discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

updateShout

Browse Source
This commit is contained in:
knst-kotov 2021-08-18 19:53:55 +03:00
parent b8b7854c4c
commit 1ce88a3515
3 changed files with 83 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
auth/authenticate.py
View File

@ -15,63 +15,65 @@ from settings import JWT_AUTH_HEADER
class _Authenticate: class _Authenticate:
@classmethod @classmethod
async def verify(cls, token: str): async def verify(cls, token: str):
""" """
Rules for a token to be valid. Rules for a token to be valid.
1. token format is legal && 1. token format is legal &&
token exists in redis database && token exists in redis database &&
token is not expired token is not expired
2. token format is legal && 2. token format is legal &&
token exists in redis database && token exists in redis database &&
token is expired && token is expired &&
token is of specified type token is of specified type
""" """
try: try:
payload = Token.decode(token) payload = Token.decode(token)
except ExpiredSignatureError: except ExpiredSignatureError:
payload = Token.decode(token, verify_exp=False) payload = Token.decode(token, verify_exp=False)
if not await cls.exists(payload.user_id, token): if not await cls.exists(payload.user_id, token):
raise InvalidToken("Login expired, please login again") raise InvalidToken("Login expired, please login again")
if payload.device == "mobile": # noqa if payload.device == "mobile": # noqa
"we cat set mobile token to be valid forever" "we cat set mobile token to be valid forever"
return payload return payload
except DecodeError as e: except DecodeError as e:
raise InvalidToken("token format error") from e raise InvalidToken("token format error") from e
else: else:
if not await cls.exists(payload.user_id, token): if not await cls.exists(payload.user_id, token):
raise InvalidToken("Login expired, please login again") raise InvalidToken("Login expired, please login again")
return payload return payload
@classmethod @classmethod
async def exists(cls, user_id, token): async def exists(cls, user_id, token):
token = await redis.execute("GET", f"{user_id}-{token}") token = await redis.execute("GET", f"{user_id}-{token}")
return token is not None return token is not None
class JWTAuthenticate(AuthenticationBackend): class JWTAuthenticate(AuthenticationBackend):
async def authenticate( async def authenticate(
self, request: HTTPConnection self, request: HTTPConnection
) -> Optional[Tuple[AuthCredentials, AuthUser]]: ) -> Optional[Tuple[AuthCredentials, AuthUser]]:
if JWT_AUTH_HEADER not in request.headers: if JWT_AUTH_HEADER not in request.headers:
return AuthCredentials(scopes=[]), AuthUser(user_id=None) return AuthCredentials(scopes=[]), AuthUser(user_id=None)
token = request.headers[JWT_AUTH_HEADER] token = request.headers[JWT_AUTH_HEADER]
try: try:
payload = await _Authenticate.verify(token) payload = await _Authenticate.verify(token)
except Exception as exc: except Exception as exc:
return AuthCredentials(scopes=[], error_message=str(exc)), AuthUser(user_id=None) return AuthCredentials(scopes=[], error_message=str(exc)), AuthUser(user_id=None)
if payload is None:
return AuthCredentials(scopes=[]), AuthUser(user_id=None)
scopes = User.get_permission(user_id=payload.user_id) scopes = User.get_permission(user_id=payload.user_id)
print(scopes) return AuthCredentials(user_id=payload.user_id, scopes=scopes, logged_in=True), AuthUser(user_id=payload.user_id)
return AuthCredentials(user_id=payload.user_id, scopes=scopes, logged_in=True), AuthUser(user_id=payload.user_id)
def login_required(func): def login_required(func):
@wraps(func) @wraps(func)
async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs): async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
auth: AuthCredentials = info.context["request"].auth auth: AuthCredentials = info.context["request"].auth
if not auth.logged_in: if not auth.logged_in:
return {"error" : auth.error_message or "Please login"} return {"error" : auth.error_message or "Please login"}
return await func(parent, info, *args, **kwargs) return await func(parent, info, *args, **kwargs)
return wrap return wrap

6
orm/user.py
View File

@ -17,7 +17,7 @@ class UserRole(Base):
class User(Base): class User(Base):
__tablename__ = 'user' __tablename__ = 'user'
email: str = Column(String, nullable=False) email: str = Column(String, unique=True, nullable=False)
username: str = Column(String, nullable=False, comment="Name") username: str = Column(String, nullable=False, comment="Name")
password: str = Column(String, nullable=True, comment="Password") password: str = Column(String, nullable=True, comment="Password")
@ -32,7 +32,9 @@ class User(Base):
user = session.query(User).filter(User.id == user_id).first() user = session.query(User).filter(User.id == user_id).first()
for role in user.roles: for role in user.roles:
for p in role.permissions: for p in role.permissions:
scope[p.resource_id] = p.operation_id if not p.resource_id in scope:
scope[p.resource_id] = set()
scope[p.resource_id].add(p.operation_id)
return scope return scope

31
resolvers/zine.py
View File

@ -1,4 +1,4 @@
from orm import Shout, User, Organization from orm import Shout, User, Organization, Resource
from orm.base import local_session from orm.base import local_session
from resolvers.base import mutation, query from resolvers.base import mutation, query
@ -119,13 +119,16 @@ async def create_shout(_, info, input):
@mutation.field("updateShout") @mutation.field("updateShout")
@login_required @login_required
async def update_shout(_, info, shout_id, input): async def update_shout(_, info, input):
auth = info.context["request"].auth auth = info.context["request"].auth
user_id = auth.user_id user_id = auth.user_id
slug = input["slug"]
org_id = org = input["org_id"]
with local_session() as session: with local_session() as session:
user = session.query(User).filter(User.id == user_id).first() user = session.query(User).filter(User.id == user_id).first()
shout = session.query(Shout).filter(Shout.id == shout_id).first() shout = session.query(Shout).filter(Shout.slug == slug).first()
org = session.query(Organization).filter(Organization.id == org_id).first()
if not shout: if not shout:
return { return {
@ -133,12 +136,30 @@ async def update_shout(_, info, shout_id, input):
} }
if shout.author_id != user_id: if shout.author_id != user_id:
scope = info.context["request"].scope scopes = auth.scopes
if not Resource.shout_id in scope: print(scopes)
if not Resource.shout_id in scopes:
return { return {
"error" : "access denied" "error" : "access denied"
} }
shout.body = input["body"],
shout.replyTo = input.get("replyTo"),
shout.versionOf = input.get("versionOf"),
shout.tags = input.get("tags"),
shout.topics = input.get("topics")
with local_session() as session:
session.commit()
task = GitTask(
input,
org.name,
user.username,
user.email,
"update shout %s" % (shout.slug)
)
return { return {
"shout" : shout "shout" : shout
} }