Browse Source

Move token splitting to caller

master
mid-kid 3 weeks ago
parent
commit
edf7978a54
  1. 10
      auth/auth.py
  2. 4
      auth/server.py

10
auth/auth.py

@ -12,13 +12,13 @@ class Authentication:
def create(self): def create(self):
with self.connect() as c: with self.connect() as c:
c.execute( with c:
"CREATE TABLE IF NOT EXISTS users(profileId, token, user)") c.execute(
c.execute( "CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
"CREATE TABLE IF NOT EXISTS new(user)") c.execute(
"CREATE TABLE IF NOT EXISTS new(user)")
def check_token(self, profileId, token): def check_token(self, profileId, token):
token = token.split(".")[-1]
if len(token) != 43: if len(token) != 43:
return False return False
with self.connect() as c: with self.connect() as c:

4
auth/server.py

@ -139,6 +139,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
token, profileId = params["sessionId"][0].split(":")[1:] token, profileId = params["sessionId"][0].split(":")[1:]
serverId = params["serverId"][0] serverId = params["serverId"][0]
token = token.split(".")[-1]
if not self.auth.check_token(profileId, token): if not self.auth.check_token(profileId, token):
# Displayed directly to the user # Displayed directly to the user
self.send_ok(b"Bad login") self.send_ok(b"Bad login")
@ -154,6 +156,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
profileId = data["selectedProfile"] profileId = data["selectedProfile"]
serverId = data["serverId"] serverId = data["serverId"]
token = token.split(".")[-1]
if not self.auth.check_token(profileId, token): if not self.auth.check_token(profileId, token):
resp = b'{"error":"ForbiddenOperationException"}' resp = b'{"error":"ForbiddenOperationException"}'
self.send_response(HTTPStatus.FORBIDDEN) self.send_response(HTTPStatus.FORBIDDEN)

Loading…
Cancel
Save