From 195e139826ed7c596e5a42fd1d5ba0cc4dbaa77d Mon Sep 17 00:00:00 2001
From: hanfi <ccc@spahan.ch>
Date: Thu, 27 Jul 2023 05:18:25 +0200
Subject: [PATCH] secured checkin endpoint

---
 backend/main.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index dd487b7..d77f207 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -47,6 +47,15 @@ def get_db():
         db.close()
 
 
+def check_token(token: str):
+    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+
 # Routes
 @app.post("/item/prepare", response_model=schemas.Item)
 @limiter.limit("2/minute")
@@ -78,12 +87,7 @@ def get_item(item_uuid: str, db: Session = Depends(get_db)):
 
 @app.get("/items", response_model=list[schemas.Item])
 def get_items(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid authentication credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
+    check_token(token)
     return utils.get_stored_items(db)
 
 
@@ -101,7 +105,12 @@ def list_storages(db: Session = Depends(get_db)):
 
 
 @app.post("/checkin", response_model=schemas.Item)
-def checkin_item_by_uuid(checkin: schemas.ItemCheckin, db: Session = Depends(get_db)):
+def checkin_item_by_uuid(
+    checkin: schemas.ItemCheckin,
+    token: str = Depends(oauth2_scheme),
+    db: Session = Depends(get_db),
+):
+    check_token(token)
     item = utils.get_item_by_uuid(db, UUID(checkin.item_uuid))
     if item is None:
         raise HTTPException(status_code=404, detail="Item not found")
-- 
GitLab