Fixed bug in ensure_logged_in decorator

3 years ago · 24ea084434
2 changed files with 32 additions and 17 deletions
--- a/server/login.py
+++ b/server/login.py
@ -30,30 +30,42 @@ def make_login():
    token = ram_db.login_user(user.id)
    return returns.success(token=token)

-def ensure_logged_in(fn):
-    @wraps(fn)
-    def wrapper(*args, **kargs):
-        token = request.headers.get('Authorization', None)
-        if token is None:
-            return returns.NO_AUTHORIZATION
-        if not token.startswith('Bearer '):
-            return returns.INVALID_AUTHORIZATION
-        token = token[7:]
-        user_id = ram_db.get_user(token)
-        if user_id is None:
-            return returns.INVALID_AUTHORIZATION
-        return fn(user_id=user_id, token=token, *args, **kargs)
-    return wrapper
+def ensure_logged_in(token=False, user_id=False):
+    def decorator(fn):
+        pass_token = token
+        pass_user_id = user_id
+        @wraps(fn)
+        def wrapper(*args, **kargs):
+            token = request.headers.get('Authorization', None)
+            if token is None:
+                return returns.NO_AUTHORIZATION
+            if not token.startswith('Bearer '):
+                return returns.INVALID_AUTHORIZATION
+            token = token[7:]
+            user_id = ram_db.get_user(token)
+            if user_id is None:
+                return returns.INVALID_AUTHORIZATION
+
+            if pass_user_id and pass_token:
+                return fn(user_id=user_id, token=token, *args, **kargs)
+            elif pass_user_id:
+                return fn(user_id=user_id, *args, **kargs)
+            elif pass_token:
+                return fn(token=token, *args, **kargs)
+            else:
+                return fn(*args, **kargs)
+        return wrapper
+    return decorator

@login.post('/logout')
-@ensure_logged_in
+@ensure_logged_in(token=True)
@no_content
 def logout(token: str):
    ram_db.logout_user(token)

@login.get('/whoami')
-@ensure_logged_in
-def whoami(user_id):
+@ensure_logged_in(user_id=True)
+def whoami(user_id: int):
    user: models.User | None = db_utils.get_user(user_id=user_id)
    if user is not None:
        user = user.to_json()
--- a/server/run.sh
+++ b/server/run.sh
@ -0,0 +1,3 @@
+#! /usr/bin/env sh
+docker-compose stop
+PORT=14000 docker-compose up -d --build