From 070f190273fb4eee2bda69f2564f92a99dd304c5 Mon Sep 17 00:00:00 2001 From: Vianpyro Date: Tue, 19 Nov 2024 22:27:42 -0500 Subject: [PATCH 1/2] Fix access token verification --- jwt_helper.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jwt_helper.py b/jwt_helper.py index e33996d..6ec619d 100644 --- a/jwt_helper.py +++ b/jwt_helper.py @@ -32,6 +32,13 @@ def generate_refresh_token(player_id: int) -> str: def verify_token(token: str) -> dict | None: """Verify a JWT token and return the payload.""" + token = request.headers.get("Authorization") + + if not token or not token.startswith("Bearer "): + return jsonify(message="Token is missing or improperly formatted"), 401 + + token = token.split("Bearer ")[1] + try: return jwt.decode(token, SECRET_KEY, algorithms=["HS256"]) except jwt.ExpiredSignatureError: From a7eae1a9f0af7e1693e17c4387c8e9f9de81b744 Mon Sep 17 00:00:00 2001 From: Vianpyro Date: Wed, 20 Nov 2024 11:40:08 -0500 Subject: [PATCH 2/2] Refactor token refresh logic to use verify_token function for improved clarity --- routes/authentication.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/routes/authentication.py b/routes/authentication.py index 77668e8..4593b09 100644 --- a/routes/authentication.py +++ b/routes/authentication.py @@ -8,7 +8,7 @@ from pymysql import MySQLError from db import get_db_connection -from jwt_helper import generate_access_token, generate_refresh_token +from jwt_helper import generate_access_token, generate_refresh_token, verify_token load_dotenv() @@ -121,11 +121,7 @@ def refresh_token(): refresh_token = auth_header.split("Bearer ")[1] try: - decoded = jwt.decode( - refresh_token, - os.getenv("SECRET_JWT_KEY", "SuperSecretKey"), - algorithms=["HS256"], - ) + decoded = verify_token(refresh_token) player_id = decoded["player_id"] new_access_token = generate_access_token(player_id)