damanukyan/auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add csrf

Browse Source
This commit is contained in:
Daniil Manukian
2026-04-17 12:02:26 +03:00
parent 54ebcaeb81
commit 0130912555
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/presentation/routing/auth.py
View File

@@ -12,7 +12,7 @@ from src.application.contracts import ILogger
from src.application.domain.dto import UserLoginDto
from src.infrastructure.config import settings
from src.infrastructure.logger import get_logger
from src.presentation.decorators import rate_limit, email_rl_key
from src.presentation.decorators import csrf_protect,rate_limit,email_rl_key
from src.presentation.dependencies import (
get_user_registration_complete_command,
get_user_logout_command,
@@ -44,6 +44,7 @@ async def registration_start(
@auth_router.post(path='/registration/complete', response_class=ORJSONResponse, status_code=status.HTTP_201_CREATED)
@rate_limit(limit=10, window_seconds=300, scope='ip')
@csrf_protect()
async def registration(
request: Request,
user: RegistrationComplete,
@@ -105,6 +106,7 @@ async def registration(
@auth_router.post(path='/login/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=5, window_seconds=60, scope='ip')
@rate_limit(limit=3, window_seconds=600, scope='key', key_prefix='rl:login_start', key_builder=email_rl_key)
@csrf_protect()
async def login_start(
request: Request,
body: LoginStart,
@@ -116,6 +118,7 @@ async def login_start(
@auth_router.post(path='/login/compete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=10, window_seconds=300, scope='ip')
@csrf_protect()
async def login(
request: Request,
user: UserLogin,
@@ -197,6 +200,7 @@ async def login(
@auth_router.post(path='/logout', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
@csrf_protect()
async def logout_current(
request: Request,
command: UserLogoutCommand = Depends(get_user_logout_command),

3
src/presentation/routing/jwt.py
View File

@@ -4,7 +4,7 @@ from starlette import status
from src.application.commands import JwtRefreshCommand
from src.application.domain.exceptions import ApplicationException
from src.infrastructure.config import settings
from src.presentation.decorators import rate_limit
from src.presentation.decorators import csrf_protect,rate_limit
from src.presentation.dependencies import get_jwt_refresh_command
@@ -13,6 +13,7 @@ jwt_router = APIRouter(prefix='/jwt', tags=['Jwt'])
@jwt_router.post('/refresh', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@rate_limit(limit=settings.RATE_LIMIT_REQUESTS, window_seconds=settings.RATE_LIMIT_WINDOW, scope='ip')
@csrf_protect()
async def refresh_tokens(
request: Request,
command: JwtRefreshCommand = Depends(get_jwt_refresh_command)