feat(api): add redirect for broken token

issue: #15

feat(api): add redirect for broken token
issue: #15
bf80d34b · Pavel Kuzmenko · 65a797e0 · bf80d34b · bf80d34b · bf80d34b
Commit bf80d34b authored Dec 07, 2021 by Pavel Kuzmenko
--- a/src/prozorro_sale/auth/api/api.py
+++ b/src/prozorro_sale/auth/api/api.py
@@ -77,7 +77,8 @@ async def auth_auction(request):
    auction_id = data['id']
    redirect_url = utils.build_redirect_url(auction_id)
    response = web.HTTPSeeOther(redirect_url)
-    response.set_cookie(name=f'auth_token-{auction_id}', value=bid_token, httponly='1', max_age=utils.COOKIE_MAX_AGE,
-                        domain=utils.DOMAIN, path=f'/api/auctions/{auction_id}')
+    response.set_cookie(name=f'auth_token-{auction_id}', value=bid_token, httponly=True,
+                        max_age=environment['COOKIE_MAX_AGE'],
+                        domain=environment['DOMAIN'], path=f'/api/auctions/{auction_id}')
    LOG.info(f'bidder {data["bid"]} successfuly redirected to auction {auction_id}')
    return response
--- a/src/prozorro_sale/auth/api/main.py
+++ b/src/prozorro_sale/auth/api/main.py
@@ -12,7 +12,7 @@ from prozorro_sale.tools.middlewares import request_id_middleware
 from prozorro_sale.auth import context_middleware, load_auth
 from prozorro_sale.auth.environment import environment, spec
 from prozorro_sale.auth.api.routes import init_routes
-from prozorro_sale.auth.errors import ERROR_DICT
+from prozorro_sale.auth.errors import ERROR_DICT, resolve_error_resp

 LOG = logger.get_custom_logger(__name__)
 SWAGGER_DOC_AVAILABLE = environment['SWAGGER_DOC']
@@ -42,7 +42,7 @@ def create_app():
    load_auth(AUTH_FILE)
    app = web.Application(middlewares=[
        request_id_middleware,
-        catch_error_middleware(ERROR_DICT),
+        catch_error_middleware(ERROR_DICT, resolve_error_resp),
        context_middleware,
    ])
    init_routes(app)

--- a/src/prozorro_sale/auth/environment.py
+++ b/src/prozorro_sale/auth/environment.py
-from prozorro_sale.tools.environment import Environment, booleans
+from prozorro_sale.tools.environment import Environment, booleans, url

 __all__ = ['environment']

@@ -10,6 +10,9 @@ spec = {
    'SWAGGER_DOC': booleans,
    'AUTH_FILE': str,
    'AUTH_IP_BLOCK_STRICT': booleans,
+    'AUCTIONS_API': url,
+    'DOMAIN': str,
+    'COOKIE_MAX_AGE': int,
 }
 default = {
    'API_HOST': '0.0.0.0',
@@ -19,6 +22,9 @@ default = {
    'SWAGGER_DOC': False,
    'AUTH_FILE': '/secrets/auth.yml',
    'AUTH_IP_BLOCK_STRICT': False,
+    'AUCTIONS_API': 'localhost',
+    'DOMAIN': 'localhost',
+    'COOKIE_MAX_AGE': 86400
 }

 environment = Environment(spec=spec, default=default)
--- a/src/prozorro_sale/auth/errors.py
+++ b/src/prozorro_sale/auth/errors.py
-from aiohttp import web
+from aiohttp import web, hdrs
 from prozorro_sale import tools
 from aiohttp.web_exceptions import HTTPNotFound, HTTPMethodNotAllowed
+from prozorro_sale.auth.environment import environment


 class AuthException(Exception):
@@ -26,19 +27,12 @@ ERROR_DICT = {
 }


-@web.middleware
-async def request_errors_middleware(request, handler):
-    """
-    Middleware to handle common exceptions from handlers.
-
-    For unique cases use ./utils.expects decorator.
-    """
-    try:
-        return await handler(request)
-    except tuple(ERROR_DICT.keys()) as ex:
-        code, message = ERROR_DICT[type(ex)]
-        LOG.info(message.format(ex))
-        return web.json_response({'message': message.format(ex)}, status=code)
-    except Exception as e:
-        LOG.exception(f'Unknown error caught in API - {e}')
-        return web.json_response({'message': 'Internal server error'}, status=500)
+async def resolve_error_resp(msg, code, req: web):
+    if all([
+        'text/html' in req.headers.get('Accept'),
+        code == 403,
+        req.method == hdrs.METH_GET,
+        req.path == '/api/auth/auction'
+    ]):
+        return web.HTTPSeeOther(f'{environment["AUCTIONS_API"]}/auntification_fail')
+    return web.json_response({'message': msg}, status=code)
--- a/src/prozorro_sale/auth/utils.py
+++ b/src/prozorro_sale/auth/utils.py
 from prozorro_sale.auth import errors
 import jwt
-import os
 from datetime import datetime, timedelta
+from prozorro_sale.auth.environment import environment

 PRIVATE_KEY = None
 PUBLIC_KEY = None
 APIPUBLIC_KEY = None
 ALGORITHM = 'RS256'

-COOKIE_MAX_AGE = 86400
-
-AUCTIONS_API = os.environ['AUCTIONS_API']
-
-DOMAIN = os.environ['DOMAIN']
-

 def get_token(request):
    token = request.query.get('token')
@@ -85,4 +79,4 @@ def create_auth_token(data):


 def build_redirect_url(auction_id):
-    return f'{AUCTIONS_API}/{auction_id}'
+    return f'{environment["AUCTIONS_API"]}/{auction_id}'