|
@ -139,6 +139,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler): |
|
|
token, profileId = params["sessionId"][0].split(":")[1:] |
|
|
token, profileId = params["sessionId"][0].split(":")[1:] |
|
|
serverId = params["serverId"][0] |
|
|
serverId = params["serverId"][0] |
|
|
|
|
|
|
|
|
|
|
|
token = token.split(".")[-1] |
|
|
|
|
|
|
|
|
if not self.auth.check_token(profileId, token): |
|
|
if not self.auth.check_token(profileId, token): |
|
|
# Displayed directly to the user |
|
|
# Displayed directly to the user |
|
|
self.send_ok(b"Bad login") |
|
|
self.send_ok(b"Bad login") |
|
@ -154,6 +156,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler): |
|
|
profileId = data["selectedProfile"] |
|
|
profileId = data["selectedProfile"] |
|
|
serverId = data["serverId"] |
|
|
serverId = data["serverId"] |
|
|
|
|
|
|
|
|
|
|
|
token = token.split(".")[-1] |
|
|
|
|
|
|
|
|
if not self.auth.check_token(profileId, token): |
|
|
if not self.auth.check_token(profileId, token): |
|
|
resp = b'{"error":"ForbiddenOperationException"}' |
|
|
resp = b'{"error":"ForbiddenOperationException"}' |
|
|
self.send_response(HTTPStatus.FORBIDDEN) |
|
|
self.send_response(HTTPStatus.FORBIDDEN) |
|
|