Fix token issue
This commit is contained in:
Urtzi Alfaro
@@ -1,7 +1,3 @@
|
||||
"""
|
||||
Authentication middleware for gateway
|
||||
"""
|
||||
|
||||
import logging
|
||||
from fastapi import Request
|
||||
from fastapi.responses import JSONResponse
|
||||
@@ -9,6 +5,7 @@ from starlette.middleware.base import BaseHTTPMiddleware
|
||||
from starlette.responses import Response
|
||||
import httpx
|
||||
from typing import Optional
|
||||
import json
|
||||
|
||||
from app.core.config import settings
|
||||
from shared.auth.jwt_handler import JWTHandler
|
||||
@@ -21,17 +18,18 @@ jwt_handler = JWTHandler(settings.JWT_SECRET_KEY, settings.JWT_ALGORITHM)
|
||||
# Routes that don't require authentication
|
||||
PUBLIC_ROUTES = [
|
||||
"/health",
|
||||
"/metrics",
|
||||
"/metrics",
|
||||
"/docs",
|
||||
"/redoc",
|
||||
"/openapi.json",
|
||||
"/api/v1/auth/login",
|
||||
"/api/v1/auth/register",
|
||||
"/api/v1/auth/refresh"
|
||||
"/api/v1/auth/refresh",
|
||||
"/api/v1/auth/verify" # ✅ Add verify to public routes
|
||||
]
|
||||
|
||||
class AuthMiddleware(BaseHTTPMiddleware):
|
||||
"""Authentication middleware class"""
|
||||
"""Authentication middleware with better error handling"""
|
||||
|
||||
async def dispatch(self, request: Request, call_next) -> Response:
|
||||
"""Process request with authentication"""
|
||||
@@ -43,6 +41,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
|
||||
# Get token from header
|
||||
token = self._extract_token(request)
|
||||
if not token:
|
||||
logger.warning(f"Missing token for {request.url.path}")
|
||||
return JSONResponse(
|
||||
status_code=401,
|
||||
content={"detail": "Authentication required"}
|
||||
@@ -54,16 +53,30 @@ class AuthMiddleware(BaseHTTPMiddleware):
|
||||
payload = jwt_handler.verify_token(token)
|
||||
|
||||
if payload:
|
||||
# Validate required fields
|
||||
required_fields = ["user_id", "email", "tenant_id"]
|
||||
missing_fields = [field for field in required_fields if field not in payload]
|
||||
|
||||
if missing_fields:
|
||||
logger.warning(f"Token missing required fields: {missing_fields}")
|
||||
return JSONResponse(
|
||||
status_code=401,
|
||||
content={"detail": f"Invalid token: missing {missing_fields}"}
|
||||
)
|
||||
|
||||
# Add user info to request state
|
||||
request.state.user = payload
|
||||
logger.debug(f"Authenticated user: {payload.get('email')} (tenant: {payload.get('tenant_id')})")
|
||||
return await call_next(request)
|
||||
else:
|
||||
# Token invalid or expired, verify with auth service
|
||||
# Token invalid or expired, try auth service verification
|
||||
logger.info("Local token verification failed, trying auth service")
|
||||
user_info = await self._verify_with_auth_service(token)
|
||||
if user_info:
|
||||
request.state.user = user_info
|
||||
return await call_next(request)
|
||||
else:
|
||||
logger.warning("Auth service verification also failed")
|
||||
return JSONResponse(
|
||||
status_code=401,
|
||||
content={"detail": "Invalid or expired token"}
|
||||
@@ -92,15 +105,18 @@ class AuthMiddleware(BaseHTTPMiddleware):
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=5.0) as client:
|
||||
response = await client.post(
|
||||
f"{settings.AUTH_SERVICE_URL}/verify",
|
||||
f"{settings.AUTH_SERVICE_URL}/api/v1/auth/verify",
|
||||
headers={"Authorization": f"Bearer {token}"}
|
||||
)
|
||||
|
||||
if response.status_code == 200:
|
||||
return response.json()
|
||||
user_info = response.json()
|
||||
logger.debug(f"Auth service verification successful: {user_info.get('email')}")
|
||||
return user_info
|
||||
else:
|
||||
logger.warning(f"Auth service verification failed: {response.status_code}")
|
||||
return None
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f"Auth service verification failed: {e}")
|
||||
return None
|
||||
return None
|
||||
Reference in New Issue
Block a user