51423779a8
- Added OAuth2 endpoints for Google and GitHub authentication. - Created OAuth service to handle provider interactions and user info retrieval. - Implemented user OAuth repository for managing user OAuth links in the database. - Updated auth service to support linking existing users and creating new users via OAuth. - Added CORS middleware to allow frontend access. - Created tests for OAuth endpoints and service functionality. - Introduced environment configuration for OAuth client IDs and secrets. - Added logging for OAuth operations and error handling.
112 lines
3.5 KiB
Python
112 lines
3.5 KiB
Python
"""OAuth2 authentication endpoints."""
|
|
|
|
from typing import Annotated
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query, Response, status
|
|
from fastapi.responses import RedirectResponse
|
|
|
|
from app.core.config import settings
|
|
from app.core.dependencies import get_auth_service, get_oauth_service
|
|
from app.core.logging import get_logger
|
|
from app.services.auth import AuthService
|
|
from app.services.oauth import OAuthService
|
|
|
|
router = APIRouter()
|
|
logger = get_logger(__name__)
|
|
|
|
|
|
@router.get("/{provider}/authorize")
|
|
async def oauth_authorize(
|
|
provider: str,
|
|
oauth_service: Annotated[OAuthService, Depends(get_oauth_service)],
|
|
) -> dict[str, str]:
|
|
"""Get OAuth authorization URL."""
|
|
try:
|
|
# Generate secure state parameter
|
|
state = oauth_service.generate_state()
|
|
|
|
# Get authorization URL
|
|
auth_url = oauth_service.get_authorization_url(provider, state)
|
|
|
|
except HTTPException:
|
|
raise
|
|
except Exception as e:
|
|
logger.exception("OAuth authorization failed for provider: %s", provider)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="OAuth authorization failed",
|
|
) from e
|
|
else:
|
|
return {
|
|
"authorization_url": auth_url,
|
|
"state": state,
|
|
}
|
|
|
|
|
|
@router.get("/{provider}/callback")
|
|
async def oauth_callback(
|
|
provider: str,
|
|
response: Response,
|
|
code: Annotated[str, Query()],
|
|
oauth_service: Annotated[OAuthService, Depends(get_oauth_service)],
|
|
auth_service: Annotated[AuthService, Depends(get_auth_service)],
|
|
) -> RedirectResponse:
|
|
"""Handle OAuth callback."""
|
|
try:
|
|
# Handle OAuth callback and get user info
|
|
oauth_user_info = await oauth_service.handle_callback(provider, code)
|
|
|
|
# Perform OAuth login (link or create user)
|
|
auth_response = await auth_service.oauth_login(oauth_user_info)
|
|
|
|
# Create and store refresh token
|
|
user = await auth_service.get_current_user(auth_response.user.id)
|
|
refresh_token = await auth_service.create_and_store_refresh_token(user)
|
|
|
|
# Set HTTP-only cookies for both tokens
|
|
response.set_cookie(
|
|
key="access_token",
|
|
value=auth_response.token.access_token,
|
|
max_age=auth_response.token.expires_in,
|
|
httponly=True,
|
|
secure=settings.COOKIE_SECURE,
|
|
samesite=settings.COOKIE_SAMESITE,
|
|
)
|
|
response.set_cookie(
|
|
key="refresh_token",
|
|
value=refresh_token,
|
|
max_age=settings.JWT_REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60,
|
|
httponly=True,
|
|
secure=settings.COOKIE_SECURE,
|
|
samesite=settings.COOKIE_SAMESITE,
|
|
)
|
|
|
|
logger.info(
|
|
"OAuth login successful for user: %s via %s",
|
|
auth_response.user.email,
|
|
provider,
|
|
)
|
|
|
|
# Redirect back to frontend after successful authentication
|
|
return RedirectResponse(
|
|
url="http://localhost:8001/?auth=success",
|
|
status_code=302,
|
|
)
|
|
|
|
except HTTPException:
|
|
raise
|
|
except Exception as e:
|
|
logger.exception("OAuth callback failed for provider: %s", provider)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail="OAuth callback failed",
|
|
) from e
|
|
|
|
|
|
@router.get("/providers")
|
|
async def get_oauth_providers() -> dict[str, list[str]]:
|
|
"""Get list of available OAuth providers."""
|
|
return {
|
|
"providers": ["google", "github"],
|
|
}
|