Files
wehub-resource-sync fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
chore: import upstream snapshot with attribution
2026-07-13 13:28:29 +08:00

42 lines
1.5 KiB
Python

from jose import jwt
from jose.exceptions import ExpiredSignatureError
from application.core.settings import settings
def handle_auth(request, data={}):
if settings.AUTH_TYPE in ["simple_jwt", "session_jwt", "oidc"]:
jwt_token = request.headers.get("Authorization")
if not jwt_token:
return None
jwt_token = jwt_token.replace("Bearer ", "")
is_oidc = settings.AUTH_TYPE == "oidc"
try:
decoded_token = jwt.decode(
jwt_token,
settings.JWT_SECRET_KEY,
algorithms=["HS256"],
# oidc sessions are minted with an exp at the login callback and
# must carry one: require_exp rejects any exp-less HS256 token
# signed with JWT_SECRET_KEY (e.g. a legacy simple_jwt/session_jwt
# token), which would otherwise authenticate forever and be
# unrevocable. simple_jwt/session_jwt never carried an exp, so the
# requirement is scoped to oidc.
options={"verify_exp": is_oidc, "require_exp": is_oidc},
)
return decoded_token
except ExpiredSignatureError:
return {
"message": "Authentication error: token expired",
"error": "token_expired",
}
except Exception:
return {
"message": "Authentication error: invalid token",
"error": "invalid_token",
}
else:
return {"sub": "local"}