52 lines
1.7 KiB
Python
52 lines
1.7 KiB
Python
# /home/ram/aparsoft/backend/apps/accounts/services/auth.py
|
|
|
|
# backend/apps/accounts/api/serializers/auth.py
|
|
|
|
from rest_framework_simplejwt.authentication import JWTAuthentication
|
|
from django.conf import settings
|
|
from rest_framework.authentication import CSRFCheck
|
|
from rest_framework import exceptions
|
|
|
|
|
|
class CustomJWTCookieAuthentication(JWTAuthentication):
|
|
"""
|
|
Custom authentication class that validates JWT tokens from cookies.
|
|
Supports both cookie-based and header-based authentication.
|
|
"""
|
|
|
|
def authenticate(self, request):
|
|
# First try to get the token from the cookie
|
|
header = self.get_header(request)
|
|
|
|
if header is None:
|
|
# Try to get token from cookies
|
|
auth_cookie_name = settings.SIMPLE_JWT.get('AUTH_COOKIE', 'access_token')
|
|
access_token = request.COOKIES.get(auth_cookie_name)
|
|
if access_token:
|
|
raw_token = access_token
|
|
else:
|
|
return None
|
|
else:
|
|
# Get token from Authorization header
|
|
raw_token = self.get_raw_token(header)
|
|
if raw_token is None:
|
|
return None
|
|
|
|
validated_token = self.get_validated_token(raw_token)
|
|
user = self.get_user(validated_token)
|
|
|
|
# Update last_active timestamp
|
|
user.update_last_active(save=True)
|
|
|
|
return user, validated_token
|
|
|
|
def enforce_csrf(self, request):
|
|
"""
|
|
Enforce CSRF validation for cookie-based authentication.
|
|
"""
|
|
check = CSRFCheck()
|
|
check.process_request(request)
|
|
reason = check.process_view(request, None, (), {})
|
|
if reason:
|
|
raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
|