Commit bf80d34b authored by Pavel Kuzmenko's avatar Pavel Kuzmenko
Browse files

feat(api): add redirect for broken token

issue: #15
parent 65a797e0
......@@ -77,7 +77,8 @@ async def auth_auction(request):
auction_id = data['id']
redirect_url = utils.build_redirect_url(auction_id)
response = web.HTTPSeeOther(redirect_url)
response.set_cookie(name=f'auth_token-{auction_id}', value=bid_token, httponly='1', max_age=utils.COOKIE_MAX_AGE,
domain=utils.DOMAIN, path=f'/api/auctions/{auction_id}')
response.set_cookie(name=f'auth_token-{auction_id}', value=bid_token, httponly=True,
max_age=environment['COOKIE_MAX_AGE'],
domain=environment['DOMAIN'], path=f'/api/auctions/{auction_id}')
LOG.info(f'bidder {data["bid"]} successfuly redirected to auction {auction_id}')
return response
......@@ -12,7 +12,7 @@ from prozorro_sale.tools.middlewares import request_id_middleware
from prozorro_sale.auth import context_middleware, load_auth
from prozorro_sale.auth.environment import environment, spec
from prozorro_sale.auth.api.routes import init_routes
from prozorro_sale.auth.errors import ERROR_DICT
from prozorro_sale.auth.errors import ERROR_DICT, resolve_error_resp
LOG = logger.get_custom_logger(__name__)
SWAGGER_DOC_AVAILABLE = environment['SWAGGER_DOC']
......@@ -42,7 +42,7 @@ def create_app():
load_auth(AUTH_FILE)
app = web.Application(middlewares=[
request_id_middleware,
catch_error_middleware(ERROR_DICT),
catch_error_middleware(ERROR_DICT, resolve_error_resp),
context_middleware,
])
init_routes(app)
......
from prozorro_sale.tools.environment import Environment, booleans
from prozorro_sale.tools.environment import Environment, booleans, url
__all__ = ['environment']
......@@ -10,6 +10,9 @@ spec = {
'SWAGGER_DOC': booleans,
'AUTH_FILE': str,
'AUTH_IP_BLOCK_STRICT': booleans,
'AUCTIONS_API': url,
'DOMAIN': str,
'COOKIE_MAX_AGE': int,
}
default = {
'API_HOST': '0.0.0.0',
......@@ -19,6 +22,9 @@ default = {
'SWAGGER_DOC': False,
'AUTH_FILE': '/secrets/auth.yml',
'AUTH_IP_BLOCK_STRICT': False,
'AUCTIONS_API': 'localhost',
'DOMAIN': 'localhost',
'COOKIE_MAX_AGE': 86400
}
environment = Environment(spec=spec, default=default)
from aiohttp import web
from aiohttp import web, hdrs
from prozorro_sale import tools
from aiohttp.web_exceptions import HTTPNotFound, HTTPMethodNotAllowed
from prozorro_sale.auth.environment import environment
class AuthException(Exception):
......@@ -26,19 +27,12 @@ ERROR_DICT = {
}
@web.middleware
async def request_errors_middleware(request, handler):
"""
Middleware to handle common exceptions from handlers.
For unique cases use ./utils.expects decorator.
"""
try:
return await handler(request)
except tuple(ERROR_DICT.keys()) as ex:
code, message = ERROR_DICT[type(ex)]
LOG.info(message.format(ex))
return web.json_response({'message': message.format(ex)}, status=code)
except Exception as e:
LOG.exception(f'Unknown error caught in API - {e}')
return web.json_response({'message': 'Internal server error'}, status=500)
async def resolve_error_resp(msg, code, req: web):
if all([
'text/html' in req.headers.get('Accept'),
code == 403,
req.method == hdrs.METH_GET,
req.path == '/api/auth/auction'
]):
return web.HTTPSeeOther(f'{environment["AUCTIONS_API"]}/auntification_fail')
return web.json_response({'message': msg}, status=code)
from prozorro_sale.auth import errors
import jwt
import os
from datetime import datetime, timedelta
from prozorro_sale.auth.environment import environment
PRIVATE_KEY = None
PUBLIC_KEY = None
APIPUBLIC_KEY = None
ALGORITHM = 'RS256'
COOKIE_MAX_AGE = 86400
AUCTIONS_API = os.environ['AUCTIONS_API']
DOMAIN = os.environ['DOMAIN']
def get_token(request):
token = request.query.get('token')
......@@ -85,4 +79,4 @@ def create_auth_token(data):
def build_redirect_url(auction_id):
return f'{AUCTIONS_API}/{auction_id}'
return f'{environment["AUCTIONS_API"]}/{auction_id}'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment