fix(check_token): Fix timestamp check and add bad signature check

638676c2 · Tim Neumann · 5033e83a · 638676c2
Commit 638676c2 authored 1 year ago by Tim Neumann
--- a/backend/main.py
+++ b/backend/main.py
@@ -5,6 +5,7 @@ from fastapi import Depends, FastAPI, HTTPException, Request, UploadFile, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from itsdangerous.serializer import Serializer
+from itsdangerous import BadSignature
 from slowapi import Limiter, _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 from slowapi.util import get_remote_address
@@ -48,7 +49,13 @@ def get_db():


 def check_token(token: str):
-    if datetime.fromtimestamp(oauth2_tokener.loads(token)) < datetime.now():
+    try:
+        timestamp = oauth2_tokener.loads(token)
+        if datetime.fromtimestamp(timestamp) > datetime.now():
+            return  # success
+    except BadSignature:
+        pass
+
    raise HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Invalid authentication credentials",
@@ -56,6 +63,7 @@ def check_token(token: str):
    )


+
 # Routes
 @app.post("/item/prepare", response_model=schemas.Item)
 @limiter.limit("2/minute")