diff --git a/common_lib/utils/auth.py b/common_lib/utils/auth.py index 20b4c74..af39845 100644 --- a/common_lib/utils/auth.py +++ b/common_lib/utils/auth.py @@ -60,6 +60,72 @@ async def _fetch_current_user( ) +class AuthInvalidToken(Exception): pass +class AuthSessionNotFound(Exception): pass +class AuthPermissionDenied(Exception): pass +class AuthConflictError(Exception): pass +class AuthServiceError(Exception): pass + + +async def fetch_user_for_sio( + token: str, + ip: str, + user_agent: str, + require_permissions: bool = False +) -> CurrentUser: + """ + Fetches user data for Socket.IO, decoupled from FastAPI's Request object. + """ + try: + response = await client.post( + f"{settings.TOKEN_SERVICE}/decode", + json={ + "token": token, + "ip": ip, + "user_agent": user_agent, + "require_permissions": require_permissions + }, + ) + except httpx.RequestError as e: + # Сервис недоступен (network error / timeout) + raise AuthServiceError("Token service unavailable") from e + + # Если не 200, разбираем ошибку + if response.status_code != 200: + try: + error_json = response.json() + message = error_json.get("errors", [{}])[0].get("message", "Unknown error") + except ValueError: + message = response.text or "Unknown error" + + print("response.status_code", response.status_code) + # Разные статусы → разные исключения + if response.status_code in (400, 401): + raise AuthInvalidToken(message) + elif response.status_code == 403: + raise AuthPermissionDenied(message) + elif response.status_code == 404: + raise AuthSessionNotFound(message) + elif response.status_code == 409: + raise AuthConflictError(message) + elif response.status_code >= 500: + raise AuthServiceError("Authentication service error: " + message) + else: + # fallback (нестандартный статус) + raise AuthServiceError(message) + + # Успех + wrapped = response.json() + data = wrapped["data"] + + return CurrentUser( + token=token, + user_id=data["user_id"], + session_id=data["session_id"], + permissions=data["permissions"] + ) + + async def get_current_user( request: Request, credentials: HTTPAuthorizationCredentials = Depends(auth_scheme) diff --git a/pyproject.toml b/pyproject.toml index 6d490a9..acd1eba 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "common-lib" -version = "0.0.24" +version = "0.0.25" description = "Библиотека общих компонентов для микросервисов yobble" authors = [{ name = "cheykrym", email = "you@example.com" }] license = "MIT"