fix: Read auth token from the connection initialization payload

Websockets do not provide headers, and sending a token as a query param is also not good (it gets into server's logs), As an alternative, we can provide a token in the first ws payload. Read more: https://strawberry.rocks/docs/general/subscriptions#authenticating-subscriptions
2024-11-17 08:02:36 +00:00 · 2024-07-04 21:08:40 +04:00 · 2024-07-04 21:08:40 +04:00 · ceee6e4db9
parent a7be03a6d3
commit ceee6e4db9
1 changed files with 4 additions and 0 deletions
--- a/selfprivacy_api/graphql/init.py
+++ b/selfprivacy_api/graphql/init.py
@ -16,6 +16,10 @@ class IsAuthenticated(BasePermission):
        token = info.context["request"].headers.get("Authorization")
        if token is None:
            token = info.context["request"].query_params.get("token")
+        if token is None:
+            connection_params = info.context.get("connection_params")
+            if connection_params is not None:
+                token = connection_params.get("Authorization")
        if token is None:
            return False
        return is_token_valid(token.replace("Bearer ", ""))