app&appversion&flowhistory&role&permission

2024-11-22 15:19:49 +09:00
parent fa120d2ce9
commit fa1d3b01b0
7 changed files with 259 additions and 69 deletions
--- a/backend/app/core/auth.py
+++ b/backend/app/core/auth.py
@@ -1,5 +1,6 @@
+from fastapi.security import SecurityScopes
 import jwt
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException, Request, Security, status
 from jwt import PyJWTError

 from app.db import models, schemas, session
@@ -7,7 +8,7 @@ from app.db.crud import get_user_by_email, create_user,get_user
 from app.core import security


-async def get_current_user(
+async def get_current_user(security_scopes: SecurityScopes,
    db=Depends(session.get_db), token: str = Depends(security.oauth2_scheme)
 ):
    credentials_exception = HTTPException(
@@ -16,13 +17,21 @@ async def get_current_user(
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
+
        payload = jwt.decode(
            token, security.SECRET_KEY, algorithms=[security.ALGORITHM]
        )
        id: int = payload.get("sub")
        if id is None:
            raise credentials_exception
+
        permissions: str = payload.get("permissions")
+        if not permissions =="ALL":
+            for scope in security_scopes.scopes:
+                if scope not in permissions.split(";"):
+                    raise HTTPException(
+                        status_code=403, detail="The user doesn't have enough privileges"
+                    )
        token_data = schemas.TokenData(id = id, permissions=permissions)
    except PyJWTError:
        raise credentials_exception