55 lines
1.8 KiB
Python
55 lines
1.8 KiB
Python
#api/auth.py
|
|
from flask import Blueprint, session, redirect, url_for, jsonify
|
|
from authlib.integrations.flask_client import OAuth
|
|
from contexts.RequestContext import RequestContext
|
|
from api import limiter
|
|
import env_provider
|
|
import logging
|
|
|
|
logger = logging.getLogger(__name__)
|
|
auth_bp = Blueprint('auth', __name__, url_prefix='/api')
|
|
|
|
oauth = OAuth()
|
|
keycloak = oauth.register(
|
|
'keycloak',
|
|
client_id=env_provider.CLIENT_ID,
|
|
client_secret=env_provider.CLIENT_SECRET,
|
|
server_metadata_url="https://login.hangman-lab.top/auth/realms/Hangman-Lab/.well-known/openid-configuration",
|
|
client_kwargs={"scope": "openid email profile"},
|
|
)
|
|
|
|
@auth_bp.route('/login', methods=['GET'])
|
|
@limiter.limit("20 per minute")
|
|
def login():
|
|
redirect_uri = url_for("auth.authorize", _external=True)
|
|
return keycloak.authorize_redirect(redirect_uri)
|
|
|
|
@auth_bp.route('/authorize', methods=['GET'])
|
|
@limiter.limit("20 per minute")
|
|
def authorize():
|
|
try:
|
|
token = keycloak.authorize_access_token()
|
|
user_info = keycloak.parse_id_token(token)
|
|
session['user'] = user_info
|
|
return jsonify({"message": "login successful", "user": user_info})
|
|
except Exception as e:
|
|
logger.error(f"Authorization failed: {str(e)}")
|
|
errno = RequestContext.get_error_id()
|
|
return jsonify({"error": f"Authorization failed - {errno}"}), 401
|
|
@auth_bp.route('/logout', methods=['GET'])
|
|
def logout():
|
|
u = session.pop('user', None)
|
|
if u:
|
|
logger.info(f"Logged out user: {u}")
|
|
logout_url = "https://login.hangman-lab.top/auth/realms/Hangman-Lab/protocol/openid-connect/logout"
|
|
return redirect(logout_url)
|
|
|
|
@auth_bp.route("/user", methods=["GET"])
|
|
@limiter.limit("80 per minute")
|
|
def user():
|
|
u = session.get('user')
|
|
if not u:
|
|
return jsonify({"username": "guest", "role": "guest"})
|
|
return jsonify(u)
|
|
|