secured checkin endpoint

195e1398 · hanfi · 7ec0fc97 · 195e1398
Verified Commit 195e1398 authored 1 year ago by hanfi
--- a/backend/main.py
+++ b/backend/main.py
@@ -47,6 +47,15 @@ def get_db():
        db.close()
+def check_token(token: str):
+    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
 # Routes
 @app.post("/item/prepare", response_model=schemas.Item)
 @limiter.limit("2/minute")
@@ -78,12 +87,7 @@ def get_item(item_uuid: str, db: Session = Depends(get_db)):
 @app.get("/items", response_model=list[schemas.Item])
 def get_items(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
+    check_token(token)
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Invalid authentication credentials",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
    return utils.get_stored_items(db)
@@ -101,7 +105,12 @@ def list_storages(db: Session = Depends(get_db)):
 @app.post("/checkin", response_model=schemas.Item)
-def checkin_item_by_uuid(checkin: schemas.ItemCheckin, db: Session = Depends(get_db)):
+def checkin_item_by_uuid(
+    checkin: schemas.ItemCheckin,
+    token: str = Depends(oauth2_scheme),
+    db: Session = Depends(get_db),
+):
+    check_token(token)
    item = utils.get_item_by_uuid(db, UUID(checkin.item_uuid))
    if item is None:
        raise HTTPException(status_code=404, detail="Item not found")