From ceee6e4db9a7def34d8e2193a6088b2076e39fb8 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Thu, 4 Jul 2024 21:08:40 +0400
Subject: [PATCH] fix: Read auth token from the connection initialization
 payload

Websockets do not provide headers, and sending a token as a query param is also not good (it gets into server's logs),
As an alternative, we can provide a token in the first ws payload.

Read more: https://strawberry.rocks/docs/general/subscriptions#authenticating-subscriptions
---
 selfprivacy_api/graphql/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/selfprivacy_api/graphql/__init__.py b/selfprivacy_api/graphql/__init__.py
index 6124a1a..edd8a78 100644
--- a/selfprivacy_api/graphql/__init__.py
+++ b/selfprivacy_api/graphql/__init__.py
@@ -16,6 +16,10 @@ class IsAuthenticated(BasePermission):
         token = info.context["request"].headers.get("Authorization")
         if token is None:
             token = info.context["request"].query_params.get("token")
+        if token is None:
+            connection_params = info.context.get("connection_params")
+            if connection_params is not None:
+                token = connection_params.get("Authorization")
         if token is None:
             return False
         return is_token_valid(token.replace("Bearer ", ""))