fix menu

2025-12-03 01:24:52 -03:00
parent 3a49b13cb9
commit 38c49ff370
21 changed files with 133 additions and 73 deletions
--- a/id.saladeaula.digital/app/routes/authorize.py
+++ b/id.saladeaula.digital/app/routes/authorize.py
@@ -5,13 +5,14 @@ from aws_lambda_powertools.event_handler.api_gateway import Router
 from aws_lambda_powertools.event_handler.exceptions import (
    BadRequestError,
    ForbiddenError,
+    NotFoundError,
    ServiceError,
 )
 from joserfc.errors import JoseError
 from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair, SortKey

 from boto3clients import dynamodb_client
-from config import OAUTH2_TABLE
+from config import OAUTH2_DEFAULT_SCOPES, OAUTH2_TABLE
 from oauth2 import server
 from util import parse_cookies

@@ -20,6 +21,9 @@ logger = Logger(__name__)
 dyn = DynamoDBPersistenceLayer(OAUTH2_TABLE, dynamodb_client)


+class SessionNotFoundError(NotFoundError): ...
+
+
@router.get('/authorize')
 def authorize():
    current_event = router.current_event
@@ -27,20 +31,20 @@ def authorize():
    session = cookies.get('SID')

    if not session:
-        raise BadRequestError('Missing session')
+        raise BadRequestError('Session cookie (SID) is required')

    try:
-        sid, sub = session.split(':')
+        session_id, user_id = session.split(':')
        # Raise if session is not found
        dyn.collection.get_item(
-            KeyPair('SESSION', sid),
-            exc_cls=InvalidSession,
+            KeyPair('SESSION', session_id),
+            exc_cls=SessionNotFoundError,
        )
        grant = server.get_consent_grant(
            request=router.current_event,
-            end_user=sub,
+            end_user=user_id,
        )
-        user_scopes = _user_scopes(sub)
+        user_scopes = _user_scopes(user_id)
        client_scopes = set(scope_to_list(grant.client.scope))

        # Deny authorization if user lacks scopes requested by client
@@ -49,7 +53,7 @@ def authorize():

        response = server.create_authorization_response(
            request=router.current_event,
-            grant_user=sub,
+            grant_user=user_id,
            grant=grant,
        )
    except JoseError as err:
@@ -65,18 +69,16 @@ def authorize():
        return response


-def _user_scopes(sub: str) -> set:
-    return set(
+def _user_scopes(user_id: str) -> set:
+    return OAUTH2_DEFAULT_SCOPES | set(
        scope_to_list(
            dyn.collection.get_item(
                KeyPair(
-                    pk=sub,
+                    pk=user_id,
                    sk=SortKey(sk='SCOPE', path_spec='scope'),
                ),
-                exc_cls=BadRequestError,
+                raise_on_error=False,
+                default='',
            )
        )
    )
-
-
-class InvalidSession(BadRequestError): ...