diff --git a/services/auth.py b/services/auth.py index 988749d..bb3ce6c 100644 --- a/services/auth.py +++ b/services/auth.py @@ -1,35 +1,67 @@ +from services.core import get_author from functools import wraps import aiohttp +from aiohttp.web import HTTPUnauthorized -from services.core import get_author from settings import AUTH_URL -async def check_auth(req): +async def check_auth(req) -> (bool, int | None): token = req.headers.get("Authorization") - headers = {"Authorization": token, "Content-Type": "application/json"} # "Bearer " + removed - print(f"[services.auth] checking auth token: {token}") + if token: + # Logging the authentication token + print(f"[services.auth] checking auth token: {token}") + query_name = "validate_jwt_token" + opeation = "ValidateToken" + headers = { + "Content-Type": "application/json", + } - query_name = "session" - query_type = "query" - operation = "GetUserId" + variables = { + "params": { + "token_type": "access_token", + "token": token.encode("utf-8"), + } + } - gql = { - "query": query_type + " " + operation + " { " + query_name + " { user { id } } }", - "operationName": operation, - "variables": None, - } + gql = { + "query": f"query {opeation}($params: ValidateJWTTokenInput!) {{ {query_name}(params: $params) {{ is_valid claims }} }}", + "variables": variables, + "operationName": opeation, + } + print(f"[services.auth] Graphql: {gql}") + try: + # Asynchronous HTTP request to the authentication server + async with aiohttp.ClientSession() as session: + async with session.post(AUTH_URL, json=gql, headers=headers) as response: + # Logging the GraphQL response + response_text = await response.text() + print(f"[services.auth] GraphQL Response: {response_text}") + + if response.status == 200: + # Parsing JSON response + data = await response.json() + errors = data.get("errors") + if errors: + print(f"[services.auth] errors: {errors}") + else: + user_id = data.get("data", {}).get(query_name, {}).get("claims", {}).get("sub") + + if user_id: + # Logging the retrieved user ID + print(f"[services.auth] User ID retrieved: {user_id}") + return True, user_id + else: + # Logging when no user ID is found in the response + print("[services.auth] No user ID found in the response") + else: + # Logging when the request to the authentication server fails + print(f"[services.auth] Request failed with status: {response.status}") + + except Exception as e: + # Handling and logging exceptions during authentication check + print(f"[services.auth] {e}") - async with aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=30.0)) as session: - async with session.post(AUTH_URL, headers=headers, json=gql) as response: - print(f"[services.auth] {AUTH_URL} response: {response.status}") - if response.status != 200: - return False, None - r = await response.json() - if r: - user_id = r.get("data", {}).get(query_name, {}).get("user", {}).get("id", None) - is_authenticated = user_id is not None - return is_authenticated, user_id return False, None @@ -41,7 +73,8 @@ def login_required(f): req = context.get("request") is_authenticated, user_id = await check_auth(req) if not is_authenticated: - raise Exception("You are not logged in") + # Raising HTTPUnauthorized exception if the user is not authenticated + raise HTTPUnauthorized(text="Please, login first") else: # Добавляем author_id и user_id в контекст context["author_id"] = await get_author(user_id)