Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat[bckend-middleware]:Implemented custom middleware to check for blacklisted access tokens in Redis. #107

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat[bckend-middleware]:Implemented custom middleware to check for blacklisted access tokens in Redis. #107

wants to merge 2 commits into from

Conversation

shikharpa
Copy link
Collaborator

@shikharpa shikharpa commented Apr 1, 2024
edited
Loading

This pull request introduces a custom middleware to check for blacklisted access tokens in Redis. The middleware intercepts incoming requests and verifies the validity of access tokens against a blacklist stored in Redis. If a token is found to be blacklisted, the middleware rejects the request with a 401 Unauthorized status code.

  • Added a custom middleware class CustomOutstandingTokenMiddleware to handle token blacklisting.
  • Updated middleware settings and application configurations.

Summary

  • Tested (Must)
  • Test Case added
  • Build Successful (Must)
  • Sufficient Code comments added (Must)
  • Attached Screenshots / Videos
  • All Relevant Documents added

Depends on

@shikharpa shikharpa force-pushed the feat/custom-token-middleware branch from 185897d to d4c34e9 Compare April 1, 2024 09:45
yogai53
yogai53 requested changes Apr 9, 2024
View reviewed changes
services/api/kalvi/middlewares/tokenMiddleware.py
return self.get_response(request)
token = auth_header.split()[1]
token_obj = str(AccessToken(token))
redis_conn = get_redis_connection()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create a separate class for Redis in a separate file and implement the logic there.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there should be separate file for redis config too and blacklisting refresh token too, I am thinking raising seperate PR for this , kinda chore/refactor tasks. I will put everything related to redis at one place.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is your view on this?

services/api/kalvi/api/views/auth.py
# Blacklist tokens in Redis
refresh_exp_time = int(settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'].total_seconds())
access_exp_time = int(settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'].total_seconds())
with redis_conn.pipeline() as pipe:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create a separate class for Redis in a separate file and implement the logic there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yogai53 yogai53 yogai53 requested changes

@yaju09 yaju09 Awaiting requested review from yaju09 yaju09 is a code owner

@elizabeththomas92 elizabeththomas92 Awaiting requested review from elizabeththomas92 elizabeththomas92 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shikharpa @yogai53