if response.status_code != 200:
|
||||
error_msg = f"Token request failed: {response.status_code} - {response.text}"
|
||||
if token_response.status_code != 200:
|
||||
error_msg = f"Token request failed: {token_response.status_code} - {token_response.text}"
|
||||
logger.error(f"❌ {error_msg}")
|
||||
raise ValueError(error_msg)
|
||||
|
||||
token = response.json()
|
||||
token = token_response.json()
|
||||
except Exception as e:
|
||||
logger.error(f"❌ Failed to fetch access token for {provider}: {e}", exc_info=True)
|
||||
logger.error(f"❌ Request URL: {request.url}")
|
||||
|
||||
@@ -27,11 +27,15 @@ from utils.logger import root_logger as logger
|
||||
def resolve_roles(obj: dict | Any, info: GraphQLResolveInfo) -> list[str]:
|
||||
"""Резолвер для поля roles автора"""
|
||||
try:
|
||||
# Если это ORM объект с методом get_roles
|
||||
if hasattr(obj, "get_roles"):
|
||||
return obj.get_roles()
|
||||
|
||||
# Если это словарь
|
||||
if isinstance(obj, dict):
|
||||
roles_data = obj.get("roles_data", {})
|
||||
roles_data = obj.get("roles_data")
|
||||
if roles_data is None:
|
||||
return []
|
||||
if isinstance(roles_data, list):
|
||||
return roles_data
|
||||
if isinstance(roles_data, dict):
|
||||
@@ -122,9 +126,12 @@ async def login(_: None, info: GraphQLResolveInfo, **kwargs: Any) -> dict[str, A
|
||||
domain=SESSION_COOKIE_DOMAIN,
|
||||
)
|
||||
|
||||
logger.info(
|
||||
f"✅ Admin login: httpOnly cookie установлен для пользователя {result.get('author', {}).get('id')}"
|
||||
author_id = (
|
||||
result.get("author", {}).get("id")
|
||||
if isinstance(result.get("author"), dict)
|
||||
else getattr(result.get("author"), "id", "unknown")
|
||||
)
|
||||
logger.info(f"✅ Admin login: httpOnly cookie установлен для пользователя {author_id}")
|
||||
|
||||
# Для админки НЕ возвращаем токен клиенту - он в httpOnly cookie
|
||||
result_without_token = result.copy()
|
||||
@@ -136,9 +143,12 @@ async def login(_: None, info: GraphQLResolveInfo, **kwargs: Any) -> dict[str, A
|
||||
|
||||
# Для основного сайта возвращаем токен как обычно (Bearer в localStorage)
|
||||
if not is_admin_request:
|
||||
logger.info(
|
||||
f"✅ Main site login: токен возвращен для localStorage пользователя {result.get('author', {}).get('id')}"
|
||||
author_id = (
|
||||
result.get("author", {}).get("id")
|
||||
if isinstance(result.get("author"), dict)
|
||||
else getattr(result.get("author"), "id", "unknown")
|
||||
)
|
||||
logger.info(f"✅ Main site login: токен возвращен для localStorage пользователя {author_id}")
|
||||
|
||||
return result
|
||||
except Exception as e:
|
||||
|
||||
Reference in New Issue
Block a user