lukas/uis-cloud-computing
1
0
Fork 0
mirror of https://github.com/dat515-2025/Group-8.git synced 2026-03-22 15:12:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(backend): implemented jwt token invalidation so users cannot use it after expiry

Browse Source
This commit is contained in:
ribardej
2025-10-23 19:04:48 +02:00
parent 4f6d46ba7e
commit 584c090b80
7 changed files with 271 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
7project/backend/app/app.py
View File

@@ -16,6 +16,8 @@ from app.api.csas import router as csas_router
from app.api.categories import router as categories_router
from app.api.transactions import router as transactions_router
from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider, UserManager, get_jwt_strategy
from app.core.security import extract_bearer_token, is_token_revoked, decode_and_verify_jwt
from app.services.user_service import SECRET
from fastapi import FastAPI
@@ -49,6 +51,24 @@ fastApi.include_router(categories_router)
fastApi.include_router(transactions_router)
logging.basicConfig(filename='app.log', level=logging.INFO, format='%(asctime)s %(message)s')
@fastApi.middleware("http")
async def auth_guard(request: Request, call_next):
# Enforce revoked/expired JWTs are rejected globally
token = extract_bearer_token(request)
if token:
# Deny if token is revoked
if is_token_revoked(token):
from fastapi import Response, status as _status
return Response(status_code=_status.HTTP_401_UNAUTHORIZED)
# Deny if token is expired or invalid
try:
decode_and_verify_jwt(token, SECRET)
except Exception:
from fastapi import Response, status as _status
return Response(status_code=_status.HTTP_401_UNAUTHORIZED)
return await call_next(request)
@fastApi.middleware("http")
async def log_traffic(request: Request, call_next):
start_time = datetime.now()