Vorkout/connect
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
Vladislav Syrochkin 2025-06-10 17:05:35 +05:00
parent d7a5109d8e
commit 958f00069f
12 changed files with 179 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/api/__main__.py
View File

@ -73,6 +73,7 @@ if __name__ == "__main__":
log_level="info", log_level="info",
) )
app.add_middleware(MiddlewareAccessTokenValidadtion)
app.add_middleware( app.add_middleware(
CORSMiddleware, CORSMiddleware,
allow_origins=origins, allow_origins=origins,
@ -80,5 +81,3 @@ app.add_middleware(
allow_methods=["GET", "POST", "OPTIONS", "DELETE", "PUT"], allow_methods=["GET", "POST", "OPTIONS", "DELETE", "PUT"],
allow_headers=["*"], allow_headers=["*"],
) )
app.add_middleware(MiddlewareAccessTokenValidadtion)

3
api/api/config/default.py
View File

@ -18,7 +18,8 @@ class DbCredentialsSchema(BaseModel):
class DefaultSettings(BaseSettings): class DefaultSettings(BaseSettings):
ENV: str = environ.get("ENV", "local") ENV: str = environ.get("ENV", "local")
PATH_PREFIX: str = environ.get("PATH_PREFIX", "/api/v1") PATH_PREFIX: str = environ.get("PATH_PREFIX", "/api/v1")
APP_HOST: str = environ.get("APP_HOST", "http://127.0.0.1") # APP_HOST: str = environ.get("APP_HOST", "http://127.0.0.1")
APP_HOST: str = environ.get("APP_HOST", "http://localhost")
APP_PORT: int = int(environ.get("APP_PORT", 8000)) APP_PORT: int = int(environ.get("APP_PORT", 8000))
APP_ID: uuid.UUID = environ.get("APP_ID", uuid.uuid4()) APP_ID: uuid.UUID = environ.get("APP_ID", uuid.uuid4())
LOGS_STORAGE_PATH: str = environ.get("LOGS_STORAGE_PATH", "storage/logs") LOGS_STORAGE_PATH: str = environ.get("LOGS_STORAGE_PATH", "storage/logs")

3
api/api/db/logic/auth.py
View File

@ -50,13 +50,12 @@ async def get_user(connection: AsyncConnection, login: str) -> Optional[User]:
return user, password return user, password
async def upgrade_old_refresh_token(connection: AsyncConnection, user, refresh_token) -> Optional[User]: async def upgrade_old_refresh_token(connection: AsyncConnection, refresh_token) -> Optional[User]:
new_status = KeyStatus.EXPIRED new_status = KeyStatus.EXPIRED
update_query = ( update_query = (
update(account_keyring_table) update(account_keyring_table)
.where( .where(
account_table.c.id == user.id,
account_keyring_table.c.status == KeyStatus.ACTIVE, account_keyring_table.c.status == KeyStatus.ACTIVE,
account_keyring_table.c.key_type == KeyType.REFRESH_TOKEN, account_keyring_table.c.key_type == KeyType.REFRESH_TOKEN,
account_keyring_table.c.key_value == refresh_token, account_keyring_table.c.key_value == refresh_token,

38
api/api/endpoints/auth.py
View File

@ -1,5 +1,6 @@
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
import jwt
from fastapi import ( from fastapi import (
APIRouter, APIRouter,
Depends, Depends,
@ -8,7 +9,6 @@ from fastapi import (
Response, Response,
status, status,
) )
from loguru import logger from loguru import logger
from fastapi_jwt_auth import AuthJWT from fastapi_jwt_auth import AuthJWT
@ -30,11 +30,21 @@ api_router = APIRouter(
) )
def get_login_from_jwt(token: str):
payload = jwt.decode(
token,
get_settings().SECRET_KEY,
algorithms=[get_settings().ALGORITHM],
)
return payload.get("sub")
class Settings(BaseModel): class Settings(BaseModel):
authjwt_secret_key: str = get_settings().SECRET_KEY authjwt_secret_key: str = get_settings().SECRET_KEY
# Configure application to store and get JWT from cookies # Configure application to store and get JWT from cookies
authjwt_token_location: set = {"headers", "cookies"} authjwt_token_location: set = {"headers", "cookies"}
authjwt_cookie_domain: str = get_settings().DOMAIN authjwt_cookie_domain: str = get_settings().DOMAIN
authjwt_refresh_cookie_name: str = "refresh_token_cookie"
# Only allow JWT cookies to be sent over https # Only allow JWT cookies to be sent over https
authjwt_cookie_secure: bool = get_settings().ENV == "prod" authjwt_cookie_secure: bool = get_settings().ENV == "prod"
@ -68,7 +78,8 @@ async def login_for_access_token(
# headers={"WWW-Authenticate": "Bearer"}, # headers={"WWW-Authenticate": "Bearer"},
) )
access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES) # access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
access_token_expires = timedelta(seconds=5)
refresh_token_expires = timedelta(days=get_settings().REFRESH_TOKEN_EXPIRE_DAYS) refresh_token_expires = timedelta(days=get_settings().REFRESH_TOKEN_EXPIRE_DAYS)
@ -88,28 +99,19 @@ async def login_for_access_token(
@api_router.post("/refresh", response_model=Access) @api_router.post("/refresh", response_model=Access)
async def refresh( async def refresh(
request: Request, connection: AsyncConnection = Depends(get_connection_dep), Authorize: AuthJWT = Depends() request: Request,
connection: AsyncConnection = Depends(get_connection_dep),
Authorize: AuthJWT = Depends(),
): ):
refresh_token = request.cookies.get("refresh_token_cookie") refresh_token = request.cookies.get("refresh_token_cookie")
# print("Refresh Token:", refresh_token)
if not refresh_token: if not refresh_token:
raise HTTPException(status_code=401, detail="Refresh token is missing") raise HTTPException(status_code=401, detail="Refresh token is missing")
Authorize.jwt_refresh_token_required(refresh_token)
try:
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject() current_user = Authorize.get_jwt_subject()
# try:
except Exception as e: # access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
await upgrade_old_refresh_token(connection, current_user, refresh_token) access_token_expires = timedelta(seconds=5)
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid refresh token",
)
access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
new_access_token = Authorize.create_access_token(subject=current_user, expires_time=access_token_expires) new_access_token = Authorize.create_access_token(subject=current_user, expires_time=access_token_expires)
return Access(access_token=new_access_token) return Access(access_token=new_access_token)

24
api/api/services/middleware.py
View File

@ -22,13 +22,20 @@ class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
self.excluded_routes = [ self.excluded_routes = [
re.compile(r"^" + re.escape(self.prefix) + r"/auth/refresh/?$"), re.compile(r"^" + re.escape(self.prefix) + r"/auth/refresh/?$"),
re.compile(r"^" + re.escape(self.prefix) + r"/auth/?$"), re.compile(r"^" + re.escape(self.prefix) + r"/auth/?$"),
re.compile(r"^" + r"/swagger"),
re.compile(r"^" + r"/openapi"),
] ]
async def dispatch(self, request: Request, call_next): async def dispatch(self, request: Request, call_next):
if request.method in ["GET", "POST", "PUT", "DELETE"]: if request.method not in ["GET", "POST", "PUT", "DELETE"]:
return JSONResponse(
status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
content={"detail": "Method not allowed"},
)
if any(pattern.match(request.url.path) for pattern in self.excluded_routes): if any(pattern.match(request.url.path) for pattern in self.excluded_routes):
return await call_next(request) return await call_next(request)
else:
auth_header = request.headers.get("Authorization") auth_header = request.headers.get("Authorization")
if not auth_header: if not auth_header:
return JSONResponse( return JSONResponse(
@ -37,14 +44,11 @@ class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
headers={"WWW-Authenticate": "Bearer"}, headers={"WWW-Authenticate": "Bearer"},
) )
try:
token = auth_header.split(" ")[1] token = auth_header.split(" ")[1]
Authorize = AuthJWT(request) Authorize = AuthJWT(request)
try:
current_user = Authorize.get_jwt_subject() current_user = Authorize.get_jwt_subject()
request.state.current_user = current_user request.state.current_user = current_user
return await call_next(request)
except Exception: except Exception:
return JSONResponse( return JSONResponse(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
@ -52,10 +56,4 @@ class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
headers={"WWW-Authenticate": "Bearer"}, headers={"WWW-Authenticate": "Bearer"},
) )
# async with get_connection() as connection: return await call_next(request)
# authorize_user = await get_user_login(connection, current_user)
# print(authorize_user)
# if authorize_user is None :
# return JSONResponse(
# status_code=status.HTTP_404_NOT_FOUND ,
# detail="User not found.")

25
client/package-lock.json generated
View File

@ -19,6 +19,7 @@
"@types/react-dom": "^19.0.4", "@types/react-dom": "^19.0.4",
"antd": "^5.24.7", "antd": "^5.24.7",
"axios": "^1.9.0", "axios": "^1.9.0",
"axios-retry": "^4.5.0",
"i18next": "^25.0.1", "i18next": "^25.0.1",
"i18next-browser-languagedetector": "^8.0.5", "i18next-browser-languagedetector": "^8.0.5",
"react": "^18.3.1", "react": "^18.3.1",
@ -5275,6 +5276,18 @@
"proxy-from-env": "^1.1.0" "proxy-from-env": "^1.1.0"
} }
}, },
"node_modules/axios-retry": {
"version": "4.5.0",
"resolved": "https://registry.npmjs.org/axios-retry/-/axios-retry-4.5.0.tgz",
"integrity": "sha512-aR99oXhpEDGo0UuAlYcn2iGRds30k366Zfa05XWScR9QaQD4JYiP3/1Qt1u7YlefUOK+cn0CcwoL1oefavQUlQ==",
"license": "Apache-2.0",
"dependencies": {
"is-retry-allowed": "^2.2.0"
},
"peerDependencies": {
"axios": "0.x || 1.x"
}
},
"node_modules/axios/node_modules/form-data": { "node_modules/axios/node_modules/form-data": {
"version": "4.0.3", "version": "4.0.3",
"resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.3.tgz", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.3.tgz",
@ -10092,6 +10105,18 @@
"node": ">=0.10.0" "node": ">=0.10.0"
} }
}, },
"node_modules/is-retry-allowed": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz",
"integrity": "sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==",
"license": "MIT",
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/is-root": { "node_modules/is-root": {
"version": "2.1.0", "version": "2.1.0",
"resolved": "https://registry.npmjs.org/is-root/-/is-root-2.1.0.tgz", "resolved": "https://registry.npmjs.org/is-root/-/is-root-2.1.0.tgz",

1
client/package.json
View File

@ -14,6 +14,7 @@
"@types/react-dom": "^19.0.4", "@types/react-dom": "^19.0.4",
"antd": "^5.24.7", "antd": "^5.24.7",
"axios": "^1.9.0", "axios": "^1.9.0",
"axios-retry": "^4.5.0",
"i18next": "^25.0.1", "i18next": "^25.0.1",
"i18next-browser-languagedetector": "^8.0.5", "i18next-browser-languagedetector": "^8.0.5",
"react": "^18.3.1", "react": "^18.3.1",

3
client/src/App.tsx
View File

@ -2,12 +2,13 @@ import React from 'react';
import { Route, Routes } from 'react-router-dom'; import { Route, Routes } from 'react-router-dom';
import MainLayout from './pages/MainLayout'; import MainLayout from './pages/MainLayout';
import ProtectedRoute from './pages/ProtectedRoute'; import ProtectedRoute from './pages/ProtectedRoute';
import LoginPage from './pages/LoginPage';
function App() { function App() {
return ( return (
<div className="App"> <div className="App">
<Routes> <Routes>
<Route path="/login" element={<div>login</div>} /> <Route path="/login" element={<LoginPage />} />
<Route element={<ProtectedRoute />}> <Route element={<ProtectedRoute />}>
<Route path="*" element={<MainLayout />}></Route> <Route path="*" element={<MainLayout />}></Route>
</Route> </Route>

68
client/src/api/api.ts
View File

@ -1,5 +1,8 @@
import axios from 'axios'; import axios from 'axios';
import { Access, Auth } from '../types/auth'; import { Access, Auth } from '../types/auth';
import { User } from '../types/user';
import { AuthService } from '../services/auth';
import axiosRetry from 'axios-retry';
const baseURL = `${process.env.REACT_APP_HTTP_PROTOCOL}://${process.env.REACT_APP_API_URL}/api/v1`; const baseURL = `${process.env.REACT_APP_HTTP_PROTOCOL}://${process.env.REACT_APP_API_URL}/api/v1`;
@ -11,20 +14,75 @@ const base = axios.create({
}, },
}); });
// base.interceptors.request.use((config) => { base.interceptors.request.use((config) => {
// const token = localStorage.getItem('accessToken'); const token = localStorage.getItem('accessToken');
// if (token) { if (token) {
// config.headers.Authorization = `Bearer ${token}`; config.headers.Authorization = `Bearer ${token}`;
}
return config;
});
// axiosRetry(base, {
// retries: 3,
// retryDelay: (retryCount: number) => {
// console.log(`retry attempt: ${retryCount}`);
// return retryCount * 2000;
// },
// retryCondition: async (error: any) => {
// if (error.code === 'ERR_CANCELED') {
// return true;
// } // }
// return config; // return false;
// },
// }); // });
base.interceptors.response.use(
(response) => {
return response;
},
async function (error) {
console.log('error', error);
const originalRequest = error.response.config;
console.log('originalRequest._retry', originalRequest);
const urlTokens = error?.request?.responseURL.split('/');
const url = urlTokens[urlTokens.length - 1];
console.log('url', url);
if (
error.response.status === 401 &&
!(originalRequest?._retry != null) &&
url !== 'login' &&
url !== 'refresh' &&
url !== 'logout'
) {
originalRequest._retry = true;
const res = await AuthService.refresh().catch(async () => {
await AuthService.logout();
});
console.log('res', res);
return await base(originalRequest);
}
return await Promise.reject(error);
}
);
const api = { const api = {
// auth
async login(auth: Auth): Promise<Access> { async login(auth: Auth): Promise<Access> {
console.log(auth); console.log(auth);
const response = await base.post<Access>('/auth', auth); const response = await base.post<Access>('/auth', auth);
return response.data; return response.data;
}, },
async refreshToken(): Promise<Access> {
const response = await base.post<Access>('/auth/refresh');
return response.data;
},
// user
async getProfile(): Promise<User> {
const response = await base.get<User>('/profile');
return response.data;
},
}; };
export default api; export default api;

19
client/src/pages/MainLayout.tsx
View File

@ -9,6 +9,8 @@ import RunningProcessesPage from './RunningProcessesPage';
import AccountsPage from './AccountsPage'; import AccountsPage from './AccountsPage';
import EventsListPage from './EventsListPage'; import EventsListPage from './EventsListPage';
import ConfigurationPage from './ConfigurationPage'; import ConfigurationPage from './ConfigurationPage';
import { useSetUserSelector } from '../store/user';
import { UserService } from '../services/user';
export default function MainLayout() { export default function MainLayout() {
const navigate = useNavigate(); const navigate = useNavigate();
@ -19,6 +21,8 @@ export default function MainLayout() {
const [width, setWidth] = useState<number | string>('15%'); const [width, setWidth] = useState<number | string>('15%');
const [collapsedWidth, setCollapsedWidth] = useState(50); const [collapsedWidth, setCollapsedWidth] = useState(50);
const setUser = useSetUserSelector()
const calculateWidths = () => { const calculateWidths = () => {
const windowWidth = window.innerWidth; const windowWidth = window.innerWidth;
const expanded = Math.min(Math.max(windowWidth * 0.15, 180), 240); const expanded = Math.min(Math.max(windowWidth * 0.15, 180), 240);
@ -54,6 +58,21 @@ export default function MainLayout() {
navigate(key); navigate(key);
} }
useEffect(() => {
const token = localStorage.getItem('accessToken');
if (!token) {
navigate('/login');
} else {
if (localStorage.getItem('user')) {
setUser(JSON.parse(localStorage.getItem('user') as string))
} else {
UserService.getProfile().then((user) => {
setUser(user);
});
}
}
}, [])
return ( return (
<Layout style={{ minHeight: '100vh' }}> <Layout style={{ minHeight: '100vh' }}>
<Sider <Sider

15
client/src/pages/ProtectedRoute.tsx
View File

@ -1,8 +1,19 @@
/* eslint-disable react-hooks/exhaustive-deps */
// ProtectedRoute.js // ProtectedRoute.js
import { Outlet } from 'react-router-dom'; import { Outlet, useNavigate } from 'react-router-dom';
import React from 'react'; import React, { useEffect } from 'react';
import { useUserSelector } from '../store/user';
const ProtectedRoute = (): React.JSX.Element => { const ProtectedRoute = (): React.JSX.Element => {
const user = useUserSelector();
const navigate = useNavigate();
useEffect(() => {
if (user.id === null) {
navigate('/login');
}
}, [user]);
return <Outlet />; return <Outlet />;
}; };
export default ProtectedRoute; export default ProtectedRoute;

2
client/src/store/user.ts
View File

@ -11,6 +11,7 @@ type UserStoreState = {
type UserStoreActions = { type UserStoreActions = {
setUser: (user: User) => void; setUser: (user: User) => void;
removeUser: () => void;
}; };
type UserStore = UserStoreState & UserStoreActions; type UserStore = UserStoreState & UserStoreActions;
@ -22,6 +23,7 @@ export const useUserStore = create<UserStore>()(
user: userInfo != null ? JSON.parse(userInfo) : ({} as User), user: userInfo != null ? JSON.parse(userInfo) : ({} as User),
loading: false, loading: false,
setUser: (user: User) => set({ user }), setUser: (user: User) => set({ user }),
removeUser: () => set({ user: {} as User }),
}), }),
{ name: 'userInfo' } { name: 'userInfo' }
) )