diff --git a/pairent_backend/pairent_app/authlib.py b/pairent_backend/pairent_app/authlib.py index 3026648..cb281d8 100644 --- a/pairent_backend/pairent_app/authlib.py +++ b/pairent_backend/pairent_app/authlib.py @@ -1,5 +1,13 @@ +from rest_framework.request import Request + from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest +import ipware as iplib +ipware = iplib.IpWare(); + +def client_ip(req: HttpRequest): + return ipware.get_client_ip(req)[0].exploded; + def VVSUAuthProxy(req: HttpRequest): proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):]; @@ -19,14 +27,8 @@ def register(oid, provider_id, name): favorites_apartments='', comparison_apartments='', name=name, - # date_of_birth=, about_me='', gender='?', - phone='+00000', - # email=, - # telegram=, - # discord=, - # city=, role='s', photo_provider='VVSU', openid_addr=oid, @@ -85,3 +87,14 @@ def verify_auth_token(key, ip): return False; return True; + +def auth_required(func): + """ + Use authorization for this route. + """ + def inner(req: HttpRequest): + if ('Authorization' not in req.headers.keys()): + return JsonResponse({'error': 'no auth token'}); + if (not verify_auth_token(req.headers['Authorization'], client_ip(req))): + return JsonResponse({'error': 'auth token invalid or expired'}); + func(); \ No newline at end of file diff --git a/pairent_frontend_react/src/API/Client.js b/pairent_frontend_react/src/API/Client.js index 35c8b5d..8908cc4 100644 --- a/pairent_frontend_react/src/API/Client.js +++ b/pairent_frontend_react/src/API/Client.js @@ -63,9 +63,9 @@ class Client extends User { method, headers: { ...(options.headers ? options.headers : {}), - 'X-Pairent-Auth': this.key.key + 'Authorization': this.key.key }, - + ...options }); }