fanilo/Sage100-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(security): improve auth middleware and logging

Browse source
This commit is contained in:
Fanilo-Nantenaina 2026-01-20 13:51:09 +03:00
parent 022149c237
commit 5b584bf969
1 changed files with 22 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
middleware/security.py
View file

@ -43,6 +43,7 @@ async def verify_swagger_credentials(credentials: HTTPBasicCredentials) -> bool:
class SwaggerAuthMiddleware: class SwaggerAuthMiddleware:
def __init__(self, app): def __init__(self, app):
self.app = app self.app = app
@ -54,7 +55,7 @@ class SwaggerAuthMiddleware:
request = Request(scope, receive=receive) request = Request(scope, receive=receive)
path = request.url.path path = request.url.path
protected_paths = ["/docs", "/redoc", "/openapi.json"] protected_paths = ["/docs", "/redoc"]
if any(path.startswith(protected_path) for protected_path in protected_paths): if any(path.startswith(protected_path) for protected_path in protected_paths):
auth_header = request.headers.get("Authorization") auth_header = request.headers.get("Authorization")
@ -104,6 +105,7 @@ class SwaggerAuthMiddleware:
class ApiKeyMiddleware: class ApiKeyMiddleware:
def __init__(self, app): def __init__(self, app):
self.app = app self.app = app
@ -115,21 +117,24 @@ class ApiKeyMiddleware:
request = Request(scope, receive=receive) request = Request(scope, receive=receive)
path = request.url.path path = request.url.path
excluded_paths = [ public_exact_paths = [
"/",
"/health",
"/docs", "/docs",
"/redoc", "/redoc",
"/openapi.json", "/openapi.json",
"/health",
"/",
"/auth/login",
"/auth/register",
"/auth/verify-email",
"/auth/reset-password",
"/auth/request-reset",
"/auth/refresh",
] ]
if any(path.startswith(excluded_path) for excluded_path in excluded_paths): public_path_prefixes = [
"/api/v1/auth/",
]
is_public = path in public_exact_paths or any(
path.startswith(prefix) for prefix in public_path_prefixes
)
if is_public:
logger.debug(f"Chemin public: {path}")
await self.app(scope, receive, send) await self.app(scope, receive, send)
return return
@ -140,12 +145,12 @@ class ApiKeyMiddleware:
has_api_key = api_key is not None has_api_key = api_key is not None
if has_jwt: if has_jwt:
logger.debug(f" JWT détecté pour {path}") logger.debug(f"🔑 JWT détecté pour {path}")
await self.app(scope, receive, send) await self.app(scope, receive, send)
return return
elif has_api_key: elif has_api_key:
logger.debug(f" API Key détectée pour {path}") logger.debug(f"🔑 API Key détectée pour {path}")
from services.api_key import ApiKeyService from services.api_key import ApiKeyService
@ -218,8 +223,9 @@ class ApiKeyMiddleware:
response = JSONResponse( response = JSONResponse(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
content={ content={
"detail": "Authentification requise", "detail": "Authentification requise (JWT ou API Key)",
"hint": "Utilisez soit 'X-API-Key: sdk_live_xxx' soit 'Authorization: Bearer <jwt>'", "hint": "Utilisez soit 'X-API-Key: sdk_live_xxx' soit 'Authorization: Bearer <jwt>'",
"endpoint": path,
}, },
headers={"WWW-Authenticate": 'Bearer realm="API", charset="UTF-8"'}, headers={"WWW-Authenticate": 'Bearer realm="API", charset="UTF-8"'},
) )
@ -233,4 +239,5 @@ def get_api_key_from_request(request: Request) -> Optional:
def get_auth_method(request: Request) -> str: def get_auth_method(request: Request) -> str:
return getattr(request.state, "authenticated_via", "none") return getattr(request.state, "authenticated_via", "none")