core/services/auth.py

from functools import wraps
import aiohttp
from aiohttp.web import HTTPUnauthorized
from settings import AUTH_URL


async def check_auth(req):
    token = req.headers.get("Authorization")
    if token:
        print(f"[services.auth] checking auth token: {token}")

        gql = {
            "query": "query { validate_jwt_token( params: ValidateJWTTokenInput!) { is_valid claims } }",
            "variables": {"params": {"token_type": "access_token", "token": token}},
        }

        async with aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=30.0)) as session:
            async with session.post(AUTH_URL, json=gql) as response:
                response_text = await response.text()
                print(f"[services.auth] response text: {response_text}")

                if response.status != 200:
                    return False, None
                r = await response.json()
                print(f"[services.auth] response: {r}")
                try:
                    data = r.get("data")
                    is_authenticated = False
                    user_id = None
                    if data:
                        result = data.get("validate_jwt_token", {})
                        is_authenticated = result.get("is_valid")
                        if is_authenticated:
                            user_id = result.get("claims", {}).get("sub")
                    return is_authenticated, user_id
                except Exception as e:
                    print(f"{e}: {r}")
    return False, None


def login_required(f):
    @wraps(f)
    async def decorated_function(*args, **kwargs):
        info = args[1]
        context = info.context
        print(context)
        req = context.get("request")
        is_authenticated, user_id = await check_auth(req)
        if not is_authenticated:
            raise Exception("You are not logged in")
        else:
            # Add user_id to the context
            context["user_id"] = user_id

        # If the user is authenticated, execute the resolver
        return await f(*args, **kwargs)

    return decorated_function


def auth_request(f):
    @wraps(f)
    async def decorated_function(*args, **kwargs):
        req = args[0]
        is_authenticated, user_id = await check_auth(req)
        if not is_authenticated:
            raise HTTPUnauthorized(text="Please, login first")
        else:
            req["user_id"] = user_id
        return await f(*args, **kwargs)

    return decorated_function