LeoVasanko/passkey-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
passkey-auth/passkey/fastapi/authz.py
Leo Vasanko b324276173 Cleaned up login/logout flows.
2025-09-02 19:08:16 -06:00

40 lines
1.2 KiB
Python
Raw Blame History

import logging
from fastapi import HTTPException
from ..util import permutil
logger = logging.getLogger(__name__)
async def verify(auth: str | None, perm: list[str], match=permutil.has_all):
"""Validate session token and optional list of required permissions.
Returns the session context.
Raises HTTPException on failure:
401: unauthenticated / invalid session
403: required permissions missing
"""
if not auth:
raise HTTPException(status_code=401, detail="Authentication required")
ctx = await permutil.session_context(auth)
if not ctx:
raise HTTPException(status_code=401, detail="Session not found")
if not match(ctx, perm):
# Determine which permissions are missing for clearer diagnostics
missing = sorted(set(perm) - set(ctx.role.permissions))
logger.warning(
"Permission denied: user=%s role=%s missing=%s required=%s granted=%s", # noqa: E501
getattr(ctx.user, "uuid", "?"),
getattr(ctx.role, "display_name", "?"),
missing,
perm,
ctx.role.permissions,
)
raise HTTPException(status_code=403, detail="Permission required")
return ctx
Reference in New Issue View Git Blame Copy Permalink