update

2023-10-05 07:36:46 -03:00 · 2023-10-05 07:36:46 -03:00 · 23a278e47d
parent 8ed1a5e3d4
commit 23a278e47d
2 changed files with 28 additions and 18 deletions
--- a/src/stream_auth/middlewares/jwt.py
+++ b/src/stream_auth/middlewares/jwt.py
@ -1,5 +1,5 @@
 import time
-import jwt
+import jwt as jwtlib
 from stream_auth import settings


@ -15,24 +15,24 @@ JWT_PUB_KEY = read_key(settings.JWT_PUB_PATH)

 def create_stream_key(username: str):
    payload = {'username': username}
-    return jwt.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
+    return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256")


 def create_token(username: str, stream_key: str, exp: int = settings.JWT_EXP_TIME):
    exp = time.time() + exp
    payload = {'username': username, 'stream_key': stream_key, 'exp': exp}
-    return jwt.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
+    return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256")


 def verify(token: str):
-    jwt.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
-    # try:
-        # jwt.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
-    # except (jwt.exceptions.ExpiredSignatureError, jwt.InvalidTokenError):
-        # return False
+    # return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
+    try:
+        jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
+    except (jwtlib.exceptions.ExpiredSignatureError, jwt.InvalidTokenError):
+        return False

    return True


 def decode_token(token: str):
-    return jwt.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
+    return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
--- a/src/stream_auth/routes/stream.py
+++ b/src/stream_auth/routes/stream.py
@ -22,23 +22,33 @@ def create_stream():
    StreamModel(username, title, description)


-@stream.route('/publish_check', methods=['POST'])
+@stream.route('/publish_check')
 def publish_check():

    # TODO: check if user created stream

    # get user
+    stream_key = request.args.get('stream_key')
+    username = request.form.get('name')
    try:
-        stream_key = request.form.get('stream_key')
-        print(stream_key)
-        username = request.form.get('name')
        stream_user = user.search_user(username)[0]
-        if username != stream_user['username']:
-            raise ValueError

-    except (IndexError):
-        print('vish')
+        if username != stream_user['username'] or not jwt.verify(stream_key):
+            raise ValueError('Invalid Token')
+
+    except (IndexError, ValueError):
        return Response('Invalid Stream Key', 401)

-    jwt.verify(stream_key)
    return Response('OK', 200)
+
+
+@stream.route('/test')
+def test():
+
+    stream_key = request.args.get('stream_key')
+    if jwt.verify(stream_key):
+        return Response('OK', 200)
+
+    return Response('Invalid Stream Key', 401)
+
+    # jwt.verify(stream_key)