chat ws with pfp is working

2026-05-28 17:23:04 +02:00
parent f19375254f
commit 8269d044a2
28 changed files with 299 additions and 90 deletions
--- a/backend/vontor_cz/asgi.py
+++ b/backend/vontor_cz/asgi.py
@@ -16,15 +16,17 @@ from django.core.asgi import get_asgi_application
 django_asgi_app = get_asgi_application()

 from channels.routing import ProtocolTypeRouter, URLRouter
-from channels.auth import AuthMiddlewareStack
-import social.chat.routing
+from social.chat.routing import websocket_urlpatterns as social_ws
 from thirdparty.downloader.routing import websocket_urlpatterns as downloader_ws
+from vontor_cz.middleware import JWTAuthMiddleware
+
+websocket_urlpatterns = downloader_ws + social_ws

 application = ProtocolTypeRouter({
    "http": django_asgi_app,
-    "websocket": AuthMiddlewareStack(
+    "websocket": JWTAuthMiddleware(
        URLRouter(
-            downloader_ws + social.chat.routing.websocket_urlpatterns
+            websocket_urlpatterns
        )
    ),
 })
--- a/backend/vontor_cz/middleware.py
+++ b/backend/vontor_cz/middleware.py
@@ -0,0 +1,83 @@
+import logging
+
+from channels.db import database_sync_to_async
+from channels.middleware import BaseMiddleware
+from django.contrib.auth.models import AnonymousUser
+from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
+from rest_framework_simplejwt.tokens import AccessToken
+
+logger = logging.getLogger(__name__)
+
+
+# ---------- WEBSOCKET JWT AUTH VALIDATION -----------
+
+@database_sync_to_async
+def get_user_from_token(token_string):
+    """
+    Validate JWT token and return user
+    """
+    try:
+        # Validate the token
+        access_token = AccessToken(token_string)
+
+        # Get user ID from token
+        user_id = access_token.get('user_id')
+
+        if not user_id:
+            return AnonymousUser()
+
+        # Import here to avoid circular imports
+        from account.models import CustomUser
+
+        # Get user from database
+        try:
+            user = CustomUser.objects.get(id=user_id)
+            return user
+        except CustomUser.DoesNotExist:
+            return AnonymousUser()
+
+    except (TokenError, InvalidToken, Exception) as e:
+        logger.warning(f"JWT validation failed in websocket: {e}")
+        return AnonymousUser()
+
+
+class JWTAuthMiddleware(BaseMiddleware):
+    """
+    Custom middleware to authenticate WebSocket connections using JWT from cookies.
+    Replaces AuthMiddlewareStack / CSRF validation for WebSocket routes.
+    """
+
+    async def __call__(self, scope, receive, send):
+        # Get headers from scope
+        headers = dict(scope.get('headers', []))
+
+        # Extract cookies from headers
+        cookie_header = headers.get(b'cookie', b'').decode('utf-8')
+
+        logger.info(f"[WS] cookie header present: {bool(cookie_header)} | keys: {[c.split('=')[0].strip() for c in cookie_header.split('; ') if '=' in c]}")
+
+        # Parse cookies
+        cookies = {}
+        if cookie_header:
+            for cookie in cookie_header.split('; '):
+                if '=' in cookie:
+                    key, value = cookie.split('=', 1)
+                    cookies[key.strip()] = value
+
+        # Get access_token from cookies
+        token = cookies.get('access_token')
+
+        logger.info(f"[WS] token found: {bool(token)}")
+
+        # Authenticate user
+        if token:
+            scope['user'] = await get_user_from_token(token)
+        else:
+            scope['user'] = AnonymousUser()
+
+        logger.info(f"[WS] authenticated as: {scope['user']} | is_authenticated: {getattr(scope['user'], 'is_authenticated', False)}")
+
+        return await super().__call__(scope, receive, send)
+
+
+# ---------- END | WEBSOCKET JWT AUTH VALIDATION -----------
--- a/backend/vontor_cz/settings.py
+++ b/backend/vontor_cz/settings.py
@@ -306,12 +306,8 @@ else:
 REST_FRAMEWORK = {
 	"DATETIME_FORMAT": "%Y-%m-%d %H:%M",  # Pavel
 	'DEFAULT_AUTHENTICATION_CLASSES': (
-		# In DEBUG keep Session + JWT + your cookie class for convenience
-		'rest_framework.authentication.SessionAuthentication',
 		'rest_framework_simplejwt.authentication.JWTAuthentication',
 		'account.tokens.CookieJWTAuthentication',
-	) if DEBUG else (
-		'account.tokens.CookieJWTAuthentication',
 	),
 	'DEFAULT_PERMISSION_CLASSES': (
 		'rest_framework.permissions.AllowAny',
@@ -427,7 +423,6 @@ MIDDLEWARE = [
    'silk.middleware.SilkyMiddleware',

 	'django.contrib.sessions.middleware.SessionMiddleware',
-	'django.middleware.csrf.CsrfViewMiddleware',
 	'django.contrib.auth.middleware.AuthenticationMiddleware',
 	'django.contrib.messages.middleware.MessageMiddleware',
 	'django.middleware.clickjacking.XFrameOptionsMiddleware',