Move token splitting to caller

3 weeks ago · edf7978a54
2 changed files with 9 additions and 5 deletions
--- a/auth/auth.py
+++ b/auth/auth.py
@ -12,13 +12,13 @@ class Authentication:

    def create(self):
        with self.connect() as c:
+            with c:
                c.execute(
                    "CREATE TABLE IF NOT EXISTS users(profileId, token, user)")
                c.execute(
                    "CREATE TABLE IF NOT EXISTS new(user)")

    def check_token(self, profileId, token):
-        token = token.split(".")[-1]
        if len(token) != 43:
            return False
        with self.connect() as c:
--- a/auth/server.py
+++ b/auth/server.py
@ -139,6 +139,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
        token, profileId = params["sessionId"][0].split(":")[1:]
        serverId = params["serverId"][0]

+        token = token.split(".")[-1]
+
        if not self.auth.check_token(profileId, token):
            # Displayed directly to the user
            self.send_ok(b"Bad login")
@ -154,6 +156,8 @@ class HTTPRequestHandler(BaseHTTPRequestHandler):
        profileId = data["selectedProfile"]
        serverId = data["serverId"]

+        token = token.split(".")[-1]
+
        if not self.auth.check_token(profileId, token):
            resp = b'{"error":"ForbiddenOperationException"}'
            self.send_response(HTTPStatus.FORBIDDEN)