diff options
| author | lonkaars <l.leblansch@gmail.com> | 2021-01-14 22:02:28 +0100 |
|---|---|---|
| committer | lonkaars <l.leblansch@gmail.com> | 2021-01-14 22:02:28 +0100 |
| commit | 80e8b8c1e1ed6833a2f21d57bbb6bab76589bdb0 (patch) | |
| tree | cf07ec759059b416995c97f24d34379c7ff2cb5e /api/auth | |
| parent | bf986adcf3f619860d18bda9e0c96e93ab97b260 (diff) | |
token auth
Diffstat (limited to 'api/auth')
| -rw-r--r-- | api/auth/login.py | 5 | ||||
| -rw-r--r-- | api/auth/login_token.py | 21 | ||||
| -rw-r--r-- | api/auth/signup.py | 1 | ||||
| -rw-r--r-- | api/auth/token.py | 2 |
4 files changed, 23 insertions, 6 deletions
diff --git a/api/auth/login.py b/api/auth/login.py index cc40ae3..b01e057 100644 --- a/api/auth/login.py +++ b/api/auth/login.py @@ -1,10 +1,7 @@ from flask import Blueprint, request -from main import cursor, connection -from randid import new_uuid +from main import cursor import auth.token as token import passwords -import time -import json login = Blueprint('login', __name__) diff --git a/api/auth/login_token.py b/api/auth/login_token.py new file mode 100644 index 0000000..3085292 --- /dev/null +++ b/api/auth/login_token.py @@ -0,0 +1,21 @@ +from flask import Blueprint, request +from main import cursor +from auth.token import validate_token + +token = Blueprint('token', __name__) + +@token.route('/token', methods = ['POST']) +def index(): + data = request.get_json() + + user_id = data.get("user_id") or "" + auth_token = data.get("token") or "" + + if not user_id or \ + not auth_token: + return "", 400 + + if not cursor.execute("select user_id from users where user_id = ?", [user_id]).fetchone(): + return "", 401 + + return "", 200 if validate_token(user_id, auth_token) else 401 diff --git a/api/auth/signup.py b/api/auth/signup.py index fee879d..cca76b8 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -4,7 +4,6 @@ from randid import new_uuid import auth.token as token import passwords import time -import json signup = Blueprint('signup', __name__) diff --git a/api/auth/token.py b/api/auth/token.py index 529af32..a03d685 100644 --- a/api/auth/token.py +++ b/api/auth/token.py @@ -7,7 +7,7 @@ import time def valid_tokens(user_id): return json.loads(cursor.execute("select valid_tokens from users where user_id = ?", [user_id]).fetchone()[0]) -def validateToken(user_id, token): +def validate_token(user_id, token): tokens = valid_tokens(user_id) return hashlib.sha256(str(token).encode()).hexdigest() in [ t["token"] for t in tokens if t["expirationDate"] > int( time.time() * 1000 ) ] |