add authorization check on both sides

This commit is contained in:
b1ek 2023-05-17 04:46:45 +10:00
parent 63132abc20
commit 8ded7379cb
Signed by: blek
GPG Key ID: 14546221E3595D0C
2 changed files with 21 additions and 8 deletions

View File

@ -1,5 +1,13 @@
from rest_framework.request import Request
from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
import ipware as iplib
ipware = iplib.IpWare();
def client_ip(req: HttpRequest):
return ipware.get_client_ip(req)[0].exploded;
def VVSUAuthProxy(req: HttpRequest): def VVSUAuthProxy(req: HttpRequest):
proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):]; proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
@ -19,14 +27,8 @@ def register(oid, provider_id, name):
favorites_apartments='', favorites_apartments='',
comparison_apartments='', comparison_apartments='',
name=name, name=name,
# date_of_birth=,
about_me='', about_me='',
gender='?', gender='?',
phone='+00000',
# email=,
# telegram=,
# discord=,
# city=,
role='s', role='s',
photo_provider='VVSU', photo_provider='VVSU',
openid_addr=oid, openid_addr=oid,
@ -85,3 +87,14 @@ def verify_auth_token(key, ip):
return False; return False;
return True; return True;
def auth_required(func):
"""
Use authorization for this route.
"""
def inner(req: HttpRequest):
if ('Authorization' not in req.headers.keys()):
return JsonResponse({'error': 'no auth token'});
if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
return JsonResponse({'error': 'auth token invalid or expired'});
func();

View File

@ -63,9 +63,9 @@ class Client extends User {
method, method,
headers: { headers: {
...(options.headers ? options.headers : {}), ...(options.headers ? options.headers : {}),
'X-Pairent-Auth': this.key.key 'Authorization': this.key.key
}, },
...options ...options
}); });
} }