use flask sessions instead of jwt

2023-01-05 14:25:31 +01:00 · 2023-01-05 14:25:31 +01:00 · 99a7ddf66e
commit 99a7ddf66e
parent 74f5c82a5d
2 changed files with 22 additions and 51 deletions
--- a/truthseeker/logic/game_logic.py
+++ b/truthseeker/logic/game_logic.py
@ -1,6 +1,5 @@
 import string
 import random
-import jwt
 from datetime import datetime, timedelta
 import truthseeker

@ -52,28 +51,15 @@ class Game:
        self.owner = None
        self.members = []

-    def _gen_jwt(self, username, owner):
-        return jwt.encode(
-            payload={
-                "game_type": "multi",
-                "game_id": self.game_id,
-                "username": username,
-                "owner": owner,
-                "exp": datetime.utcnow() + timedelta(hours = 1) # handled automatically on jwt.decode
-            },
-            key=truthseeker.app.config["SECRET_KEY"],
-            algorithm="HS256"
-        )
-
    def set_owner(self, username):
        self.owner = Member(username)
        self.members.append(self.owner)
-        return self.owner, self._gen_jwt(username, owner=True)
+        return self.owner

    def add_member(self, username):
        member = Member(username)
        self.members.append(member)
-        return member, self._gen_jwt(username, owner=False)
+        return member

    def __str__(self) -> str:
        return "Game[game_id={}, owner={}, members={}]".format(self.game_id, self.owner, self.members)
@ -81,7 +67,7 @@ class Game:
    def __repr__(self) -> str:
        return self.__str__()

-def create_game():
+def create_game(owner):
    """
    This function creates a new game by creating a Game object and stores 
    it into the games_list dictionnary
@ -90,8 +76,9 @@ def create_game():
    : return type : Game
    """
    game = Game()
+    game.owner = owner
+    game.members.append(Member(owner))
    game.game_id = random_string(6)
-    game.start_token = random_string(64)
    games_list[game.game_id] = game
    #TODO ADD A WEBSOCKET IF THE GAME IS KNOWN TO BE MULTIPLAYER
    return game
--- a/truthseeker/routes/routes_api.py
+++ b/truthseeker/routes/routes_api.py
@ -1,34 +1,11 @@
 import flask
-import jwt

 import truthseeker
 from truthseeker.logic import game_logic
-from functools import wraps


 routes_api = flask.Blueprint("api", __name__)

-# Auth decorator
-def jwt_required(f):
-    @wraps(f)
-    def decorator(*args, **kwargs):
-        jwt_str = flask.request.values.get("jwt")
-        if not jwt_str:
-            return {"status": "Error, JWT token missing"}
-
-        try:
-            claims = jwt.decode(jwt_str, truthseeker.app.config['SECRET_KEY'], algorithms=['HS256'])
-        except jwt.exceptions.InvalidTokenError as e:
-            print("Caught exception while decoding JWT token :", e)
-            return {"status": "Error, invalid JWT"}
-
-        return f(claims, *args, **kwargs)
-    return decorator
-        
-            
-
-
-
@routes_api.route("/createGame", methods=["GET", "POST"])
 def create_game():
    username = flask.request.values.get("username")
@ -38,10 +15,13 @@ def create_game():

    response = {}
    response["status"] = "ok"
-    game = game_logic.create_game()
+    game = game_logic.create_game(owner=username)
    response["game_id"] = game.game_id
-    owner, owner_jwt = game.set_owner(username=username)
-    response["jwt"] = owner_jwt
+
+    flask.session["game_id"] = game.game_id
+    flask.session["is_owner"] = True
+    flask.session["username"] = username
+
    return response
    
@routes_api.route("/joinGame", methods=["GET", "POST"])
@ -55,11 +35,15 @@ def join_game():
    if game == None:
        return {"status": "error, game does not exist"}
    
-    member, member_jwt = game.add_member(username)
+
+    game.add_member(username)
+
+    flask.session["game_id"] = game.game_id
+    flask.session["is_owner"] = False
+    flask.session["username"] = username

    response = {}
    response["status"] = "ok"
-    response["jwt"] = member_jwt
    return response

@routes_api.route("/getGameInfo", methods=["GET", "POST"])
@ -80,12 +64,12 @@ def get_game_info(): # DEPRECATED, SHOULD BE REMOVED
        return response
    
@routes_api.route("/startGame", methods=["GET", "POST"])
-@jwt_required
-def start_game(claims):
-    if not claims["owner"]:
+def start_game():
+    if not flask.session:
+        return {"status": "No session"}
+    if not flask.session["is_owner"]:
        return {"status": "Error, you are not the owner of this game"}
-    
-    if game_logic.get_game(claims["game_id"]) == None:
+    if game_logic.get_game(flask.session["game_id"]) == None:
        return {"status": "Error, this game doesn't exist"}
    
    return {"status": "ok"}