Patched /tmp/tmp3cenj7rp/sqli/utils/auth.py

patched-codes · Nov 18, 2024 · 51a71a0 · 51a71a0
1 parent f96b75c
commit 51a71a0
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/sqli/utils/auth.py b/sqli/utils/auth.py
@@ -10,6 +10,18 @@
 
 
 def authorize(ensure_admin=False):
+    """Decorator for authorizing requests and optionally ensuring admin privileges.
+    
+    Args:
+        ensure_admin (bool, optional): If True, requires the user to have admin privileges. Defaults to False.
+    
+    Returns:
+        Callable: A decorator function that wraps the handler with authorization logic.
+    
+    Raises:
+        HTTPUnauthorized: If the user is not authenticated.
+        HTTPForbidden: If ensure_admin is True and the user is not an admin.
+    """
     def __decorator__(handler):
         @wraps(handler)
         async def __wrapper__(request: Request):
@@ -24,6 +36,21 @@ async def __wrapper__(request: Request):
 
 
 async def get_auth_user(request: Request) -> Optional[User]:
+    """Retrieves the authenticated user based on the session information.
+    
+    Args:
+        request (Request): The incoming HTTP request object containing the session and application data.
+    
+    Returns:
+        Optional[User]: The authenticated User object if found, or None if the user is not authenticated or doesn't exist.
+    
+    Raises:
+        None
+    
+    Notes:
+        This method uses the session to get the user_id and then fetches the corresponding User object from the database.
+        It requires an active database connection from the application context.
+    """
     app: Application = request.app
     session = await get_session(request)
     user_id = session.get('user_id')