fix: fix token revogation

2025-06-12 12:47:37 +02:00 · 2022-10-17 16:57:29 -03:00
parent 07800c4d62
commit 2d3e62addf
33 changed files with 101 additions and 80 deletions
--- a/app/controllers/Announcements.py
+++ b/app/controllers/Announcements.py
@ -99,4 +99,4 @@ class Announcements:
                return False
            return True
        else:
-            return False
+            return False
--- a/app/controllers/Auth.py
+++ b/app/controllers/Auth.py
@ -1,10 +1,13 @@
+from datetime import timedelta
 import os
 import toml
+from datetime import timedelta
 from pydantic import BaseModel
+from fastapi_paseto_auth import AuthPASETO

 config: dict = toml.load("config.toml")

 class PasetoSettings(BaseModel):
    authpaseto_secret_key: str = os.environ['SECRET_KEY']
    authpaseto_access_token_expires: int | bool = config['auth']['access_token_expires']
-    
+    authpaseto_denylist_enabled: bool = True
--- a/app/controllers/Clients.py
+++ b/app/controllers/Clients.py
@ -266,7 +266,13 @@ class Clients:
        banned: bool = False
        
        try:
-            await self.redis_tokens.set(token, '')
+            if type(config['auth']['access_token_expires']) is bool:
+                await self.redis_tokens.set(name=token, value="", nx=True)
+            else:
+                await self.redis_tokens.set(name=token,
+                                            value="",
+                                            nx=True,
+                                            ex=config['auth']['access_token_expires'])
            await self.UserLogger.log("BAN_TOKEN", None, token)
            banned = True
        except aioredis.RedisError as e:
@ -275,52 +281,25 @@ class Clients:
        
        return banned
    
-    async def is_token_banned(self, token: str) -> bool:
-        """Check if a token is banned
-
-        Args:
-            token (str): Token to check
-
-        Returns:
-            bool: True if the token is banned, False otherwise
-        """
-        
-        banned: bool = True
-        
-        try:
-            banned = await self.redis_tokens.exists(token)
-            await self.UserLogger.log("CHECK_TOKEN", None, token)
-        except aioredis.RedisError as e:
-            await self.UserLogger.log("CHECK_TOKEN", e)
-            raise e
-        
-        return banned
-    
    async def auth_checks(self, client_id: str, token: str) -> bool:
        """Check if a client exists, is active and the token isn't banned

        Args:
            client_id (str): UUID of the client
            secret (str): Secret of the client
+            token (str): Token JTI

        Returns:
            bool: True if the client exists, is active
            and the token isn't banned, False otherwise
        """

-        if await self.exists(client_id):
-            if await self.is_active(client_id):
-                if not await self.is_token_banned(token):
-                    return True
-                else:
-                    return False
-            else:
-                if not await self.is_token_banned(token):
-                    await self.ban_token(token)
-                    return False
+        if await self.exists(client_id) and await self.is_active(client_id):
+                return True
        else:
-            await self.ban_token(token)
-            return False
+            if not await self.redis_tokens.exists(token):
+                await self.ban_token(token)
+                return False
        
        return False
    
@ -348,4 +327,4 @@ class Clients:
                await self.UserLogger.log("CREATE_ADMIN", e)
                raise e
        
-        return created
+        return created
--- a/app/controllers/Releases.py
+++ b/app/controllers/Releases.py
@ -186,4 +186,4 @@ class Releases:
            
            return payload
        else:
-            raise Exception("Invalid organization.")
+            raise Exception("Invalid organization.")