Vorkout/connect
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
23329e7d36
connect/api/api/endpoints/auth.py
TheNoxium 23329e7d36 fix: refresh token exipreited
2025-04-23 16:54:30 +03:00

151 lines
4.1 KiB
Python
Raw Blame History

from datetime import datetime, timedelta, timezone
from fastapi import (
APIRouter,
Body,
Depends,
Form,
HTTPException,
Request,
Response,
status,
)
from loguru import logger
from pydantic.main import BaseModel
from fastapi_jwt_auth import AuthJWT
from pydantic import BaseModel
from sqlalchemy.ext.asyncio import AsyncConnection
from api.config import get_settings
from api.db.connection.session import get_connection_dep
from api.services.auth import authenticate_user
from api.db.logic.auth import add_new_refresh_token,upgrade_old_refresh_token
from api.db.logic.account import get_user_login
from api.schemas.endpoints.auth import Auth
api_router = APIRouter(
prefix="/auth",
tags=["User auth"],
)
class Settings(BaseModel):
authjwt_secret_key: str = get_settings().SECRET_KEY
# Configure application to store and get JWT from cookies
authjwt_token_location: set = {"headers", "cookies"}
authjwt_cookie_domain: str = get_settings().DOMAIN
# Only allow JWT cookies to be sent over https
authjwt_cookie_secure: bool = get_settings().ENV == "prod"
# Enable csrf double submit protection. default is True
authjwt_cookie_csrf_protect: bool = False
authjwt_cookie_samesite: str = "lax"
@AuthJWT.load_config
def get_config():
return Settings()
@api_router.post("/")
async def login_for_access_token(
user: Auth,
response: Response,
connection: AsyncConnection = Depends(get_connection_dep),
Authorize: AuthJWT = Depends(),
):
"""Авторизирует, выставляет токены в куки."""
user = await authenticate_user(connection, user.login, user.password)
print("login_for_access_token", user)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
# headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(
minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
refresh_token_expires = timedelta(
days=get_settings().REFRESH_TOKEN_EXPIRE_DAYS
)
logger.debug(f"refresh_token_expires {refresh_token_expires}")
access_token = Authorize.create_access_token(
subject=user.login, expires_time=access_token_expires
)
refresh_token = Authorize.create_refresh_token(
subject=user.login, expires_time=refresh_token_expires
)
refresh_token_expires_time = datetime.now(timezone.utc) + refresh_token_expires
await add_new_refresh_token(connection,refresh_token,refresh_token_expires_time,user)
Authorize.set_refresh_cookies(refresh_token)
return {
"access_token": access_token,
# "access_token_expires": access_token_expires_time,
# "refresh_token": refresh_token,
# "refresh_token_expires": refresh_token_expires_time
}
@api_router.post("/refresh")
async def refresh(
request: Request,
connection: AsyncConnection = Depends(get_connection_dep),
Authorize: AuthJWT = Depends()):
"""Обновляет access токен."""
refresh_token = request.cookies.get("refresh_token_cookie")
print("Refresh Token:", refresh_token)
if not refresh_token:
raise HTTPException(status_code=401, detail="Refresh token is missing")
try:
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject()
print(current_user)
except Exception as e:
await upgrade_old_refresh_token(connection,current_user,refresh_token)
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid refresh token",
)
access_token_expires = timedelta(minutes=get_settings().ACCESS_TOKEN_EXPIRE_MINUTES)
new_access_token = Authorize.create_access_token(
subject=current_user, expires_time=access_token_expires
)
return {
"access_token": new_access_token,
# "access_token_expires": access_token_expires_time,
# "refresh_token": refresh_token,
# "refresh_token_expires": refresh_token_expires_time
}
Reference in New Issue View Git Blame Copy Permalink