Add Media-Token beside access token

Media-Token can be used only to access the content, but unable to modify user data
2023-03-27 19:07:29 +03:00 · 2023-03-27 19:07:29 +03:00 · 1f06c40c4c
commit 1f06c40c4c
parent 0a71a6c840
31 changed files with 516 additions and 762 deletions
--- a/server/flask/application/backend/data/dao_session.py
+++ b/server/flask/application/backend/data/dao_session.py
@ -20,13 +20,26 @@ def get_user_for_token(access_token: str):
        return rows[0][0]
    return None

-_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, refresh_token, access_expires_at, refresh_expires_at)"\
-"VALUES(:user_id, :access_token, :refresh_token, :access_expires_at, :refresh_expires_at)"
+_GET_USER_FOR_MEDIA_TOKEN_SQL = "SELECT user_id FROM session where media_token = :token and access_expires_at >= :time"
+def get_user_for_media_token(media_token: str):
+    db = get_db()
+    _delete_expired_tokens(db)
+    db_cursor = db.cursor()
+    db_cursor.execute(_GET_USER_FOR_MEDIA_TOKEN_SQL, {"token": media_token, "time": time.time()})
+    rows = db_cursor.fetchall()
+    
+    if (len(rows) == 1):
+        return rows[0][0]
+    return None
+
+_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at)"\
+"VALUES(:user_id, :access_token, :media_token, :refresh_token, :access_expires_at, :refresh_expires_at)"

 def _session_insert(db_cursor, session: Session):
    params = {
        "user_id": session.user_id,
        "access_token": session.access_token,
+        "media_token": session.media_token,
        "refresh_token": session.refresh_token,
        "access_expires_at": session.access_expires_at,
        "refresh_expires_at": session.refresh_expires_at,
--- a/server/flask/application/backend/data/data_models.py
+++ b/server/flask/application/backend/data/data_models.py
@ -2,9 +2,10 @@ from enum import Enum
 from enum import IntEnum

 class Session:
-    def __init__(self, user_id, access_token, refresh_token, access_expires_at, refresh_expires_at):
+    def __init__(self, user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at):
        self.user_id = user_id
        self.access_token = access_token
+        self.media_token = media_token
        self.refresh_token = refresh_token
        self.access_expires_at = access_expires_at
        self.refresh_expires_at = refresh_expires_at
@ -14,12 +15,13 @@ class Session:
            return False
        return self.user_id == other.user_id \
            and self.access_token == other.access_token \
+            and self.media_token == other.media_token \
            and self.refresh_token == other.refresh_token \
            and self.access_expires_at == other.access_expires_at \
            and self.refresh_expires_at == other.refresh_expires_at \
    
    def __str__(self):
-        return 'Session(user_id={},access_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at)
+        return 'Session(user_id={},access_token={},media_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.media_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at)

    def __repr__(self):
        return self.__str__()
@ -88,18 +90,25 @@ class ResponseCode(IntEnum):
    SUCCESS_RESET_OTP_VERIFICATION = 207
    SUCCESS_SAVED_RESET_PASSWORD_TOKEN = 208
    SUCCESS_DELETED_TOKEN = 209
+    SUCCESS_MEDIA_ACCESS = 220

-
+    EMPTY_USERNAME = 410
    ALREADY_TAKEN_USERNAME = 411
    NOT_FOUND_USER = 412
    INVALID_USERNAME_TO_EDIT = 413
    CANT_SAVE_USER_FILE_METADATA = 414
    CANT_SAVE_FILE_METADATA = 415
    INVALID_FILE_KEY = 416
+    EMPTY_PASSWORD = 420
    INVALID_PASSWORD = 421
    INVALID_NEW_PASSWORD = 422
    UNKNOWN_REGISTRATION_TOKEN = 430
    INVALID_OTP = 431
+    MISSING_AUTHORIZATION = 440
+    INVALID_AUTHORIZATION = 441
+    UNASSOCIATED_AUTHORIZATION = 442
+    MISSING_MEDIA_AUTHORIZATION = 443
+    INVALID_MEDIA_AUTHORIZATION = 444
    INVALID_REFRESH_TOKEN = 450
    INVALID_RESET_PASSWORD_TOKEN = 459
    INVALID_REGISTRATION_TOKEN = 460
--- a/server/flask/application/backend/data/migration.py
+++ b/server/flask/application/backend/data/migration.py
@ -0,0 +1,13 @@
+import sqlite3
+import sys
+
+def migration_0_to_1(db_path: str):
+    db = sqlite3.connect(db_path, detect_types=sqlite3.PARSE_DECLTYPES)
+    db_cursor = db.cursor()
+    db_cursor.execute("ALTER TABLE session ADD media_token TEXT NOT NULL;")
+    db.commit()
+    db.close()
+
+if __name__ == "__main__":
+    print(sys.argv[1])
+    #migration_0_to_1(sys.argv[1])
--- a/server/flask/application/backend/data/schema.sql
+++ b/server/flask/application/backend/data/schema.sql
@ -27,6 +27,7 @@ CREATE TABLE reset_password_token (
 CREATE TABLE session (
  user_id INTEGER NOT NULL,
  access_token TEXT NOT NULL,
+  media_token TEXT NOT NULL,
  refresh_token TEXT NOT NULL,
  access_expires_at INTEGER NOT NULL,
  refresh_expires_at INTEGER NOT NULL,