damanukyan/auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add csrf

Browse Source
This commit is contained in:
Daniil Manukian
2026-04-17 12:02:26 +03:00
parent 54ebcaeb81
commit 0130912555
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/presentation/routing/auth.py
View File

@@ -12,7 +12,7 @@ from src.application.contracts import ILogger
from src.application.domain.dto import UserLoginDto from src.application.domain.dto import UserLoginDto
from src.infrastructure.config import settings from src.infrastructure.config import settings
from src.infrastructure.logger import get_logger from src.infrastructure.logger import get_logger
from src.presentation.decorators import rate_limit, email_rl_key from src.presentation.decorators import csrf_protect,rate_limit,email_rl_key
from src.presentation.dependencies import ( from src.presentation.dependencies import (
get_user_registration_complete_command, get_user_registration_complete_command,
get_user_logout_command, get_user_logout_command,
@@ -44,6 +44,7 @@ async def registration_start(
@auth_router.post(path='/registration/complete', response_class=ORJSONResponse, status_code=status.HTTP_201_CREATED) @auth_router.post(path='/registration/complete', response_class=ORJSONResponse, status_code=status.HTTP_201_CREATED)
@rate_limit(limit=10, window_seconds=300, scope='ip') @rate_limit(limit=10, window_seconds=300, scope='ip')
@csrf_protect()
async def registration( async def registration(
request: Request, request: Request,
user: RegistrationComplete, user: RegistrationComplete,
@@ -105,6 +106,7 @@ async def registration(
@auth_router.post(path='/login/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK) @auth_router.post(path='/login/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=5, window_seconds=60, scope='ip') @rate_limit(limit=5, window_seconds=60, scope='ip')
@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:login_start', key_builder=email_rl_key) @rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:login_start', key_builder=email_rl_key)
@csrf_protect()
async def login_start( async def login_start(
request: Request, request: Request,
body: LoginStart, body: LoginStart,
@@ -116,6 +118,7 @@ async def login_start(
@auth_router.post(path='/login/compete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK) @auth_router.post(path='/login/compete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=10, window_seconds=300, scope='ip') @rate_limit(limit=10, window_seconds=300, scope='ip')
@csrf_protect()
async def login( async def login(
request: Request, request: Request,
user: UserLogin, user: UserLogin,
@@ -197,6 +200,7 @@ async def login(
@auth_router.post(path='/logout', response_class=ORJSONResponse, status_code=status.HTTP_200_OK) @auth_router.post(path='/logout', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip') @rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
@csrf_protect()
async def logout_current( async def logout_current(
request: Request, request: Request,
command: UserLogoutCommand = Depends(get_user_logout_command), command: UserLogoutCommand = Depends(get_user_logout_command),

3
src/presentation/routing/jwt.py
View File

@@ -4,7 +4,7 @@ from starlette import status
from src.application.commands import JwtRefreshCommand from src.application.commands import JwtRefreshCommand
from src.application.domain.exceptions import ApplicationException from src.application.domain.exceptions import ApplicationException
from src.infrastructure.config import settings from src.infrastructure.config import settings
from src.presentation.decorators import rate_limit from src.presentation.decorators import csrf_protect,rate_limit
from src.presentation.dependencies import get_jwt_refresh_command from src.presentation.dependencies import get_jwt_refresh_command
@@ -13,6 +13,7 @@ jwt_router = APIRouter(prefix='/jwt', tags=['Jwt'])
@jwt_router.post('/refresh', response_class=ORJSONResponse, status_code=status.HTTP_200_OK) @jwt_router.post('/refresh', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip') @rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
@csrf_protect()
async def refresh_tokens( async def refresh_tokens(
request: Request, request: Request,
command: JwtRefreshCommand = Depends(get_jwt_refresh_command) command: JwtRefreshCommand = Depends(get_jwt_refresh_command)