add authorization check on both sides

2023-05-17 04:46:45 +10:00 · 2023-05-17 04:46:45 +10:00 · 8ded7379cb
parent 63132abc20
commit 8ded7379cb
2 changed files with 21 additions and 8 deletions
--- a/pairent_backend/pairent_app/authlib.py
+++ b/pairent_backend/pairent_app/authlib.py
@ -1,5 +1,13 @@
+from rest_framework.request import Request
+
 from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest

+import ipware as iplib
+ipware = iplib.IpWare();
+
+def client_ip(req: HttpRequest):
+    return ipware.get_client_ip(req)[0].exploded;
+
 def VVSUAuthProxy(req: HttpRequest):
    proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
    
@ -19,14 +27,8 @@ def register(oid, provider_id, name):
        favorites_apartments='',    
        comparison_apartments='', 
        name=name, 
-        # date_of_birth=, 
        about_me='', 
        gender='?', 
-        phone='+00000', 
-        # email=, 
-        # telegram=, 
-        # discord=, 
-        # city=, 
        role='s', 
        photo_provider='VVSU', 
        openid_addr=oid, 
@ -85,3 +87,14 @@ def verify_auth_token(key, ip):
        return False;
    
    return True;
+
+def auth_required(func):
+    """
+        Use authorization for this route.
+    """
+    def inner(req: HttpRequest):
+        if ('Authorization' not in req.headers.keys()):
+            return JsonResponse({'error': 'no auth token'});
+        if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
+            return JsonResponse({'error': 'auth token invalid or expired'});
+        func();
--- a/pairent_frontend_react/src/API/Client.js
+++ b/pairent_frontend_react/src/API/Client.js
@ -63,9 +63,9 @@ class Client extends User {
            method,
            headers: {
                ...(options.headers ? options.headers : {}),
-                'X-Pairent-Auth': this.key.key
+                'Authorization': this.key.key
            },
-            
+
            ...options
        });
    }