Switch to cognito user/password authentication. Major code refactor - Fix 2
All checks were successful
AWS Deploy on Push / build (push) Successful in 4m25s
All checks were successful
AWS Deploy on Push / build (push) Successful in 4m25s
This commit is contained in:
@@ -7,8 +7,10 @@ from fastapi.security import OAuth2PasswordBearer
|
||||
from app.auth.cognito import get_user_from_token
|
||||
from app.models.auth import CognitoUser
|
||||
|
||||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="signin")
|
||||
|
||||
oauth2_scheme = OAuth2PasswordBearer(
|
||||
tokenUrl="signin",
|
||||
scheme_name="Bearer"
|
||||
)
|
||||
|
||||
def get_current_user(token: str = Depends(oauth2_scheme)) -> CognitoUser:
|
||||
"""
|
||||
|
||||
53
app/main.py
53
app/main.py
@@ -1,3 +1,4 @@
|
||||
from fastapi.security import OAuth2PasswordBearer
|
||||
import uvicorn
|
||||
from fastapi import FastAPI, Depends
|
||||
from fastapi.responses import RedirectResponse
|
||||
@@ -5,7 +6,54 @@ from app.auth.cognito import initiate_auth
|
||||
from app.auth.dependencies import get_current_user, require_roles
|
||||
from app.models.auth import CognitoUser, SigninRequest, TokenResponse
|
||||
|
||||
app = FastAPI()
|
||||
from fastapi import FastAPI, Depends, Security
|
||||
from fastapi.security import OAuth2PasswordBearer
|
||||
from fastapi.openapi.utils import get_openapi
|
||||
|
||||
app = FastAPI(
|
||||
title="IPTV Updater API",
|
||||
description="API for IPTV Updater service",
|
||||
version="1.0.0",
|
||||
)
|
||||
|
||||
def custom_openapi():
|
||||
if app.openapi_schema:
|
||||
return app.openapi_schema
|
||||
|
||||
openapi_schema = get_openapi(
|
||||
title=app.title,
|
||||
version=app.version,
|
||||
description=app.description,
|
||||
routes=app.routes,
|
||||
)
|
||||
|
||||
# Ensure components object exists
|
||||
if "components" not in openapi_schema:
|
||||
openapi_schema["components"] = {}
|
||||
|
||||
# Add schemas if they don't exist
|
||||
if "schemas" not in openapi_schema["components"]:
|
||||
openapi_schema["components"]["schemas"] = {}
|
||||
|
||||
# Add security scheme component
|
||||
openapi_schema["components"]["securitySchemes"] = {
|
||||
"Bearer": {
|
||||
"type": "http",
|
||||
"scheme": "bearer",
|
||||
"bearerFormat": "JWT"
|
||||
}
|
||||
}
|
||||
|
||||
# Add global security requirement
|
||||
openapi_schema["security"] = [{"Bearer": []}]
|
||||
|
||||
# Set OpenAPI version explicitly
|
||||
openapi_schema["openapi"] = "3.1.0"
|
||||
|
||||
app.openapi_schema = openapi_schema
|
||||
return app.openapi_schema
|
||||
|
||||
app.openapi = custom_openapi
|
||||
|
||||
@app.get("/")
|
||||
async def root():
|
||||
@@ -25,7 +73,8 @@ def signin(credentials: SigninRequest):
|
||||
token_type="Bearer",
|
||||
)
|
||||
|
||||
@app.get("/protected")
|
||||
@app.get("/protected",
|
||||
summary="Protected endpoint for authenticated users")
|
||||
async def protected_route(user: CognitoUser = Depends(get_current_user)):
|
||||
"""
|
||||
Protected endpoint that requires for all authenticated users.
|
||||
|
||||
@@ -11,7 +11,7 @@ AWS_REGION = os.environ.get("AWS_REGION", "us-east-2")
|
||||
COGNITO_USER_POOL_ID = os.getenv("COGNITO_USER_POOL_ID")
|
||||
COGNITO_CLIENT_ID = os.getenv("COGNITO_CLIENT_ID")
|
||||
COGNITO_CLIENT_SECRET = os.environ.get("COGNITO_CLIENT_SECRET", None)
|
||||
USER_ROLE_ATTRIBUTE = "custom:role"
|
||||
USER_ROLE_ATTRIBUTE = "zoneinfo"
|
||||
|
||||
IPTV_SERVER_URL = os.getenv("IPTV_SERVER_URL", "https://iptv.fiorinis.com")
|
||||
|
||||
|
||||
Reference in New Issue
Block a user