fix auth lifetime

2024-04-07 21:31:15 +00:00
parent f8f5bf80c1
commit d55e8d1df3
13 changed files with 212 additions and 42 deletions
--- a/api/presentation/auth/init.py
+++ b/api/presentation/auth/init.py
--- a/api/presentation/auth/fasapi_auth.py
+++ b/api/presentation/auth/fasapi_auth.py
@@ -0,0 +1,60 @@
+from typing import Annotated
+
+from fastapi import Depends, HTTPException, Request, Response, status
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
+from fastapi.security import OAuth2
+from fastapi.security.utils import get_authorization_scheme_param
+
+from api.application.protocols.jwt import JwtTokenProcessor
+from api.domain.user.error import UserIsNotAuthorizedError
+from api.infrastructure.dependencies.stub import Stub
+
+
+class OAuth2PasswordBearerWithCookie(OAuth2):
+    def __init__(
+        self,
+        tokenUrl: str,
+        scheme_name: str | None = None,
+        scopes: dict[str, str] | None = None,
+        auto_error: bool = True,
+    ):
+        if not scopes:
+            scopes = {}
+        flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
+        super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
+
+    async def __call__(self, request: Request) -> str | None:
+        authorization: str | None = request.cookies.get("access_token")
+
+        scheme, param = get_authorization_scheme_param(authorization)
+        if authorization is None or scheme.lower() != "bearer":
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=status.HTTP_401_UNAUTHORIZED,
+                    detail="Not authenticated",
+                    headers={"WWW-Authenticate": "Bearer"},
+                )
+            else:
+                return None
+        print(param)
+        return param
+
+
+oauth2_scheme = OAuth2PasswordBearerWithCookie("/auth/login")
+
+
+async def auth_required(
+    request: Request,
+    token: Annotated[
+        str,
+        Depends(oauth2_scheme),
+    ],
+    jwt_processor: Annotated[JwtTokenProcessor, Depends(Stub(JwtTokenProcessor))],
+) -> None:
+    if token is None:
+        raise UserIsNotAuthorizedError("Invalid authorization credentials")
+
+    if jwt_processor.validate_token(token=token) is None:
+        raise UserIsNotAuthorizedError("authorization credentials is old")
+
+    request.scope["auth"] = token