2022-06-24 17:08:58 +00:00
|
|
|
"""GraphQL API for SelfPrivacy."""
|
2024-07-26 19:59:44 +00:00
|
|
|
|
2022-06-24 17:08:58 +00:00
|
|
|
# pylint: disable=too-few-public-methods
|
2024-11-15 00:35:07 +00:00
|
|
|
from typing import Any
|
2022-06-24 17:08:58 +00:00
|
|
|
from strawberry.permission import BasePermission
|
|
|
|
from strawberry.types import Info
|
|
|
|
|
2022-12-26 15:20:58 +00:00
|
|
|
from selfprivacy_api.actions.api_tokens import is_token_valid
|
2022-06-24 17:08:58 +00:00
|
|
|
|
2022-06-24 18:14:20 +00:00
|
|
|
|
2022-06-24 17:08:58 +00:00
|
|
|
class IsAuthenticated(BasePermission):
|
|
|
|
"""Is authenticated permission"""
|
2022-06-24 18:14:20 +00:00
|
|
|
|
2022-06-24 17:08:58 +00:00
|
|
|
message = "You must be authenticated to access this resource."
|
|
|
|
|
2024-11-15 00:35:07 +00:00
|
|
|
def has_permission(self, source: Any, info: Info, **kwargs) -> bool:
|
2022-08-25 17:03:56 +00:00
|
|
|
token = info.context["request"].headers.get("Authorization")
|
|
|
|
if token is None:
|
|
|
|
token = info.context["request"].query_params.get("token")
|
2024-07-04 17:08:40 +00:00
|
|
|
if token is None:
|
|
|
|
connection_params = info.context.get("connection_params")
|
|
|
|
if connection_params is not None:
|
|
|
|
token = connection_params.get("Authorization")
|
2022-08-25 17:03:56 +00:00
|
|
|
if token is None:
|
2022-06-24 17:08:58 +00:00
|
|
|
return False
|
2022-08-25 17:03:56 +00:00
|
|
|
return is_token_valid(token.replace("Bearer ", ""))
|