add authorization check on both sides
This commit is contained in:
parent
63132abc20
commit
8ded7379cb
|
@ -1,5 +1,13 @@
|
||||||
|
from rest_framework.request import Request
|
||||||
|
|
||||||
from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
|
from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
|
||||||
|
|
||||||
|
import ipware as iplib
|
||||||
|
ipware = iplib.IpWare();
|
||||||
|
|
||||||
|
def client_ip(req: HttpRequest):
|
||||||
|
return ipware.get_client_ip(req)[0].exploded;
|
||||||
|
|
||||||
def VVSUAuthProxy(req: HttpRequest):
|
def VVSUAuthProxy(req: HttpRequest):
|
||||||
proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
|
proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
|
||||||
|
|
||||||
|
@ -19,14 +27,8 @@ def register(oid, provider_id, name):
|
||||||
favorites_apartments='',
|
favorites_apartments='',
|
||||||
comparison_apartments='',
|
comparison_apartments='',
|
||||||
name=name,
|
name=name,
|
||||||
# date_of_birth=,
|
|
||||||
about_me='',
|
about_me='',
|
||||||
gender='?',
|
gender='?',
|
||||||
phone='+00000',
|
|
||||||
# email=,
|
|
||||||
# telegram=,
|
|
||||||
# discord=,
|
|
||||||
# city=,
|
|
||||||
role='s',
|
role='s',
|
||||||
photo_provider='VVSU',
|
photo_provider='VVSU',
|
||||||
openid_addr=oid,
|
openid_addr=oid,
|
||||||
|
@ -85,3 +87,14 @@ def verify_auth_token(key, ip):
|
||||||
return False;
|
return False;
|
||||||
|
|
||||||
return True;
|
return True;
|
||||||
|
|
||||||
|
def auth_required(func):
|
||||||
|
"""
|
||||||
|
Use authorization for this route.
|
||||||
|
"""
|
||||||
|
def inner(req: HttpRequest):
|
||||||
|
if ('Authorization' not in req.headers.keys()):
|
||||||
|
return JsonResponse({'error': 'no auth token'});
|
||||||
|
if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
|
||||||
|
return JsonResponse({'error': 'auth token invalid or expired'});
|
||||||
|
func();
|
|
@ -63,9 +63,9 @@ class Client extends User {
|
||||||
method,
|
method,
|
||||||
headers: {
|
headers: {
|
||||||
...(options.headers ? options.headers : {}),
|
...(options.headers ? options.headers : {}),
|
||||||
'X-Pairent-Auth': this.key.key
|
'Authorization': this.key.key
|
||||||
},
|
},
|
||||||
|
|
||||||
...options
|
...options
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue