Django Ninja¶
Django Ninja can validate VK launch parameters through an HttpBearer security class.
Settings¶
Auth class¶
from datetime import timedelta
from django.conf import settings
from django.http import HttpRequest
from ninja.security import HttpBearer
from vk_miniapp_auth import VKMiniAppAuthenticator
from vk_miniapp_auth.data import VkLaunchParams
from vk_miniapp_auth.errors import InvalidInitDataError
class VKMiniAppAuth(HttpBearer):
def __init__(self) -> None:
super().__init__()
self.authenticator = VKMiniAppAuthenticator(
app_id=settings.VK_APP_ID,
app_secret=settings.VK_SECRET_TOKEN,
ttl=timedelta(hours=1),
)
def authenticate(self, request: HttpRequest, token: str) -> VkLaunchParams | None:
try:
launch_params = self.authenticator.get_verified_launch_params(token)
except InvalidInitDataError:
return None
if launch_params is None:
return None
return launch_params
Protected endpoint¶
from ninja import NinjaAPI
api = NinjaAPI()
vk_auth = VKMiniAppAuth()
@api.get("/me", auth=vk_auth)
def read_current_user(request):
return {"vk_user_id": request.auth.vk_user_id}
Returning None from authenticate() makes Django Ninja reject the request with an unauthorized response.