Improved middleware for both session and jwt authentication

MySecondLanguage · MySecondLanguage · commit 4dff616a48df · 2025-01-28T14:10:50.000+06:00
diff --git a/nxtbn/settings.py b/nxtbn/settings.py
@@ -334,7 +334,7 @@ def get_env_var(key, default=None, var_type=str):
     'SCHEMA': 'nxtbn.admin_schema.admin_schema',
     'MIDDLEWARE': [
         'graphene_django.debug.DjangoDebugMiddleware',
-        'nxtbn.users.auth_middleware.GraphQLJWTMiddleware',
+        'nxtbn.users.auth_middleware.NXTBNGraphQLAuthenticationMiddleware',
     ],
     'RELAY_CONNECTION_MAX_LIMIT': 100, # pagination limit
 }
diff --git a/nxtbn/users/auth_middleware.py b/nxtbn/users/auth_middleware.py
@@ -1,27 +1,41 @@
 from nxtbn.users.utils.jwt_utils import JWTManager
 from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth import get_user_model
 
-class GraphQLJWTMiddleware:
+class NXTBNGraphQLAuthenticationMiddleware:
     def __init__(self):
         self.jwt_manager = JWTManager()
 
     def resolve(self, next, root, info, **args):
         request = info.context
 
-        token = self.get_token_from_request(request)
+        # First check JWT token
+        user = self.get_user_from_jwt(request)
+        
+        # If no JWT token, fall back to session-based authentication
+        if not user.is_authenticated:
+            user = self.get_user_from_session(request)
 
-        if token:
-            user = self.jwt_manager.verify_jwt_token(token)
-            if user:
-                info.context.user = user
-            else:
-                info.context.user = AnonymousUser()
-        else:
-            info.context.user = AnonymousUser()
+        # If no valid user from either method, set as AnonymousUser
+        if not user.is_authenticated:
+            user = AnonymousUser()
+
+        info.context.user = user
 
         # Continue processing the query
         return next(root, info, **args)
 
+    def get_user_from_jwt(self, request):
+        """Retrieve the user from the JWT token in the request."""
+        token = self.get_token_from_request(request)
+        if token:
+            return self.jwt_manager.verify_jwt_token(token) or AnonymousUser()
+        return AnonymousUser()
+
+    def get_user_from_session(self, request):
+        """Retrieve the user from the session, if available."""
+        return request.user if request.user.is_authenticated else AnonymousUser()
+
     def get_token_from_request(self, request):
         """Extract the token from the Authorization header or cookies."""
         # Check Authorization header

Original file line number	Diff line number	Diff line change
`@@ -334,7 +334,7 @@ def get_env_var(key, default=None, var_type=str):`
`334`	`334`	`'SCHEMA': 'nxtbn.admin_schema.admin_schema',`
`335`	`335`	`'MIDDLEWARE': [`
`336`	`336`	`'graphene_django.debug.DjangoDebugMiddleware',`
`337`		`- 'nxtbn.users.auth_middleware.GraphQLJWTMiddleware',`
	`337`	`+ 'nxtbn.users.auth_middleware.NXTBNGraphQLAuthenticationMiddleware',`
`338`	`338`	`],`
`339`	`339`	`'RELAY_CONNECTION_MAX_LIMIT': 100, # pagination limit`
`340`	`340`	`}`