Created
October 9, 2018 18:24
-
-
Save pizzapanther/c0237ad0bcdea1565b800abec22df6aa to your computer and use it in GitHub Desktop.
Properly auth the Django way with DRF JWT Token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import jwt | |
from django.utils.functional import SimpleLazyObject | |
from django.contrib.auth.middleware import get_user | |
from django.contrib.auth.models import AnonymousUser | |
from django.conf import settings | |
from django.contrib.auth import get_user_model | |
from django.contrib.auth import logout as do_logout | |
EXEMPT = ('/get-jwt', '/refresh-jwt', '/google-tokens', '/refresh-google-token') | |
def csrf_exempt(get_response): | |
def middleware(request): | |
if request.path.startswith(EXEMPT): | |
request._dont_enforce_csrf_checks = True | |
response = get_response(request) | |
return response | |
return middleware | |
def get_jwt_user(request): | |
try: | |
token = request.META['HTTP_AUTHORIZATION'].split(' ')[1] | |
user_data = jwt.decode(token, settings.SECRET_KEY, algorithm='HS256') | |
except: | |
return AnonymousUser() | |
User = get_user_model() | |
try: | |
user = User.objects.get(id=user_data['uid'], version=user_data['version']) | |
except: | |
return AnonymousUser() | |
else: | |
return user | |
def jwt_auth(get_response): | |
def middleware(request): | |
if 'HTTP_AUTHORIZATION' in request.META: | |
request.user = SimpleLazyObject(lambda: get_jwt_user(request)) | |
else: | |
request.user = SimpleLazyObject(lambda: get_user(request)) | |
response = get_response(request) | |
return response | |
return middleware |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment