legacy/pairent_backend/pairent_app/authlib.py

from rest_framework.request import Request

from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest

import ipware as iplib
ipware = iplib.IpWare();

def client_ip(req: HttpRequest):
    return ipware.get_client_ip(req)[0].exploded;

def VVSUAuthProxy(req: HttpRequest):
    proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
    
    preq = requests.request(req.method, proxy, headers={
        'User-Agent': 'OIDC Client / Pairent',
        'Origin': 'http://pairent.vvsu.ru',
        'Referer': 'http://pairent.vvsu.ru'
    });

    resp = HttpResponse(preq.content);
    resp.headers['Content-Type'] = preq.headers['Content-Type'];

    return resp;

def register(oid, provider_id, name):
    user = User(
        favorites_apartments='',    
        comparison_apartments='', 
        name=name, 
        about_me='', 
        gender='?', 
        role='s', 
        photo_provider='VVSU', 
        openid_addr=oid, 
        openid_id=provider_id, 
    );
    user.save();
    return user;

def get_oauth_token(remote, data):
    return requests.post(remote + '/oauth2/token', data,
            headers={
                'Origin': 'https://pairent.vvsu.ru',
                'Referer': 'https://pairent.vvsu.ru'
            }).json();

def get_oauth_data(remote, key):
    return requests.get(remote + '/userinfo', headers={
                'Origin': 'https://pairent.vvsu.ru',
                'Authorization': 'Bearer ' + key,
                'User-Agent': 'curl/8.1'
            }).json();

def create_auth_token(userid, ip):

    try:
        token = AuthToken.objects.get(user=userid, ip=ip);
        if (verify_auth_token(token.key, token.ip)):
            return token;
    except AuthToken.DoesNotExist:
        0 # ignore

    token = AuthToken(
        user=userid,
        key=str(uuid.uuid4()),
        #                          2 days
        #                            vvv
        expires=time.time() + 60 * 60 * 24 * 2,
        ip=ip
    );
    token.save();
    return token;

def verify_auth_token(key, ip):
    
    try:
        token = AuthToken.objects.get(key=key);
    except AuthToken.DoesNotExist:
        return False;       

    if (token.ip != ip):
        token.delete();
        return False;
    
    if (token.expires > time.time()):
        token.delete();
        return False;
    
    return True;

def auth_required(func):
    """
        Use authorization for this route.
    """
    def inner(req: HttpRequest):
        if ('Authorization' not in req.headers.keys()):
            return JsonResponse({'error': 'no auth token'});
        if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
            return JsonResponse({'error': 'auth token invalid or expired'});
        func();
add authorization check on both sides 2023-05-16 20:46:45 +02:00			`from rest_framework.request import Request`

move auth functions to different file 2023-05-16 18:51:21 +02:00			`from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest`

add authorization check on both sides 2023-05-16 20:46:45 +02:00			`import ipware as iplib`
			`ipware = iplib.IpWare();`

			`def client_ip(req: HttpRequest):`
			`return ipware.get_client_ip(req)[0].exploded;`

move auth functions to different file 2023-05-16 18:51:21 +02:00			`def VVSUAuthProxy(req: HttpRequest):`
			`proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];`

			`preq = requests.request(req.method, proxy, headers={`
			`'User-Agent': 'OIDC Client / Pairent',`
			`'Origin': 'http://pairent.vvsu.ru',`
			`'Referer': 'http://pairent.vvsu.ru'`
			`});`

			`resp = HttpResponse(preq.content);`
			`resp.headers['Content-Type'] = preq.headers['Content-Type'];`

			`return resp;`

			`def register(oid, provider_id, name):`
			`user = User(`
			`favorites_apartments='',`
			`comparison_apartments='',`
			`name=name,`
			`about_me='',`
			`gender='?',`
			`role='s',`
			`photo_provider='VVSU',`
			`openid_addr=oid,`
			`openid_id=provider_id,`
			`);`
			`user.save();`
			`return user;`

			`def get_oauth_token(remote, data):`
			`return requests.post(remote + '/oauth2/token', data,`
			`headers={`
			`'Origin': 'https://pairent.vvsu.ru',`
			`'Referer': 'https://pairent.vvsu.ru'`
			`}).json();`

			`def get_oauth_data(remote, key):`
			`return requests.get(remote + '/userinfo', headers={`
			`'Origin': 'https://pairent.vvsu.ru',`
			`'Authorization': 'Bearer ' + key,`
			`'User-Agent': 'curl/8.1'`
			`}).json();`

			`def create_auth_token(userid, ip):`

			`try:`
			`token = AuthToken.objects.get(user=userid, ip=ip);`
			`if (verify_auth_token(token.key, token.ip)):`
			`return token;`
			`except AuthToken.DoesNotExist:`
			`0 # ignore`

			`token = AuthToken(`
			`user=userid,`
			`key=str(uuid.uuid4()),`
			`# 2 days`
			`# vvv`
			`expires=time.time() + 60 * 60 * 24 * 2,`
			`ip=ip`
			`);`
			`token.save();`
			`return token;`

			`def verify_auth_token(key, ip):`

			`try:`
			`token = AuthToken.objects.get(key=key);`
			`except AuthToken.DoesNotExist:`
			`return False;`

			`if (token.ip != ip):`
			`token.delete();`
			`return False;`

			`if (token.expires > time.time()):`
			`token.delete();`
			`return False;`

			`return True;`
add authorization check on both sides 2023-05-16 20:46:45 +02:00
			`def auth_required(func):`
			`"""`
			`Use authorization for this route.`
			`"""`
			`def inner(req: HttpRequest):`
			`if ('Authorization' not in req.headers.keys()):`
			`return JsonResponse({'error': 'no auth token'});`
			`if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):`
			`return JsonResponse({'error': 'auth token invalid or expired'});`
			`func();`