wip
This commit is contained in:
@@ -12,7 +12,7 @@ from aws_lambda_powertools.utilities.data_classes.api_gateway_proxy_event import
|
||||
from layercake.dateutils import now, ttl
|
||||
from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
|
||||
|
||||
from config import ACCESS_TOKEN_EXP_SECONDS, REFRESH_TOKEN_EXP_SECONDS
|
||||
from config import OAUTH2_REFRESH_TOKEN_EXPIRES_IN
|
||||
|
||||
from .client import OAuth2Client
|
||||
from .requests import APIGatewayJsonRequest, APIGatewayOAuth2Request
|
||||
@@ -21,6 +21,12 @@ DYNAMODB_SORT_KEY = os.getenv('DYNAMODB_SORT_KEY')
|
||||
OAUTH2_SCOPES_SUPPORTED = os.getenv('OAUTH2_SCOPES_SUPPORTED')
|
||||
|
||||
|
||||
GRANT_TYPES_EXPIRES_IN = {
|
||||
'refresh_token': 900,
|
||||
'authorization_code': 900,
|
||||
}
|
||||
|
||||
|
||||
class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
def __init__(
|
||||
self,
|
||||
@@ -35,11 +41,17 @@ class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
)
|
||||
)
|
||||
|
||||
def expires_in(client, grant_type: str) -> int:
|
||||
return GRANT_TYPES_EXPIRES_IN.get(
|
||||
grant_type, BearerTokenGenerator.DEFAULT_EXPIRES_IN
|
||||
)
|
||||
|
||||
self.register_token_generator(
|
||||
'default',
|
||||
BearerTokenGenerator(
|
||||
access_token_generator=create_token_generator(42),
|
||||
refresh_token_generator=create_token_generator(48),
|
||||
expires_generator=expires_in,
|
||||
),
|
||||
)
|
||||
|
||||
@@ -60,6 +72,7 @@ class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
refresh_token = token.get('refresh_token')
|
||||
token_type = token['token_type']
|
||||
scope = token['scope']
|
||||
expires_in = int(token['expires_in'])
|
||||
issued_at = int(now_.timestamp())
|
||||
|
||||
with self._persistence_layer.transact_writer() as transact:
|
||||
@@ -72,9 +85,9 @@ class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
'refresh_token': refresh_token,
|
||||
'scope': scope,
|
||||
'user': request.user,
|
||||
'expires_in': ACCESS_TOKEN_EXP_SECONDS,
|
||||
'expires_in': expires_in,
|
||||
'issued_at': issued_at,
|
||||
'ttl': ttl(start_dt=now_, seconds=ACCESS_TOKEN_EXP_SECONDS),
|
||||
'ttl': ttl(start_dt=now_, seconds=expires_in),
|
||||
},
|
||||
)
|
||||
|
||||
@@ -88,9 +101,11 @@ class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
'access_token': access_token,
|
||||
'scope': scope,
|
||||
'user': request.user,
|
||||
'expires_in': REFRESH_TOKEN_EXP_SECONDS,
|
||||
'expires_in': OAUTH2_REFRESH_TOKEN_EXPIRES_IN,
|
||||
'issued_at': issued_at,
|
||||
'ttl': ttl(start_dt=now_, seconds=REFRESH_TOKEN_EXP_SECONDS),
|
||||
'ttl': ttl(
|
||||
start_dt=now_, seconds=OAUTH2_REFRESH_TOKEN_EXPIRES_IN
|
||||
),
|
||||
},
|
||||
)
|
||||
|
||||
@@ -117,23 +132,35 @@ class AuthorizationServer(oauth2.AuthorizationServer):
|
||||
)
|
||||
|
||||
def create_oauth2_request(
|
||||
self, request: APIGatewayProxyEventV2
|
||||
self,
|
||||
request: APIGatewayProxyEventV2,
|
||||
) -> APIGatewayOAuth2Request:
|
||||
return APIGatewayOAuth2Request(request)
|
||||
|
||||
def create_json_request(
|
||||
self, request: APIGatewayProxyEventV2
|
||||
self,
|
||||
request: APIGatewayProxyEventV2,
|
||||
) -> APIGatewayJsonRequest:
|
||||
return APIGatewayJsonRequest(request)
|
||||
|
||||
def handle_response(self, status: int, body, headers):
|
||||
def handle_response(
|
||||
self,
|
||||
status: int,
|
||||
body,
|
||||
headers,
|
||||
):
|
||||
return Response(
|
||||
status_code=status,
|
||||
body=body,
|
||||
headers=headers,
|
||||
)
|
||||
|
||||
def send_signal(self, name: str, *args, **kwargs) -> None:
|
||||
def send_signal(
|
||||
self,
|
||||
name: str,
|
||||
*args: object,
|
||||
**kwargs: object,
|
||||
) -> None:
|
||||
# after_authenticate_client
|
||||
# when client is authenticated
|
||||
|
||||
|
||||
Reference in New Issue
Block a user