fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
42 lines
1.5 KiB
Python
42 lines
1.5 KiB
Python
from jose import jwt
|
|
from jose.exceptions import ExpiredSignatureError
|
|
|
|
from application.core.settings import settings
|
|
|
|
|
|
def handle_auth(request, data={}):
|
|
if settings.AUTH_TYPE in ["simple_jwt", "session_jwt", "oidc"]:
|
|
jwt_token = request.headers.get("Authorization")
|
|
if not jwt_token:
|
|
return None
|
|
|
|
jwt_token = jwt_token.replace("Bearer ", "")
|
|
|
|
is_oidc = settings.AUTH_TYPE == "oidc"
|
|
try:
|
|
decoded_token = jwt.decode(
|
|
jwt_token,
|
|
settings.JWT_SECRET_KEY,
|
|
algorithms=["HS256"],
|
|
# oidc sessions are minted with an exp at the login callback and
|
|
# must carry one: require_exp rejects any exp-less HS256 token
|
|
# signed with JWT_SECRET_KEY (e.g. a legacy simple_jwt/session_jwt
|
|
# token), which would otherwise authenticate forever and be
|
|
# unrevocable. simple_jwt/session_jwt never carried an exp, so the
|
|
# requirement is scoped to oidc.
|
|
options={"verify_exp": is_oidc, "require_exp": is_oidc},
|
|
)
|
|
return decoded_token
|
|
except ExpiredSignatureError:
|
|
return {
|
|
"message": "Authentication error: token expired",
|
|
"error": "token_expired",
|
|
}
|
|
except Exception:
|
|
return {
|
|
"message": "Authentication error: invalid token",
|
|
"error": "invalid_token",
|
|
}
|
|
else:
|
|
return {"sub": "local"}
|