2022-09-14 04:42:31 +00:00
|
|
|
from functools import wraps
|
|
|
|
|
from typing import Optional, Tuple
|
2022-09-17 18:12:14 +00:00
|
|
|
|
|
|
|
|
from graphql.type import GraphQLResolveInfo
|
2022-11-28 22:58:23 +00:00
|
|
|
from sqlalchemy.orm import joinedload, exc
|
2022-09-14 04:42:31 +00:00
|
|
|
from starlette.authentication import AuthenticationBackend
|
|
|
|
|
from starlette.requests import HTTPConnection
|
2022-09-17 18:12:14 +00:00
|
|
|
|
2022-09-14 04:42:31 +00:00
|
|
|
from auth.credentials import AuthCredentials, AuthUser
|
2023-10-05 18:46:18 +00:00
|
|
|
from services.db import local_session
|
2022-12-01 13:24:05 +00:00
|
|
|
from orm.user import User, Role
|
2022-11-28 22:58:23 +00:00
|
|
|
|
2022-11-22 03:11:26 +00:00
|
|
|
from settings import SESSION_TOKEN_HEADER
|
2022-11-24 14:31:52 +00:00
|
|
|
from auth.tokenstorage import SessionToken
|
2023-10-05 18:46:18 +00:00
|
|
|
from services.exceptions import OperationNotAllowed
|
2022-09-14 04:42:31 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class JWTAuthenticate(AuthenticationBackend):
|
|
|
|
|
async def authenticate(
|
|
|
|
|
self, request: HTTPConnection
|
|
|
|
|
) -> Optional[Tuple[AuthCredentials, AuthUser]]:
|
2022-11-22 03:11:26 +00:00
|
|
|
if SESSION_TOKEN_HEADER not in request.headers:
|
2023-10-05 18:46:18 +00:00
|
|
|
return AuthCredentials(scopes={}), AuthUser(user_id=None, username="")
|
2022-09-14 04:42:31 +00:00
|
|
|
|
2022-11-24 14:31:52 +00:00
|
|
|
token = request.headers.get(SESSION_TOKEN_HEADER)
|
|
|
|
|
if not token:
|
|
|
|
|
print("[auth.authenticate] no token in header %s" % SESSION_TOKEN_HEADER)
|
2023-07-13 14:48:21 +00:00
|
|
|
return AuthCredentials(scopes={}, error_message=str("no token")), AuthUser(
|
2023-10-05 18:46:18 +00:00
|
|
|
user_id=None, username=""
|
2022-11-24 14:31:52 +00:00
|
|
|
)
|
2023-10-13 11:45:24 +00:00
|
|
|
|
|
|
|
|
if token.startswith("Bearer"):
|
|
|
|
|
token = token[len("Bearer "):]
|
2022-11-22 03:11:26 +00:00
|
|
|
|
2023-10-05 18:46:18 +00:00
|
|
|
if len(token.split(".")) > 1:
|
2023-02-20 16:09:55 +00:00
|
|
|
payload = await SessionToken.verify(token)
|
2023-07-13 14:58:22 +00:00
|
|
|
|
2023-02-20 16:09:55 +00:00
|
|
|
with local_session() as session:
|
|
|
|
|
try:
|
|
|
|
|
user = (
|
2023-10-05 18:46:18 +00:00
|
|
|
session.query(User)
|
|
|
|
|
.options(
|
|
|
|
|
joinedload(User.roles).options(
|
|
|
|
|
joinedload(Role.permissions)
|
|
|
|
|
),
|
|
|
|
|
joinedload(User.ratings),
|
|
|
|
|
)
|
|
|
|
|
.filter(User.id == payload.user_id)
|
|
|
|
|
.one()
|
2023-02-20 16:09:55 +00:00
|
|
|
)
|
2022-11-28 22:58:23 +00:00
|
|
|
|
2023-02-20 16:09:55 +00:00
|
|
|
scopes = {} # TODO: integrate await user.get_permission()
|
2022-11-28 22:58:23 +00:00
|
|
|
|
2023-02-20 16:09:55 +00:00
|
|
|
return (
|
|
|
|
|
AuthCredentials(
|
2023-10-05 18:46:18 +00:00
|
|
|
user_id=payload.user_id, scopes=scopes, logged_in=True
|
2023-02-20 16:09:55 +00:00
|
|
|
),
|
2023-10-05 18:46:18 +00:00
|
|
|
AuthUser(user_id=user.id, username=""),
|
2023-02-20 16:09:55 +00:00
|
|
|
)
|
|
|
|
|
except exc.NoResultFound:
|
|
|
|
|
pass
|
2022-11-28 22:58:23 +00:00
|
|
|
|
2023-10-05 18:46:18 +00:00
|
|
|
return AuthCredentials(scopes={}, error_message=str("Invalid token")), AuthUser(
|
|
|
|
|
user_id=None, username=""
|
|
|
|
|
)
|
2022-09-14 04:42:31 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def login_required(func):
|
|
|
|
|
@wraps(func)
|
|
|
|
|
async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
|
2022-10-23 09:33:28 +00:00
|
|
|
# print('[auth.authenticate] login required for %r with info %r' % (func, info)) # debug only
|
2022-09-14 04:42:31 +00:00
|
|
|
auth: AuthCredentials = info.context["request"].auth
|
2022-11-25 22:35:42 +00:00
|
|
|
# print(auth)
|
2022-11-28 14:15:54 +00:00
|
|
|
if not auth or not auth.logged_in:
|
2023-01-10 08:15:28 +00:00
|
|
|
# raise Unauthorized(auth.error_message or "Please login")
|
2023-10-05 18:46:18 +00:00
|
|
|
return {"error": "Please login first"}
|
2022-09-14 04:42:31 +00:00
|
|
|
return await func(parent, info, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
return wrap
|
2022-11-24 08:27:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def permission_required(resource, operation, func):
|
|
|
|
|
@wraps(func)
|
|
|
|
|
async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
|
2023-10-05 18:46:18 +00:00
|
|
|
print(
|
|
|
|
|
"[auth.authenticate] permission_required for %r with info %r" % (func, info)
|
|
|
|
|
) # debug only
|
2022-11-24 08:27:01 +00:00
|
|
|
auth: AuthCredentials = info.context["request"].auth
|
|
|
|
|
if not auth.logged_in:
|
2022-12-01 08:12:48 +00:00
|
|
|
raise OperationNotAllowed(auth.error_message or "Please login")
|
2022-11-24 08:27:01 +00:00
|
|
|
|
2022-11-25 22:35:42 +00:00
|
|
|
# TODO: add actual check permission logix here
|
2022-11-24 08:27:01 +00:00
|
|
|
|
|
|
|
|
return await func(parent, info, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
return wrap
|
