update id

2025-10-30 02:02:23 -03:00
parent f284b64c60
commit 76dfc44b71
25 changed files with 103 additions and 40 deletions
--- a/id.saladeaula.digital/app/oauth2.py
+++ b/id.saladeaula.digital/app/oauth2.py
@@ -76,6 +76,7 @@ class OpenIDCode(OpenIDCode_):
        ).filter(scope)

        if user.scope:
+            # Used to define permission granularity
            user_info['scope'] = user.scope

        return user_info
@@ -247,10 +248,13 @@ class RefreshTokenGrant(grants.RefreshTokenGrant):
        """The authorization server MAY revoke the old refresh token after
        issuing a new refresh token to the client."""

-        logger.debug('Revoking old refresh token', refresh_token=refresh_token)
        token = getattr(refresh_token, 'refresh_token', None)
+        logger.debug('Revoking old refresh token', refresh_token=token)
        user = refresh_token.get_user()

+        if not token:
+            return None
+
        with dyn.transact_writer() as transact:
            transact.delete(
                key=KeyPair(
--- a/id.saladeaula.digital/app/routes/authorize.py
+++ b/id.saladeaula.digital/app/routes/authorize.py
@@ -48,11 +48,13 @@ def authorize():
        if not client_scopes.issubset(user_scopes):
            raise ForbiddenError('Access denied')

-        return server.create_authorization_response(
+        response = server.create_authorization_response(
            request=router.current_event,
            grant_user=sub,
            grant=grant,
        )
+
+        logger.debug(response)
    except JoseError as err:
        logger.exception(err)
        raise BadRequestError(str(err))
@@ -62,6 +64,8 @@ def authorize():
            status_code=err.status_code,
            msg=dict(err.get_body()),  # type: ignore
        )
+    else:
+        return response


 def _user_scopes(sub: str) -> set:
--- a/id.saladeaula.digital/app/routes/revoke.py
+++ b/id.saladeaula.digital/app/routes/revoke.py
@@ -1,13 +1,17 @@
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Router

 from oauth2 import RevocationEndpoint, server

+logger = Logger(__name__)
 router = Router()


@router.post('/revoke')
 def revoke():
-    return server.create_endpoint_response(
+    response = server.create_endpoint_response(
        RevocationEndpoint.ENDPOINT_NAME,
        router.current_event,
    )
+    logger.debug(response)
+    return response
--- a/id.saladeaula.digital/app/routes/token.py
+++ b/id.saladeaula.digital/app/routes/token.py
@@ -1,10 +1,14 @@
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Router

 from oauth2 import server

+logger = Logger(__name__)
 router = Router()


@router.post('/token')
 def issue_token():
-    return server.create_token_response(router.current_event)
+    response = server.create_token_response(router.current_event)
+    logger.debug(response)
+    return response
--- a/id.saladeaula.digital/client/app/routes/authorize.ts
+++ b/id.saladeaula.digital/client/app/routes/authorize.ts
@@ -59,7 +59,8 @@ export async function loader({ request, context }: Route.LoaderArgs) {
        Location: loginUrl.toString()
      }
    })
-  } catch {
+  } catch (error) {
+    console.error(error)
    return new Response(null, { status: httpStatus.INTERNAL_SERVER })
  }
 }
--- a/id.saladeaula.digital/client/app/routes/index.tsx
+++ b/id.saladeaula.digital/client/app/routes/index.tsx
@@ -77,7 +77,8 @@ export async function action({ request, context }: Route.ActionArgs) {
      status: httpStatus.FOUND,
      headers
    })
-  } catch {
+  } catch (error) {
+    console.error(error)
    return Response.json({}, { status: httpStatus.INTERNAL_SERVER })
  }
 }
--- a/id.saladeaula.digital/client/app/routes/upstream.ts
+++ b/id.saladeaula.digital/client/app/routes/upstream.ts
@@ -1,21 +1,12 @@
 import type { Route } from './+types'

-export async function action({ request, context }: Route.ActionArgs) {
-  const url = new URL(request.url)
-  const issuerUrl = new URL(url.pathname, context.cloudflare.env.ISSUER_URL)
-  const r = await fetch(issuerUrl.toString(), {
-    method: request.method,
-    headers: request.headers,
-    body: await request.text()
-  })
+export const loader = proxy
+export const action = proxy

-  return new Response(await r.text(), {
-    status: r.status,
-    headers: r.headers
-  })
-}
-
-export async function loader({ request, context }: Route.ActionArgs) {
+async function proxy({
+  request,
+  context
+}: Route.ActionArgs): Promise<Response> {
  const url = new URL(request.url)
  const issuerUrl = new URL(url.pathname, context.cloudflare.env.ISSUER_URL)
  const r = await fetch(issuerUrl.toString(), {
@@ -23,6 +14,8 @@ export async function loader({ request, context }: Route.ActionArgs) {
    headers: request.headers
  })

+  console.log('[response]', r)
+
  return new Response(await r.text(), {
    status: r.status,
    headers: r.headers
--- a/id.saladeaula.digital/template.yaml
+++ b/id.saladeaula.digital/template.yaml
@@ -14,7 +14,7 @@ Globals:
    Architectures:
      - x86_64
    Layers:
-      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:99
+      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:100
    Environment:
      Variables:
        TZ: America/Sao_Paulo