-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
30 lines (24 loc) · 1016 Bytes
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from typing import List
from fastapi import HTTPException
from logger import *
from models import *
from starlette import status
from .jwt_utils import verify_token_signature
async def authorize(token: str, required_scopes: List[str]):
"""
Verifies that the provided token contains the required scopes for the action.
"""
# Decode and verify the token
decoded_token = await verify_token_signature(token)
logger.info(decoded_token)
# Check if the token includes all required scopes
missing_scopes = [scope for scope in required_scopes if scope not in decoded_token.get_scopes()]
if missing_scopes:
logger.error(f"Token missing required scopes: {missing_scopes}")
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Insufficient scope",
headers={"WWW-Authenticate": "Bearer"},
)
# Log success if the token has all required scopes
logger.info(f"Token has required scopes: {required_scopes}.")