diff options
| author | Bobby <[email protected]> | 2024-08-24 22:13:41 -0400 |
|---|---|---|
| committer | Bobby <[email protected]> | 2024-08-24 22:13:41 -0400 |
| commit | 95b7a6d8a53178f6bfa836e1e162beeb7cda68b3 (patch) | |
| tree | 5d5860670a09abbea0fb2d82f02a77d95949b4db /middleware/authentication.py | |
| parent | 690dcc05e88c9ad063712969de99ffe462b7a1cd (diff) | |
| download | yugen-95b7a6d8a53178f6bfa836e1e162beeb7cda68b3.tar.xz yugen-95b7a6d8a53178f6bfa836e1e162beeb7cda68b3.zip | |
auth verification cookie
Diffstat (limited to 'middleware/authentication.py')
| -rw-r--r-- | middleware/authentication.py | 60 |
1 files changed, 48 insertions, 12 deletions
diff --git a/middleware/authentication.py b/middleware/authentication.py index 90baa09..6be5437 100644 --- a/middleware/authentication.py +++ b/middleware/authentication.py @@ -1,10 +1,12 @@ +import json +from django.utils import timezone +from datetime import timedelta from django.shortcuts import redirect from django.contrib.auth import logout -from django.urls import reverse from authentication.utils import ( get_redirect_uri, get_discord_user, -) # Import your utility functions +) class AuthMiddleware: @@ -21,7 +23,6 @@ class AuthMiddleware: response = self.get_response(request) return response - # Perform the authentication check if ( not request.user.is_authenticated or not request.user.discord_id @@ -30,16 +31,51 @@ class AuthMiddleware: logout(request) return redirect(get_redirect_uri()) - # Get the User's Discord Information - user = get_discord_user( - access_token=request.user.discord_access_token, - token_type=request.user.discord_token_type, - ) + # Check the verification cookie + verification_cookie = request.COOKIES.get("guild_verified") + if verification_cookie: + try: + cookie_data = json.loads(verification_cookie) + verified_at = timezone.datetime.fromisoformat( + cookie_data["verified_at"] + ) + if timezone.now() > verified_at + timedelta(hours=24): + # Verification expired, need to re-check + raise ValueError("Verification expired") + except (json.JSONDecodeError, ValueError): + # Cookie is invalid or expired, need to re-check + pass + else: + # No verification cookie, need to check guild membership + pass - if not user["is_authorized"]: - logout(request) - return redirect(get_redirect_uri()) + if not verification_cookie or not self._is_authorized(request): + user = get_discord_user( + access_token=request.user.discord_access_token, + token_type=request.user.discord_token_type, + ) + + if not user["is_authorized"]: + logout(request) + response = redirect(get_redirect_uri()) + response.delete_cookie("guild_verified") # Ensure cookie is removed + return response + + # Set the verification cookie + response = self.get_response(request) + response.set_cookie( + "guild_verified", + json.dumps({"verified_at": timezone.now().isoformat()}), + max_age=24 * 60 * 60, # Cookie expires after 24 hours + httponly=True, # Cookie cannot be accessed via JavaScript + secure=True, # Ensure cookie is sent over HTTPS + ) + return response - # Proceed to the view response = self.get_response(request) return response + + def _is_authorized(self, request): + # Check if the user is authorized based on the current cookie or session + # This function should ideally be a lightweight check + return True |