From 54785f04ee95e0784c9f3af086d40a751eec231d Mon Sep 17 00:00:00 2001 From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com> Date: Tue, 29 Nov 2022 14:51:04 +0100 Subject: [PATCH] endpoint /startGame + jwt_required decorator --- truthseeker/routes/routes_api.py | 36 ++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/truthseeker/routes/routes_api.py b/truthseeker/routes/routes_api.py index 7f2bcea..4fa8d44 100644 --- a/truthseeker/routes/routes_api.py +++ b/truthseeker/routes/routes_api.py @@ -1,10 +1,34 @@ import flask +import jwt +import truthseeker from truthseeker.logic import game_logic +from functools import wraps routes_api = flask.Blueprint("api", __name__) +# Auth decorator +def jwt_required(f): + @wraps(f) + def decorator(*args, **kwargs): + jwt_str = flask.request.args.get("jwt") + if not jwt_str: + return {"status": "Error, JWT token missing"}, 401 + + try: + claims = jwt.decode(jwt_str, truthseeker.app.config['SECRET_KEY'], algorithms=['HS256']) + except jwt.exceptions.InvalidTokenError as e: + print("Caught exception while decoding JWT token :", e) + return {"status": "Error, invalid JWT"}, 401 + + return f(claims, *args, **kwargs) + return decorator + + + + + @routes_api.route("/createGame") def create_game(): username = flask.request.args.get("username") @@ -55,5 +79,13 @@ def get_game_info(): # DEPRECATED, SHOULD BE REMOVED response["token"] = game.start_token return response -@routes_api.route("/needJwt") -def get_game_info(): # DEPRECATED, SHOULD BE REMOVED +@routes_api.route("/startGame") +@jwt_required +def start_game(claims): # DEPRECATED, SHOULD BE REMOVED + if not claims["owner"]: + return {"status": "Error, you are not the owner of this game"} + + if game_logic.get_game(claims["game_id"]) == None: + return {"status": "Error, this game doesn't exist"} + + return {"status": "ok"}