add authorization check on both sides

2023-05-17 04:46:45 +10:00 · 2023-05-17 04:46:45 +10:00 · 8ded7379cb
parent 63132abc20
commit 8ded7379cb
2 changed files with 21 additions and 8 deletions
--- a/pairent_backend/pairent_app/authlib.py
+++ b/pairent_backend/pairent_app/authlib.py
@ -1,5 +1,13 @@
 from rest_framework.request import Request
 from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
 import ipware as iplib
 ipware = iplib.IpWare();
 def client_ip(req: HttpRequest):
    return ipware.get_client_ip(req)[0].exploded;
 def VVSUAuthProxy(req: HttpRequest):
    proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
@ -19,14 +27,8 @@ def register(oid, provider_id, name):
        favorites_apartments='',    
        comparison_apartments='', 
        name=name, 
        # date_of_birth=, 
        about_me='', 
        gender='?', 
        phone='+00000', 
        # email=, 
        # telegram=, 
        # discord=, 
        # city=, 
        role='s', 
        photo_provider='VVSU', 
        openid_addr=oid, 
@ -85,3 +87,14 @@ def verify_auth_token(key, ip):
        return False;
    return True;
 def auth_required(func):
    """
        Use authorization for this route.
    """
    def inner(req: HttpRequest):
        if ('Authorization' not in req.headers.keys()):
            return JsonResponse({'error': 'no auth token'});
        if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
            return JsonResponse({'error': 'auth token invalid or expired'});
        func();
--- a/pairent_frontend_react/src/API/Client.js
+++ b/pairent_frontend_react/src/API/Client.js
@ -63,7 +63,7 @@ class Client extends User {
            method,
            headers: {
                ...(options.headers ? options.headers : {}),
-                'X-Pairent-Auth': this.key.key
+                'Authorization': this.key.key
            },
            ...options