This commit is contained in:
Julien Aldon
@@ -21,6 +21,7 @@ router = APIRouter(prefix='/auth')
|
||||
jwk_client = PyJWKClient(JWKS_URL)
|
||||
security = HTTPBearer()
|
||||
|
||||
|
||||
@router.get('/logout')
|
||||
def logout():
|
||||
params = {
|
||||
@@ -59,9 +60,11 @@ def login():
|
||||
'redirect_uri': settings.keycloak_redirect_uri,
|
||||
'state': state,
|
||||
}
|
||||
request_url = requests.Request('GET', AUTH_URL, params=params).prepare().url
|
||||
request_url = requests.Request(
|
||||
'GET', AUTH_URL, params=params).prepare().url
|
||||
return RedirectResponse(request_url)
|
||||
|
||||
|
||||
@router.get('/callback')
|
||||
def callback(code: str, session: Session = Depends(get_session)):
|
||||
data = {
|
||||
@@ -82,10 +85,12 @@ def callback(code: str, session: Session = Depends(get_session)):
|
||||
)
|
||||
|
||||
token_data = response.json()
|
||||
|
||||
|
||||
id_token = token_data['id_token']
|
||||
decoded_token = jwt.decode(id_token, options={'verify_signature': False})
|
||||
decoded_access_token = jwt.decode(token_data['access_token'], options={'verify_signature': False})
|
||||
decoded_access_token = jwt.decode(
|
||||
token_data['access_token'], options={
|
||||
'verify_signature': False})
|
||||
resource_access = decoded_access_token.get('resource_access')
|
||||
if not resource_access:
|
||||
data = {
|
||||
@@ -141,6 +146,7 @@ def callback(code: str, session: Session = Depends(get_session)):
|
||||
|
||||
return response
|
||||
|
||||
|
||||
def verify_token(token: str):
|
||||
try:
|
||||
signing_key = jwk_client.get_signing_key_from_jwt(token)
|
||||
@@ -154,28 +160,37 @@ def verify_token(token: str):
|
||||
)
|
||||
return decoded
|
||||
except jwt.ExpiredSignatureError:
|
||||
raise HTTPException(status_code=401, detail=messages.Messages.tokenexipired)
|
||||
raise HTTPException(status_code=401,
|
||||
detail=messages.Messages.tokenexipired)
|
||||
except jwt.InvalidTokenError:
|
||||
raise HTTPException(status_code=401, detail=messages.Messages.invalidtoken)
|
||||
raise HTTPException(
|
||||
status_code=401,
|
||||
detail=messages.Messages.invalidtoken)
|
||||
|
||||
|
||||
def get_current_user(request: Request, session: Session = Depends(get_session)):
|
||||
def get_current_user(
|
||||
request: Request,
|
||||
session: Session = Depends(get_session)):
|
||||
access_token = request.cookies.get('access_token')
|
||||
if not access_token:
|
||||
raise HTTPException(status_code=401, detail=messages.Messages.notauthenticated)
|
||||
raise HTTPException(status_code=401,
|
||||
detail=messages.Messages.notauthenticated)
|
||||
payload = verify_token(access_token)
|
||||
if not payload:
|
||||
raise HTTPException(status_code=401, detail='aze')
|
||||
email = payload.get('email')
|
||||
|
||||
if not email:
|
||||
raise HTTPException(status_code=401, detail=messages.Messages.notauthenticated)
|
||||
raise HTTPException(status_code=401,
|
||||
detail=messages.Messages.notauthenticated)
|
||||
|
||||
user = session.exec(select(User).where(User.email == email)).first()
|
||||
if not user:
|
||||
raise HTTPException(status_code=401, detail=messages.Messages.not_found('user'))
|
||||
raise HTTPException(status_code=401,
|
||||
detail=messages.Messages.not_found('user'))
|
||||
return user
|
||||
|
||||
|
||||
@router.post('/refresh')
|
||||
def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
|
||||
refresh = refresh_token
|
||||
@@ -223,6 +238,7 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
|
||||
)
|
||||
return response
|
||||
|
||||
|
||||
@router.get('/user/me')
|
||||
def me(user: UserPublic = Depends(get_current_user)):
|
||||
if not user:
|
||||
@@ -235,4 +251,4 @@ def me(user: UserPublic = Depends(get_current_user)):
|
||||
'id': user.id,
|
||||
'roles': [role.name for role in user.roles]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user