26 lines
1002 B
Python
26 lines
1002 B
Python
from django.utils.deprecation import MiddlewareMixin
|
|
from .models import BlacklistedAccessToken
|
|
from apps.authentication.tools import get_token_jti
|
|
from rest_framework.exceptions import AuthenticationFailed
|
|
from apps.authentication.exceptions import TokenBlackListedException
|
|
from rest_framework.response import Response
|
|
from django.http import JsonResponse
|
|
from rest_framework import status
|
|
|
|
|
|
class BlockedTokenMiddleware:
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
auth_header = request.headers.get('Authorization')
|
|
if auth_header and auth_header.startswith('Bearer '):
|
|
token_str = auth_header[7:]
|
|
jti, _ = get_token_jti(token_str)
|
|
if jti and BlacklistedAccessToken.objects.filter(jti=jti).exists():
|
|
return JsonResponse({
|
|
'detail': 'Access token has been blacklisted'
|
|
}, status=401)
|
|
|
|
return self.get_response(request)
|