Skip to content

Commit

Permalink
Update auth endpoint to only require client_id since permissions ar…
Browse files Browse the repository at this point in the history 
…e per-client

Add token dependency to permissions endpoint to avoid abuse
  • Loading branch information
@NeonDaniel
NeonDaniel committed Oct 17, 2024
1 parent 3df6d8f commit 6ce3c6c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
8 changes: 4 additions & 4 deletions neon_hana/app/routers/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

from fastapi import APIRouter, Request
from fastapi import APIRouter, Request, Depends

from neon_hana.app.dependencies import client_manager
from neon_hana.app.dependencies import client_manager, jwt_bearer
from neon_hana.auth.permissions import ClientPermissions
from neon_hana.schema.auth_requests import *

Expand All @@ -45,6 +45,6 @@ async def check_refresh(request: RefreshRequest) -> AuthenticationResponse:
return client_manager.check_refresh_request(**dict(request))


@auth_route.post("/permissions")
@auth_route.post("/permissions", dependencies=[Depends(jwt_bearer)])
async def check_permissions(request: PermissionsRequest) -> ClientPermissions:
return client_manager.get_permissions(request.client_id)
return client_manager.get_permissions(request.client_id)
1 change: 0 additions & 1 deletion neon_hana/schema/auth_requests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,5 +68,4 @@ class RefreshRequest(BaseModel):


class PermissionsRequest(BaseModel):
access_token: str
client_id: str

0 comments on commit 6ce3c6c

Please sign in to comment.