From 80e8b8c1e1ed6833a2f21d57bbb6bab76589bdb0 Mon Sep 17 00:00:00 2001
From: lonkaars <l.leblansch@gmail.com>
Date: Thu, 14 Jan 2021 22:02:28 +0100
Subject: token auth

---
 api/auth/login.py       |  5 +----
 api/auth/login_token.py | 21 +++++++++++++++++++++
 api/auth/signup.py      |  1 -
 api/auth/token.py       |  2 +-
 4 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 api/auth/login_token.py

(limited to 'api/auth')

diff --git a/api/auth/login.py b/api/auth/login.py
index cc40ae3..b01e057 100644
--- a/api/auth/login.py
+++ b/api/auth/login.py
@@ -1,10 +1,7 @@
 from flask import Blueprint, request
-from main import cursor, connection
-from randid import new_uuid
+from main import cursor
 import auth.token as token
 import passwords
-import time
-import json
 
 login = Blueprint('login', __name__)
 
diff --git a/api/auth/login_token.py b/api/auth/login_token.py
new file mode 100644
index 0000000..3085292
--- /dev/null
+++ b/api/auth/login_token.py
@@ -0,0 +1,21 @@
+from flask import Blueprint, request
+from main import cursor
+from auth.token import validate_token
+
+token = Blueprint('token', __name__)
+
+@token.route('/token', methods = ['POST'])
+def index():
+    data = request.get_json()
+
+    user_id = data.get("user_id") or ""
+    auth_token = data.get("token") or ""
+
+    if not user_id or \
+       not auth_token:
+           return "", 400
+    
+    if not cursor.execute("select user_id from users where user_id = ?", [user_id]).fetchone():
+        return "", 401
+
+    return "", 200 if validate_token(user_id, auth_token) else 401
diff --git a/api/auth/signup.py b/api/auth/signup.py
index fee879d..cca76b8 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -4,7 +4,6 @@ from randid import new_uuid
 import auth.token as token
 import passwords
 import time
-import json
 
 signup = Blueprint('signup', __name__)
 
diff --git a/api/auth/token.py b/api/auth/token.py
index 529af32..a03d685 100644
--- a/api/auth/token.py
+++ b/api/auth/token.py
@@ -7,7 +7,7 @@ import time
 def valid_tokens(user_id):
     return json.loads(cursor.execute("select valid_tokens from users where user_id = ?", [user_id]).fetchone()[0])
 
-def validateToken(user_id, token):
+def validate_token(user_id, token):
     tokens = valid_tokens(user_id)
     return hashlib.sha256(str(token).encode()).hexdigest() in [ t["token"] for t in tokens if t["expirationDate"] > int( time.time() * 1000 ) ]
 
-- 
cgit v1.2.3