SelfPrivacy/selfprivacy-rest-api
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git synced 2024-11-09 12:43:11 +00:00
Code Issues Projects Releases Wiki Activity

fix: Read auth token from the connection initialization payload

Browse source 
Websockets do not provide headers, and sending a token as a query param is also not good (it gets into server's logs),
As an alternative, we can provide a token in the first ws payload.

Read more: https://strawberry.rocks/docs/general/subscriptions#authenticating-subscriptions
This commit is contained in:
Inex Code 2024-07-04 21:08:40 +04:00
parent a7be03a6d3
commit ceee6e4db9
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
selfprivacy_api/graphql/__init__.py
View file

@ -16,6 +16,10 @@ class IsAuthenticated(BasePermission):
token = info.context["request"].headers.get("Authorization") token = info.context["request"].headers.get("Authorization")
if token is None: if token is None:
token = info.context["request"].query_params.get("token") token = info.context["request"].query_params.get("token")
if token is None:
connection_params = info.context.get("connection_params")
if connection_params is not None:
token = connection_params.get("Authorization")
if token is None: if token is None:
return False return False
return is_token_valid(token.replace("Bearer ", "")) return is_token_valid(token.replace("Bearer ", ""))