masq
/
halfapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[rc] 0.6.25-rc0

This commit is contained in:
Maxime Alves LIRMM 2023-02-08 12:53:32 +01:00
parent b4c37ea999
commit e5c25ede1f
4 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# HalfAPI # HalfAPI
## 0.6.25
- Deletes the "Authorization" cookie on authentication error
## 0.6.24 ## 0.6.24
- Uses the "Authorization" cookie to read authentication token additionnaly to the "Authorization" header - Uses the "Authorization" cookie to read authentication token additionnaly to the "Authorization" header

2
halfapi/__init__.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
__version__ = '0.6.24' __version__ = '0.6.25-rc0'
def version(): def version():
return f'HalfAPI version:{__version__}' return f'HalfAPI version:{__version__}'

5
halfapi/halfapi.py
View File

@ -32,7 +32,7 @@ from timing_asgi.integrations import StarletteScopeToName
from .lib.constants import API_SCHEMA_DICT from .lib.constants import API_SCHEMA_DICT
from .lib.domain_middleware import DomainMiddleware from .lib.domain_middleware import DomainMiddleware
from .lib.timing import HTimingClient from .lib.timing import HTimingClient
from .lib.jwt_middleware import JWTAuthenticationBackend from .lib.jwt_middleware import JWTAuthenticationBackend, on_auth_error
from .lib.responses import (ORJSONResponse, UnauthorizedResponse, from .lib.responses import (ORJSONResponse, UnauthorizedResponse,
NotFoundResponse, InternalServerErrorResponse, NotImplementedResponse, NotFoundResponse, InternalServerErrorResponse, NotImplementedResponse,
ServiceUnavailableResponse, gen_exception_route) ServiceUnavailableResponse, gen_exception_route)
@ -141,7 +141,8 @@ class HalfAPI(Starlette):
if SECRET: if SECRET:
self.add_middleware( self.add_middleware(
AuthenticationMiddleware, AuthenticationMiddleware,
backend=JWTAuthenticationBackend() backend=JWTAuthenticationBackend(),
on_error=on_auth_error
) )
if not PRODUCTION: if not PRODUCTION:

8
halfapi/lib/jwt_middleware.py
View File

@ -19,12 +19,13 @@ import jwt
from starlette.authentication import ( from starlette.authentication import (
AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials, AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials,
UnauthenticatedUser) UnauthenticatedUser)
from starlette.requests import HTTPConnection from starlette.requests import HTTPConnection, Request
from starlette.exceptions import HTTPException from starlette.exceptions import HTTPException
from .user import CheckUser, JWTUser, Nobody from .user import CheckUser, JWTUser, Nobody
from ..logging import logger from ..logging import logger
from ..conf import CONFIG from ..conf import CONFIG
from ..lib.responses import ORJSONResponse
SECRET=None SECRET=None
@ -44,6 +45,11 @@ def cookies_from_scope(scope):
simple_cookie.load(cookie.decode("utf8")) simple_cookie.load(cookie.decode("utf8"))
return {key: morsel.value for key, morsel in simple_cookie.items()} return {key: morsel.value for key, morsel in simple_cookie.items()}
def on_auth_error(request: Request, exc: Exception):
response = ORJSONResponse({"error": str(exc)}, status_code=401)
response.delete_cookie('Authorization')
return response
class JWTAuthenticationBackend(AuthenticationBackend): class JWTAuthenticationBackend(AuthenticationBackend):
def __init__(self, secret_key: str = SECRET, def __init__(self, secret_key: str = SECRET,
algorithm: str = 'HS256', prefix: str = 'JWT'): algorithm: str = 'HS256', prefix: str = 'JWT'):