Compare commits
3 Commits
oauth-by-c
...
oauth-by-t
| Author | SHA1 | Date | |
|---|---|---|---|
|
ff92ff3020 | ||
|
|
78d964455c | ||
|
|
6cd1064f1d |
@@ -1,6 +1,6 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import HTTPException, Cookie, status
|
||||
from fastapi import HTTPException, Cookie, status, Request
|
||||
from fastapi.security import SecurityScopes
|
||||
from jose import JWTError, jwt
|
||||
from pydantic import ValidationError
|
||||
@@ -10,9 +10,6 @@ import os
|
||||
# to get a string like this run:
|
||||
# openssl rand -hex 32
|
||||
|
||||
ALGORITHM = "HS512"
|
||||
SECRET_KEY = os.environ['SECRET_KEY']
|
||||
|
||||
scopes_db = {
|
||||
os.environ['ADMIN_EMAIL'] : ["admin"]
|
||||
}
|
||||
@@ -23,18 +20,17 @@ credentials_exception = HTTPException(
|
||||
)
|
||||
|
||||
async def get_current_user(
|
||||
security_scopes: SecurityScopes, access_token: Annotated[str, Cookie()] = ""
|
||||
security_scopes: SecurityScopes, request: Request
|
||||
):
|
||||
try:
|
||||
payload = jwt.decode(access_token, SECRET_KEY, algorithms=[ALGORITHM])
|
||||
username: str = payload.get("sub") # type: ignore
|
||||
username: str = request.headers.get("x-auth-request-user") # type: ignore
|
||||
if username is None:
|
||||
raise credentials_exception
|
||||
email: str = payload.get("email") # type: ignore
|
||||
email: str = request.headers.get("x-auth-request-email") # type: ignore
|
||||
except (JWTError, ValidationError):
|
||||
raise credentials_exception
|
||||
scopes = scopes_db.get(email)
|
||||
scopes = scopes_db.get(email, [])
|
||||
for scope in security_scopes.scopes:
|
||||
if scope not in scopes:
|
||||
raise credentials_exception
|
||||
return payload | {"internal_scopes" : scopes}
|
||||
return {"sub" : username, "email" : email, "internal_scopes" : scopes}
|
||||
@@ -19,6 +19,7 @@
|
||||
border-radius: 0.2em;
|
||||
padding: 0.1em;
|
||||
}
|
||||
|
||||
.not_singable {
|
||||
background-color: color-mix(in srgb, #e1412f 30%, #f0f0f0);
|
||||
}
|
||||
@@ -124,6 +125,12 @@
|
||||
}
|
||||
|
||||
function vote(song_id, vote) {
|
||||
|
||||
$.ajax({
|
||||
url: "/songs/" + song_id + "/vote?" + $.param({ session_id: session_id, vote: vote }),
|
||||
method: "POST",
|
||||
success: function (data, textStatus) {
|
||||
|
||||
no_button = $("#song-" + song_id).find(".button-no")
|
||||
yes_button = $("#song-" + song_id).find(".button-yes")
|
||||
neutral_button = $("#song-" + song_id).find(".button-neutral")
|
||||
@@ -155,10 +162,12 @@
|
||||
break;
|
||||
}
|
||||
|
||||
$.ajax({
|
||||
url: "/songs/" + song_id + "/vote?" + $.param({ session_id: session_id, vote: vote }),
|
||||
method: "POST"
|
||||
})
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
{% if veto_mode %}
|
||||
@@ -176,7 +185,8 @@
|
||||
<body>
|
||||
{% if veto_mode %}
|
||||
<h1>Vorschau Modus</h1>
|
||||
<div class="text">Du kannst ungeeignete Vorschläge durch eine Nein-Stimme markieren und Kommentare zu allen Liedern abgeben.
|
||||
<div class="text">Du kannst ungeeignete Vorschläge durch eine Nein-Stimme markieren und Kommentare zu allen Liedern
|
||||
abgeben.
|
||||
</div>
|
||||
{% else %}
|
||||
<h1>Hallo :)</h1>
|
||||
@@ -222,7 +232,8 @@
|
||||
{% if veto_mode %}
|
||||
<input type="text" class="comment"
|
||||
value="{% if song.vote_comment %}{{ song.vote_comment }}{% else %}{% endif %}"
|
||||
placeholder="{% if song.comment %}{{ song.comment }}{% else %}Kommentar{% endif %}" onchange="updateComment({{ song.id }}, this);">
|
||||
placeholder="{% if song.comment %}{{ song.comment }}{% else %}Kommentar{% endif %}"
|
||||
onchange="updateComment({{ song.id }}, this);">
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user