From 390f822a7257b03fe721f556b150b5c23a5aa0ae Mon Sep 17 00:00:00 2001
From: lonkaars <l.leblansch@gmail.com>
Date: Thu, 25 Mar 2021 11:25:56 +0100
Subject: @auth_required in /social/accept endpoint

---
 api/events.py               |  3 +++
 api/social/friend_accept.py | 17 +++--------------
 2 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/api/events.py b/api/events.py
index 8974666..c811be4 100644
--- a/api/events.py
+++ b/api/events.py
@@ -10,10 +10,13 @@ import time
 def get_token(environ):
     cookie = environ.get("HTTP_COOKIE")
     if not cookie: return None
+
     parsed = cookies.SimpleCookie()
     parsed.load(cookie)
+
     token = parsed.get("token")
     if not token: return None
+
     return token.value
 
 @io.on("connect")
diff --git a/api/social/friend_accept.py b/api/social/friend_accept.py
index 8340274..cd11159 100644
--- a/api/social/friend_accept.py
+++ b/api/social/friend_accept.py
@@ -1,25 +1,14 @@
 from flask import Blueprint, request
 from db import cursor, connection
-from auth.login_token import token_login
+from social.create_relation import two_person_endpoint
 from socket_io import io
 import time
 
 accept = Blueprint('accept', __name__)
 
 @accept.route("/accept", methods = ['POST'])
-def route():
-    data = request.get_json()
-
-    user_1_id = data.get("id") or ""
-    token = request.cookies.get("token") or ""
-
-    if not token: return "", 401
-    user_2_id = token_login(token) or ""
-
-    if not user_1_id or \
-       not user_2_id:
-           return "", 403
-
+@two_person_endpoint
+def route(user_1_id, user_2_id):
     cursor.execute("update social set type = \"friendship\" where user_1_id = ? and user_2_id = ?",
             [user_1_id, user_2_id])
     connection.commit()
-- 
cgit v1.2.3