selfprivacy-rest-api/selfprivacy_api/graphql/__init__.py

27 lines
946 B
Python
Raw Normal View History

2022-06-24 17:08:58 +00:00
"""GraphQL API for SelfPrivacy."""
2024-07-26 19:59:44 +00:00
2022-06-24 17:08:58 +00:00
# pylint: disable=too-few-public-methods
import typing
from strawberry.permission import BasePermission
from strawberry.types import Info
from selfprivacy_api.actions.api_tokens import is_token_valid
2022-06-24 17:08:58 +00:00
2022-06-24 18:14:20 +00:00
2022-06-24 17:08:58 +00:00
class IsAuthenticated(BasePermission):
"""Is authenticated permission"""
2022-06-24 18:14:20 +00:00
2022-06-24 17:08:58 +00:00
message = "You must be authenticated to access this resource."
def has_permission(self, source: typing.Any, info: Info, **kwargs) -> bool:
token = info.context["request"].headers.get("Authorization")
if token is None:
token = info.context["request"].query_params.get("token")
if token is None:
connection_params = info.context.get("connection_params")
if connection_params is not None:
token = connection_params.get("Authorization")
if token is None:
2022-06-24 17:08:58 +00:00
return False
return is_token_valid(token.replace("Bearer ", ""))