oauth-raw-req-control

2025-09-28 20:45:08 +03:00
parent 9b727ac9ca
commit 44b69dc743
1 changed files with 26 additions and 4 deletions
--- a/auth/oauth.py
+++ b/auth/oauth.py
@@ -687,8 +687,20 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
                logger.info(f"🔧 Using OAuth without PKCE for {provider}")
                logger.info(f"🔧 Callback URI: {callback_uri}")

-                # Используем внутренний HTTP клиент для прямого запроса к token endpoint
+                # Получаем token endpoint для провайдера
+                token_endpoints = {
+                    "vk": "https://oauth.vk.com/access_token",
+                    "yandex": "https://oauth.yandex.ru/token",
+                    "telegram": "https://oauth.telegram.org/auth/token",
+                    "facebook": "https://graph.facebook.com/v18.0/oauth/access_token",
+                }
+                
+                token_endpoint = token_endpoints.get(provider)
+                if not token_endpoint:
+                    logger.error(f"❌ Unknown token endpoint for provider: {provider}")
+                    return JSONResponse({"error": f"Unknown provider: {provider}"}, status_code=400)

+                # Используем внутренний HTTP клиент для прямого запроса к token endpoint
                token_data = {
                    "grant_type": "authorization_code",
                    "code": code,
@@ -702,7 +714,7 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon

                async with httpx.AsyncClient() as http_client:
                    response = await http_client.post(
-                        client.token_endpoint, data=token_data, headers={"Accept": "application/json"}
+                        token_endpoint, data=token_data, headers={"Accept": "application/json"}
                    )

                if response.status_code != 200:
@@ -722,8 +734,18 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon
                logger.info(f"🔧 Code verifier length: {len(code_verifier) if code_verifier else 0}")
                logger.info(f"🔧 Callback URI: {callback_uri}")

-                # Используем внутренний HTTP клиент для прямого запроса к token endpoint
+                # Получаем token endpoint для провайдера
+                token_endpoints = {
+                    "google": "https://oauth2.googleapis.com/token",
+                    "github": "https://github.com/login/oauth/access_token",
+                }
+                
+                token_endpoint = token_endpoints.get(provider)
+                if not token_endpoint:
+                    logger.error(f"❌ Unknown token endpoint for provider: {provider}")
+                    return JSONResponse({"error": f"Unknown provider: {provider}"}, status_code=400)

+                # Используем внутренний HTTP клиент для прямого запроса к token endpoint
                token_data = {
                    "grant_type": "authorization_code",
                    "code": code,
@@ -734,7 +756,7 @@ async def oauth_callback_http(request: Request) -> JSONResponse | RedirectRespon

                async with httpx.AsyncClient() as http_client:
                    response = await http_client.post(
-                        client.token_endpoint, data=token_data, headers={"Accept": "application/json"}
+                        token_endpoint, data=token_data, headers={"Accept": "application/json"}
                    )

                if response.status_code != 200: