selfprivacy-rest-api/selfprivacy_api/graphql/__init__.py

"""GraphQL API for SelfPrivacy."""

# pylint: disable=too-few-public-methods
import typing
from strawberry.permission import BasePermission
from strawberry.types import Info

from selfprivacy_api.actions.api_tokens import is_token_valid


class IsAuthenticated(BasePermission):
    """Is authenticated permission"""

    message = "You must be authenticated to access this resource."

    def has_permission(self, source: typing.Any, info: Info, **kwargs) -> bool:
        token = info.context["request"].headers.get("Authorization")
        if token is None:
            token = info.context["request"].query_params.get("token")
        if token is None:
            connection_params = info.context.get("connection_params")
            if connection_params is not None:
                token = connection_params.get("Authorization")
        if token is None:
            return False
        return is_token_valid(token.replace("Bearer ", ""))
add auth check 2022-06-24 20:08:58 +03:00			`"""GraphQL API for SelfPrivacy."""`
style: Reformat with new Black version 2024-07-26 22:59:44 +03:00
add auth check 2022-06-24 20:08:58 +03:00			`# pylint: disable=too-few-public-methods`
			`import typing`
			`from strawberry.permission import BasePermission`
			`from strawberry.types import Info`

refactor(tokens-repo): delete is_token_valid from auth utils 2022-12-26 15:20:58 +00:00			`from selfprivacy_api.actions.api_tokens import is_token_valid`
add auth check 2022-06-24 20:08:58 +03:00
add basic system getters 2022-06-24 21:14:20 +03:00
add auth check 2022-06-24 20:08:58 +03:00			`class IsAuthenticated(BasePermission):`
			`"""Is authenticated permission"""`
add basic system getters 2022-06-24 21:14:20 +03:00
add auth check 2022-06-24 20:08:58 +03:00			`message = "You must be authenticated to access this resource."`

			`def has_permission(self, source: typing.Any, info: Info, **kwargs) -> bool:`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 20:03:56 +03:00			`token = info.context["request"].headers.get("Authorization")`
			`if token is None:`
			`token = info.context["request"].query_params.get("token")`
fix: Read auth token from the connection initialization payload Websockets do not provide headers, and sending a token as a query param is also not good (it gets into server's logs), As an alternative, we can provide a token in the first ws payload. Read more: https://strawberry.rocks/docs/general/subscriptions#authenticating-subscriptions 2024-07-04 21:08:40 +04:00			`if token is None:`
			`connection_params = info.context.get("connection_params")`
			`if connection_params is not None:`
			`token = connection_params.get("Authorization")`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 20:03:56 +03:00			`if token is None:`
add auth check 2022-06-24 20:08:58 +03:00			`return False`
Migrate to FastAPI (#13) Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api/pulls/13 2022-08-25 20:03:56 +03:00			`return is_token_valid(token.replace("Bearer ", ""))`