From edf7978a549767abbafbb2c998ad5406ac1760d5 Mon Sep 17 00:00:00 2001
From: mid-kid <esteve.varela@gmail.com>
Date: Wed, 30 Oct 2024 19:50:17 +0100
Subject: [PATCH] Move token splitting to caller

---
 auth/auth.py   | 10 +++++-----
 auth/server.py |  4 ++++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/auth/auth.py b/auth/auth.py
index cf54fba..e79173f 100644
--- a/auth/auth.py
+++ b/auth/auth.py
@@ -12,13 +12,13 @@ class Authentication:
 
     def create(self):
         with self.connect() as c:
-            c.execute(
-                "CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
-            c.execute(
-                "CREATE TABLE IF NOT EXISTS new(user)")
+            with c:
+                c.execute(
+                    "CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
+                c.execute(
+                    "CREATE TABLE IF NOT EXISTS new(user)")
 
     def check_token(self, profileId, token):
-        token = token.split(".")[-1]
         if len(token) != 43:
             return False
         with self.connect() as c:
diff --git a/auth/server.py b/auth/server.py
index e0650c0..2db8042 100755
--- a/auth/server.py
+++ b/auth/server.py
@@ -139,6 +139,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
         token, profileId = params["sessionId"][0].split(":")[1:]
         serverId = params["serverId"][0]
 
+        token = token.split(".")[-1]
+
         if not self.auth.check_token(profileId, token):
             # Displayed directly to the user
             self.send_ok(b"Bad login")
@@ -154,6 +156,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
         profileId = data["selectedProfile"]
         serverId = data["serverId"]
 
+        token = token.split(".")[-1]
+
         if not self.auth.check_token(profileId, token):
             resp = b'{"error":"ForbiddenOperationException"}'
             self.send_response(HTTPStatus.FORBIDDEN)