feat(api): enhanced auth
feat(api): check for project existence before any response
This commit is contained in:
Taha Yassine Kraiem
parent
ea6e21b94c
commit
ef6b78b1c4
7 changed files with 8 additions and 21 deletions
|
|
@ -13,9 +13,9 @@ def jwt_authorizer(token):
|
|||
try:
|
||||
payload = jwt.decode(
|
||||
token[1],
|
||||
"",
|
||||
config("jwt_secret"),
|
||||
algorithms=config("jwt_algorithm"),
|
||||
audience=[ f"front:default-foss"]
|
||||
audience=[f"plugin:{helper.get_stage_name()}", f"front:{helper.get_stage_name()}"]
|
||||
)
|
||||
except jwt.ExpiredSignatureError:
|
||||
print("! JWT Expired signature")
|
||||
|
|
@ -42,7 +42,7 @@ def generate_jwt(id, tenant_id, iat, aud):
|
|||
payload={
|
||||
"userId": id,
|
||||
"tenantId": tenant_id,
|
||||
"exp": iat // 1000 + config("jwt_exp_delta_seconds",cast=int) + TimeUTC.get_utc_offset() // 1000,
|
||||
"exp": iat // 1000 + config("jwt_exp_delta_seconds", cast=int) + TimeUTC.get_utc_offset() // 1000,
|
||||
"iss": config("jwt_issuer"),
|
||||
"iat": iat // 1000,
|
||||
"aud": aud
|
||||
|
|
|
|||
|
|
@ -244,7 +244,8 @@ def get_project_key(project_id):
|
|||
where project_id =%(project_id)s AND deleted_at ISNULL;""",
|
||||
{"project_id": project_id})
|
||||
)
|
||||
return cur.fetchone()["project_key"]
|
||||
project = cur.fetchone()
|
||||
return project["project_key"] if project is not None else None
|
||||
|
||||
|
||||
def get_capture_status(project_id):
|
||||
|
|
|
|||
|
|
@ -571,7 +571,6 @@ def auth_exists(user_id, tenant_id, jwt_iat, jwt_aud):
|
|||
)
|
||||
|
||||
|
||||
@dev.timed
|
||||
def authenticate(email, password, for_change_password=False, for_plugin=False):
|
||||
with pg_client.PostgresClient() as cur:
|
||||
query = cur.mogrify(
|
||||
|
|
|
|||
1
ee/api/.gitignore
vendored
1
ee/api/.gitignore
vendored
|
|
@ -242,6 +242,7 @@ Pipfile
|
|||
/auth/auth_apikey.py
|
||||
/auth/auth_jwt.py
|
||||
/build.sh
|
||||
/routers/base.py
|
||||
/routers/core.py
|
||||
/routers/crons/core_crons.py
|
||||
/routers/subs/dashboard.py
|
||||
|
|
|
|||
|
|
@ -257,7 +257,8 @@ def get_project_key(project_id):
|
|||
where project_id =%(project_id)s AND deleted_at ISNULL;""",
|
||||
{"project_id": project_id})
|
||||
)
|
||||
return cur.fetchone()["project_key"]
|
||||
project = cur.fetchone()
|
||||
return project["project_key"] if project is not None else None
|
||||
|
||||
|
||||
def get_capture_status(project_id):
|
||||
|
|
|
|||
|
|
@ -632,7 +632,6 @@ def change_jwt_iat(user_id):
|
|||
return cur.fetchone().get("jwt_iat")
|
||||
|
||||
|
||||
@dev.timed
|
||||
def authenticate(email, password, for_change_password=False, for_plugin=False):
|
||||
with pg_client.PostgresClient() as cur:
|
||||
query = cur.mogrify(
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
from fastapi import APIRouter, Depends
|
||||
|
||||
from auth.auth_apikey import APIKeyAuth
|
||||
from auth.auth_jwt import JWTAuth
|
||||
from auth.auth_project import ProjectAuthorizer
|
||||
from or_dependencies import ORRoute
|
||||
|
||||
|
||||
def get_routers() -> (APIRouter, APIRouter, APIRouter):
|
||||
public_app = APIRouter(route_class=ORRoute)
|
||||
app = APIRouter(dependencies=[Depends(JWTAuth()), Depends(ProjectAuthorizer("projectId"))], route_class=ORRoute)
|
||||
app_apikey = APIRouter(dependencies=[Depends(APIKeyAuth()), Depends(ProjectAuthorizer("projectKey"))],
|
||||
route_class=ORRoute)
|
||||
return public_app, app, app_apikey
|
||||
Loading…
Add table
Reference in a new issue