From 3ae675c52c7fa64983a639892b593459513b47c7 Mon Sep 17 00:00:00 2001 From: Untone Date: Tue, 30 Sep 2025 19:20:41 +0300 Subject: [PATCH] auth-fix --- auth/oauth.py | 16 ++++++++-------- resolvers/auth.py | 20 +++++++++++++++----- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/auth/oauth.py b/auth/oauth.py index fdd65491..0154e126 100644 --- a/auth/oauth.py +++ b/auth/oauth.py @@ -819,16 +819,16 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon token_data["client_secret"] = client.client_secret async with httpx.AsyncClient() as http_client: - response = await http_client.post( + token_response = await http_client.post( token_endpoint, data=token_data, headers={"Accept": "application/json"} ) - if response.status_code != 200: - error_msg = f"Token request failed: {response.status_code} - {response.text}" + if token_response.status_code != 200: + error_msg = f"Token request failed: {token_response.status_code} - {token_response.text}" logger.error(f"❌ {error_msg}") raise ValueError(error_msg) - token = response.json() + token = token_response.json() else: # Провайдеры с PKCE поддержкой code_verifier = oauth_data.get("code_verifier") @@ -865,16 +865,16 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon token_data["client_secret"] = client.client_secret async with httpx.AsyncClient() as http_client: - response = await http_client.post( + token_response = await http_client.post( token_endpoint, data=token_data, headers={"Accept": "application/json"} ) - if response.status_code != 200: - error_msg = f"Token request failed: {response.status_code} - {response.text}" + if token_response.status_code != 200: + error_msg = f"Token request failed: {token_response.status_code} - {token_response.text}" logger.error(f"❌ {error_msg}") raise ValueError(error_msg) - token = response.json() + token = token_response.json() except Exception as e: logger.error(f"❌ Failed to fetch access token for {provider}: {e}", exc_info=True) logger.error(f"❌ Request URL: {request.url}") diff --git a/resolvers/auth.py b/resolvers/auth.py index 4e813556..3d334517 100644 --- a/resolvers/auth.py +++ b/resolvers/auth.py @@ -27,11 +27,15 @@ from utils.logger import root_logger as logger def resolve_roles(obj: dict | Any, info: GraphQLResolveInfo) -> list[str]: """Резолвер для поля roles автора""" try: + # Если это ORM объект с методом get_roles if hasattr(obj, "get_roles"): return obj.get_roles() + # Если это словарь if isinstance(obj, dict): - roles_data = obj.get("roles_data", {}) + roles_data = obj.get("roles_data") + if roles_data is None: + return [] if isinstance(roles_data, list): return roles_data if isinstance(roles_data, dict): @@ -122,9 +126,12 @@ async def login(_: None, info: GraphQLResolveInfo, **kwargs: Any) -> dict[str, A domain=SESSION_COOKIE_DOMAIN, ) - logger.info( - f"✅ Admin login: httpOnly cookie установлен для пользователя {result.get('author', {}).get('id')}" + author_id = ( + result.get("author", {}).get("id") + if isinstance(result.get("author"), dict) + else getattr(result.get("author"), "id", "unknown") ) + logger.info(f"✅ Admin login: httpOnly cookie установлен для пользователя {author_id}") # Для админки НЕ возвращаем токен клиенту - он в httpOnly cookie result_without_token = result.copy() @@ -136,9 +143,12 @@ async def login(_: None, info: GraphQLResolveInfo, **kwargs: Any) -> dict[str, A # Для основного сайта возвращаем токен как обычно (Bearer в localStorage) if not is_admin_request: - logger.info( - f"✅ Main site login: токен возвращен для localStorage пользователя {result.get('author', {}).get('id')}" + author_id = ( + result.get("author", {}).get("id") + if isinstance(result.get("author"), dict) + else getattr(result.get("author"), "id", "unknown") ) + logger.info(f"✅ Main site login: токен возвращен для localStorage пользователя {author_id}") return result except Exception as e: