VORKOUT-6 #11
@ -73,6 +73,7 @@ if __name__ == "__main__":
|
|||||||
log_level="info",
|
log_level="info",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
app.add_middleware(MiddlewareAccessTokenValidadtion)
|
||||||
app.add_middleware(
|
app.add_middleware(
|
||||||
CORSMiddleware,
|
CORSMiddleware,
|
||||||
allow_origins=origins,
|
allow_origins=origins,
|
||||||
@ -80,5 +81,3 @@ app.add_middleware(
|
|||||||
allow_methods=["GET", "POST", "OPTIONS", "DELETE", "PUT"],
|
allow_methods=["GET", "POST", "OPTIONS", "DELETE", "PUT"],
|
||||||
allow_headers=["*"],
|
allow_headers=["*"],
|
||||||
)
|
)
|
||||||
|
|
||||||
app.add_middleware(MiddlewareAccessTokenValidadtion)
|
|
||||||
|
|||||||
@ -50,13 +50,12 @@ async def get_user(connection: AsyncConnection, login: str) -> Optional[User]:
|
|||||||
return user, password
|
return user, password
|
||||||
|
|
||||||
|
|
||||||
async def upgrade_old_refresh_token(connection: AsyncConnection, user, refresh_token) -> Optional[User]:
|
async def upgrade_old_refresh_token(connection: AsyncConnection, refresh_token) -> Optional[User]:
|
||||||
new_status = KeyStatus.EXPIRED
|
new_status = KeyStatus.EXPIRED
|
||||||
|
|
||||||
update_query = (
|
update_query = (
|
||||||
update(account_keyring_table)
|
update(account_keyring_table)
|
||||||
.where(
|
.where(
|
||||||
account_table.c.id == user.id,
|
|
||||||
account_keyring_table.c.status == KeyStatus.ACTIVE,
|
account_keyring_table.c.status == KeyStatus.ACTIVE,
|
||||||
account_keyring_table.c.key_type == KeyType.REFRESH_TOKEN,
|
account_keyring_table.c.key_type == KeyType.REFRESH_TOKEN,
|
||||||
account_keyring_table.c.key_value == refresh_token,
|
account_keyring_table.c.key_value == refresh_token,
|
||||||
|
|||||||
@ -91,25 +91,21 @@ async def refresh(
|
|||||||
request: Request, connection: AsyncConnection = Depends(get_connection_dep), Authorize: AuthJWT = Depends()
|
request: Request, connection: AsyncConnection = Depends(get_connection_dep), Authorize: AuthJWT = Depends()
|
||||||
):
|
):
|
||||||
refresh_token = request.cookies.get("refresh_token_cookie")
|
refresh_token = request.cookies.get("refresh_token_cookie")
|
||||||
|
|
|||||||
# print("Refresh Token:", refresh_token)
|
|
||||||
|
|
||||||
if not refresh_token:
|
if not refresh_token:
|
||||||
raise HTTPException(status_code=401, detail="Refresh token is missing")
|
raise HTTPException(status_code=401, detail="Refresh token is missing")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
Authorize.jwt_refresh_token_required()
|
Authorize.jwt_refresh_token_required(refresh_token)
|
||||||
current_user = Authorize.get_jwt_subject()
|
current_user = Authorize._verified_token(refresh_token).get("sub")
|
||||||
|
except Exception:
|
||||||
except Exception as e:
|
await upgrade_old_refresh_token(connection, refresh_token)
|
||||||
await upgrade_old_refresh_token(connection, current_user, refresh_token)
|
|
||||||
|
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
detail="Invalid refresh token",
|
detail="Invalid refresh token",
|
||||||
)
|
)
|
||||||
|
|
||||||
access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
|
access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||||
|
|
||||||
new_access_token = Authorize.create_access_token(subject=current_user, expires_time=access_token_expires)
|
new_access_token = Authorize.create_access_token(subject=current_user, expires_time=access_token_expires)
|
||||||
|
|
||||||
return Access(access_token=new_access_token)
|
return Access(access_token=new_access_token)
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
from fastapi_jwt_auth import AuthJWT
|
||||||
from starlette.middleware.base import BaseHTTPMiddleware
|
from starlette.middleware.base import BaseHTTPMiddleware
|
||||||
from fastapi import (
|
from fastapi import (
|
||||||
Request,
|
Request,
|
||||||
@ -11,9 +12,6 @@ import re
|
|||||||
from re import escape
|
from re import escape
|
||||||
|
|
||||||
|
|
||||||
from fastapi_jwt_auth import AuthJWT
|
|
||||||
|
|
||||||
|
|
||||||
class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
|
class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
|
||||||
def __init__(self, app):
|
def __init__(self, app):
|
||||||
super().__init__(app)
|
super().__init__(app)
|
||||||
@ -22,40 +20,34 @@ class MiddlewareAccessTokenValidadtion(BaseHTTPMiddleware):
|
|||||||
self.excluded_routes = [
|
self.excluded_routes = [
|
||||||
re.compile(r"^" + re.escape(self.prefix) + r"/auth/refresh/?$"),
|
re.compile(r"^" + re.escape(self.prefix) + r"/auth/refresh/?$"),
|
||||||
re.compile(r"^" + re.escape(self.prefix) + r"/auth/?$"),
|
re.compile(r"^" + re.escape(self.prefix) + r"/auth/?$"),
|
||||||
|
re.compile(r"^" + r"/swagger"),
|
||||||
|
re.compile(r"^" + r"/openapi"),
|
||||||
]
|
]
|
||||||
|
|
||||||
async def dispatch(self, request: Request, call_next):
|
async def dispatch(self, request: Request, call_next):
|
||||||
if request.method in ["GET", "POST", "PUT", "DELETE"]:
|
if request.method not in ["GET", "POST", "PUT", "DELETE"]:
|
||||||
if any(pattern.match(request.url.path) for pattern in self.excluded_routes):
|
return JSONResponse(
|
||||||
return await call_next(request)
|
status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
|
||||||
else:
|
content={"detail": "Method not allowed"},
|
||||||
auth_header = request.headers.get("Authorization")
|
)
|
||||||
if not auth_header:
|
if any(pattern.match(request.url.path) for pattern in self.excluded_routes):
|
||||||
return JSONResponse(
|
return await call_next(request)
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
auth_header = request.headers.get("Authorization")
|
||||||
content={"detail": "Missing authorization header."},
|
if not auth_header:
|
||||||
headers={"WWW-Authenticate": "Bearer"},
|
return JSONResponse(
|
||||||
)
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
|
content={"detail": "Missing authorization header."},
|
||||||
token = auth_header.split(" ")[1]
|
headers={"WWW-Authenticate": "Bearer"},
|
||||||
Authorize = AuthJWT(request)
|
)
|
||||||
|
try:
|
||||||
try:
|
token = auth_header.split(" ")[1]
|
||||||
current_user = Authorize.get_jwt_subject()
|
Authorize = AuthJWT(request)
|
||||||
request.state.current_user = current_user
|
current_user = Authorize.get_jwt_subject()
|
||||||
return await call_next(request)
|
request.state.current_user = current_user
|
||||||
|
except Exception:
|
||||||
except Exception:
|
return JSONResponse(
|
||||||
return JSONResponse(
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
content={"detail": "The access token is invalid or expired."},
|
||||||
content={"detail": "The access token is invalid or expired."},
|
headers={"WWW-Authenticate": "Bearer"},
|
||||||
headers={"WWW-Authenticate": "Bearer"},
|
)
|
||||||
)
|
return await call_next(request)
|
||||||
|
|
||||||
# async with get_connection() as connection:
|
|
||||||
# authorize_user = await get_user_login(connection, current_user)
|
|
||||||
# print(authorize_user)
|
|
||||||
# if authorize_user is None :
|
|
||||||
# return JSONResponse(
|
|
||||||
# status_code=status.HTTP_404_NOT_FOUND ,
|
|
||||||
# detail="User not found.")
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user
refresh_token не должен храниться в куках, его нужно сохранять в браузерном секурном хранилище (на фронте) и предъявлять как параметр конкретного запроса (апгрейд или получение access_token'а).