fmt

2024-02-21 10:27:16 +03:00
parent 4f26812340
commit 7cf702eb98
35 changed files with 1059 additions and 825 deletions
--- a/services/auth.py
+++ b/services/auth.py
@@ -6,33 +6,36 @@ from dogpile.cache import make_region
 from settings import ADMIN_SECRET, AUTH_URL
 from services.logger import root_logger as logger

+
 async def request_data(gql, headers=None):
    if headers is None:
-        headers = {'Content-Type': 'application/json'}
+        headers = {"Content-Type": "application/json"}
    try:
        async with httpx.AsyncClient() as client:
            response = await client.post(AUTH_URL, json=gql, headers=headers)
            if response.status_code == 200:
                data = response.json()
-                errors = data.get('errors')
+                errors = data.get("errors")
                if errors:
-                    logger.error(f'HTTP Errors: {errors}')
+                    logger.error(f"HTTP Errors: {errors}")
                else:
                    return data
    except Exception as e:
        # Handling and logging exceptions during authentication check
-        logger.error(f'request_data error: {e}')
+        logger.error(f"request_data error: {e}")
        return None


 # Создание региона кэша с TTL 30 секунд
-region = make_region().configure('dogpile.cache.memory', expiration_time=30)
+region = make_region().configure("dogpile.cache.memory", expiration_time=30)
+

 # Функция-ключ для кэширования
 def auth_cache_key(req):
-    token = req.headers.get('Authorization')
+    token = req.headers.get("Authorization")
    return f"auth_token:{token}"

+
 # Декоратор для кэширования запроса проверки токена
 def cache_auth_request(f):
    @wraps(f)
@@ -41,41 +44,43 @@ def cache_auth_request(f):
        cache_key = auth_cache_key(req)
        result = region.get(cache_key)
        if result is None:
-            [user_id, user_roles]  = await f(*args, **kwargs)
+            [user_id, user_roles] = await f(*args, **kwargs)
            if user_id:
                region.set(cache_key, [user_id, user_roles])
        return result
+
    return decorated_function

+
 # Измененная функция проверки аутентификации с кэшированием
@cache_auth_request
 async def check_auth(req):
-    token = req.headers.get('Authorization')
-    user_id = ''
+    token = req.headers.get("Authorization")
+    user_id = ""
    user_roles = []
    if token:
        try:
            # Logging the authentication token
-            logger.debug(f'{token}')
-            query_name = 'validate_jwt_token'
-            operation = 'ValidateToken'
+            logger.debug(f"{token}")
+            query_name = "validate_jwt_token"
+            operation = "ValidateToken"
            variables = {
-                'params': {
-                    'token_type': 'access_token',
-                    'token': token,
+                "params": {
+                    "token_type": "access_token",
+                    "token": token,
                }
            }

            gql = {
-                'query': f'query {operation}($params: ValidateJWTTokenInput!)  {{ {query_name}(params: $params) {{ is_valid claims }} }}',
-                'variables': variables,
-                'operationName': operation,
+                "query": f"query {operation}($params: ValidateJWTTokenInput!)  {{ {query_name}(params: $params) {{ is_valid claims }} }}",
+                "variables": variables,
+                "operationName": operation,
            }
            data = await request_data(gql)
            if data:
-                user_data = data.get('data', {}).get(query_name, {}).get('claims', {})
-                user_id = user_data.get('sub')
-                user_roles = user_data.get('allowed_roles')
+                user_data = data.get("data", {}).get(query_name, {}).get("claims", {})
+                user_id = user_data.get("sub")
+                user_roles = user_data.get("allowed_roles")
        except Exception as e:
            import traceback

@@ -87,41 +92,41 @@ async def check_auth(req):


 async def add_user_role(user_id):
-    logger.info(f'add author role for user_id: {user_id}')
-    query_name = '_update_user'
-    operation = 'UpdateUserRoles'
+    logger.info(f"add author role for user_id: {user_id}")
+    query_name = "_update_user"
+    operation = "UpdateUserRoles"
    headers = {
-        'Content-Type': 'application/json',
-        'x-authorizer-admin-secret': ADMIN_SECRET,
+        "Content-Type": "application/json",
+        "x-authorizer-admin-secret": ADMIN_SECRET,
    }
-    variables = {'params': {'roles': 'author, reader', 'id': user_id}}
+    variables = {"params": {"roles": "author, reader", "id": user_id}}
    gql = {
-        'query': f'mutation {operation}($params: UpdateUserInput!) {{ {query_name}(params: $params) {{ id roles }} }}',
-        'variables': variables,
-        'operationName': operation,
+        "query": f"mutation {operation}($params: UpdateUserInput!) {{ {query_name}(params: $params) {{ id roles }} }}",
+        "variables": variables,
+        "operationName": operation,
    }
    data = await request_data(gql, headers)
    if data:
-        user_id = data.get('data', {}).get(query_name, {}).get('id')
+        user_id = data.get("data", {}).get(query_name, {}).get("id")
        return user_id


 def login_required(f):
    @wraps(f)
    async def decorated_function(*args, **kwargs):
-        user_id = ''
+        user_id = ""
        user_roles = []
        info = args[1]

        try:
-            req = info.context.get('request')
+            req = info.context.get("request")
            [user_id, user_roles] = await check_auth(req)
        except Exception as e:
            logger.error(f"Failed to authenticate user: {e}")
        if user_id:
-            logger.info(f' got {user_id} roles: {user_roles}')
-        info.context['user_id'] = user_id.strip()
-        info.context['roles'] = user_roles
+            logger.info(f" got {user_id} roles: {user_roles}")
+        info.context["user_id"] = user_id.strip()
+        info.context["roles"] = user_roles
        return await f(*args, **kwargs)

    return decorated_function
@@ -130,7 +135,7 @@ def login_required(f):
 def auth_request(f):
    @wraps(f)
    async def decorated_function(*args, **kwargs):
-        user_id = ''
+        user_id = ""
        user_roles = []
        req = {}
        try:
@@ -142,9 +147,9 @@ def auth_request(f):
            traceback.print_exc()
            logger.error(f"Failed to authenticate user: {args} {e}")
        if user_id:
-            logger.info(f' got {user_id} roles: {user_roles}')
-        req['user_id'] = user_id.strip()
-        req['roles'] = user_roles
+            logger.info(f" got {user_id} roles: {user_roles}")
+        req["user_id"] = user_id.strip()
+        req["roles"] = user_roles
        return await f(*args, **kwargs)

    return decorated_function