add authorization check on both sides
This commit is contained in:
parent
63132abc20
commit
8ded7379cb
|
@ -1,5 +1,13 @@
|
|||
from rest_framework.request import Request
|
||||
|
||||
from django.http import HttpResponseBadRequest, HttpResponse, JsonResponse, HttpRequest
|
||||
|
||||
import ipware as iplib
|
||||
ipware = iplib.IpWare();
|
||||
|
||||
def client_ip(req: HttpRequest):
|
||||
return ipware.get_client_ip(req)[0].exploded;
|
||||
|
||||
def VVSUAuthProxy(req: HttpRequest):
|
||||
proxy = 'https://vvsu.ru/connect' + req.path[len('/api/auth/vvsu'):];
|
||||
|
||||
|
@ -19,14 +27,8 @@ def register(oid, provider_id, name):
|
|||
favorites_apartments='',
|
||||
comparison_apartments='',
|
||||
name=name,
|
||||
# date_of_birth=,
|
||||
about_me='',
|
||||
gender='?',
|
||||
phone='+00000',
|
||||
# email=,
|
||||
# telegram=,
|
||||
# discord=,
|
||||
# city=,
|
||||
role='s',
|
||||
photo_provider='VVSU',
|
||||
openid_addr=oid,
|
||||
|
@ -85,3 +87,14 @@ def verify_auth_token(key, ip):
|
|||
return False;
|
||||
|
||||
return True;
|
||||
|
||||
def auth_required(func):
|
||||
"""
|
||||
Use authorization for this route.
|
||||
"""
|
||||
def inner(req: HttpRequest):
|
||||
if ('Authorization' not in req.headers.keys()):
|
||||
return JsonResponse({'error': 'no auth token'});
|
||||
if (not verify_auth_token(req.headers['Authorization'], client_ip(req))):
|
||||
return JsonResponse({'error': 'auth token invalid or expired'});
|
||||
func();
|
|
@ -63,7 +63,7 @@ class Client extends User {
|
|||
method,
|
||||
headers: {
|
||||
...(options.headers ? options.headers : {}),
|
||||
'X-Pairent-Auth': this.key.key
|
||||
'Authorization': this.key.key
|
||||
},
|
||||
|
||||
...options
|
||||
|
|
Loading…
Reference in New Issue