aboutsummaryrefslogtreecommitdiff
path: root/api/auth
diff options
context:
space:
mode:
Diffstat (limited to 'api/auth')
-rw-r--r--api/auth/signup.py9
-rw-r--r--api/auth/token.py34
2 files changed, 40 insertions, 3 deletions
diff --git a/api/auth/signup.py b/api/auth/signup.py
index da2dc7c..d82105a 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -1,6 +1,7 @@
from flask import Blueprint, request
from main import cursor, connection
from randid import new_uuid
+import auth.token as token
import passwords
import time
import json
@@ -31,9 +32,11 @@ def index():
password_hash = passwords.password_hash(password, password_salt)
registered = int( time.time() * 1000 )
- cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, NULL, FALSE, \"user\", \"{}\", NULL, \"online\") ",
+ cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ",
(user_id, username, email, password_salt, password_hash, registered))
-
connection.commit()
- return "", 200
+ new_token = token.generate_token()
+ token.add_token(user_id, token.hash_token(new_token))
+
+ return new_token, 200
diff --git a/api/auth/token.py b/api/auth/token.py
new file mode 100644
index 0000000..52600ca
--- /dev/null
+++ b/api/auth/token.py
@@ -0,0 +1,34 @@
+from main import cursor
+import hashlib
+import secrets
+import json
+import time
+
+def valid_tokens(user_id):
+ return json.loads(cursor.execute("select valid_tokens from users where user_id = ?", [user_id]).fetchone()[0])
+
+def validateToken(user_id, token):
+ tokens = valid_tokens(user_id)
+ return hashlib.sha256(str(token).encode()).hexdigest() in [ t["token"] for t in tokens if t["expirationDate"] > int( time.time() * 1000 ) ]
+
+def modify_tokens(user_id, formatted_token, remove):
+ temp_tokens = valid_tokens(user_id)
+ temp_tokens.remove(formatted_token) if remove else temp_tokens.append(formatted_token)
+ cursor.execute("update users set valid_tokens = ? where user_id = ?", [json.dumps(temp_tokens), user_id])
+
+def add_token(user_id, formatted_token):
+ modify_tokens(user_id, formatted_token, False)
+
+def revoke_token(user_id, formatted_token):
+ modify_tokens(user_id, formatted_token, True)
+
+def hash_token(token):
+ token["token"] = hashlib.sha256(str(token["token"]).encode()).hexdigest()
+ return token
+
+def generate_token():
+ return {
+ "token": secrets.token_hex(128),
+ "expirationDate": int( time.time() * 1000 ) + ( 24 * 60 * 60 * 1000 )
+ }
+