wip

2025-08-08 13:32:37 -03:00
parent 78c4a4ad30
commit b7143ea634
8 changed files with 117 additions and 93 deletions
--- a/id.saladeaula.digital/app/routes/authorize.py
+++ b/id.saladeaula.digital/app/routes/authorize.py
@@ -7,6 +7,7 @@ from authlib.oauth2.rfc6749 import errors
 from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler import Response
 from aws_lambda_powertools.event_handler.api_gateway import Router
+from jose.exceptions import JWTError

 from jose_ import verify_jwt
 from oauth2 import server
@@ -18,33 +19,21 @@ logger = Logger(__name__)
@router.get('/authorize')
 def authorize():
    current_event = router.current_event
-    cookies = _parse_cookies(current_event.get('cookies', []))  # type: ignore
+    cookies = _parse_cookies(current_event.get('cookies', []))
    id_token = cookies.get('id_token')
-    continue_url = quote(
-        urlunparse(
-            ParseResult(
-                scheme='',
-                netloc='',
-                path=current_event.path,
-                params='',
-                query=urlencode(current_event.query_string_parameters),
-                fragment='',
-            )
-        ),
-        safe='',
+    continue_url = _build_continue_url(
+        current_event.path,
+        current_event.query_string_parameters,
    )
+
    login_url = f'/login?continue={continue_url}'

-    if not id_token:
-        return Response(
-            status_code=HTTPStatus.FOUND,
-            headers={'Location': login_url},
-        )
-
    try:
+        if not id_token:
+            raise ValueError('Missing id_token')
+
        user = verify_jwt(id_token)
-    except Exception as exc:
-        logger.exception(exc)
+    except (ValueError, JWTError):
        return Response(
            status_code=HTTPStatus.FOUND,
            headers={'Location': login_url},
@@ -82,3 +71,11 @@ def _parse_cookies(cookies: list[str] | None) -> dict[str, str]:
        parsed_cookies.update({k: morsel.value for k, morsel in c.items()})

    return parsed_cookies
+
+
+def _build_continue_url(
+    path: str,
+    query_string_parameters: dict,
+) -> str:
+    query = urlencode(query_string_parameters)
+    return quote(urlunparse(ParseResult('', '', path, '', query, '')), safe='')