Browse Source

Move token splitting to caller

master
mid-kid 3 weeks ago
parent
commit
edf7978a54
  1. 10
      auth/auth.py
  2. 4
      auth/server.py

10
auth/auth.py

@ -12,13 +12,13 @@ class Authentication:
def create(self):
with self.connect() as c:
c.execute(
"CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
c.execute(
"CREATE TABLE IF NOT EXISTS new(user)")
with c:
c.execute(
"CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
c.execute(
"CREATE TABLE IF NOT EXISTS new(user)")
def check_token(self, profileId, token):
token = token.split(".")[-1]
if len(token) != 43:
return False
with self.connect() as c:

4
auth/server.py

@ -139,6 +139,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
token, profileId = params["sessionId"][0].split(":")[1:]
serverId = params["serverId"][0]
token = token.split(".")[-1]
if not self.auth.check_token(profileId, token):
# Displayed directly to the user
self.send_ok(b"Bad login")
@ -154,6 +156,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
profileId = data["selectedProfile"]
serverId = data["serverId"]
token = token.split(".")[-1]
if not self.auth.check_token(profileId, token):
resp = b'{"error":"ForbiddenOperationException"}'
self.send_response(HTTPStatus.FORBIDDEN)

Loading…
Cancel
Save