def verify_token(self, token: str) -> UserID:
token = verify_token(self.secret_key, token)
if token:
if token.get("expiry", 0) < int(time.time()):
raise InvalidTokenError("Access token has expired")
return UserID(token.get("mxid"))
raise InvalidTokenError("Access token is invalid")
def verify_token(self,
token: str,
endpoint: str = "/login") -> UserID | None:
token = verify_token(self.secret_key, token)
if token and (token.get("expiry", 0) > int(time.time())
and token.get("endpoint", None) == endpoint):
return UserID(token.get("mxid", None))
return None
async def ping(request: web.Request) -> web.Response:
token = get_token(request)
if not token:
return resp.no_token
data = verify_token(get_config()["server.unshared_secret"], token)
if not data:
return resp.invalid_token
user = data.get("user_id", None)
if not get_config().is_admin(user):
return resp.invalid_token
return resp.pong(user, get_config()["api_features"])
def verify_token(self, request: web.Request, allow_expired: bool = False) -> Optional[UserID]:
try:
token = request.headers["Authorization"]
except KeyError:
raise ErrorResponse(401, "Missing access token", "M_MISSING_TOKEN")
if not token.startswith("Bearer "):
raise ErrorResponse(401, "Invalid authorization header content", "M_MISSING_TOKEN")
data = verify_token(self.secret_key, token[len("Bearer "):])
if not data:
raise ErrorResponse(401, "Invalid access token", "M_UNKNOWN_TOKEN")
elif not allow_expired and data["expiry"] < int(time()):
raise ErrorResponse(401, "Access token expired", "M_EXPIRED_TOKEN")
return data["user_id"]
def verify_token(self, token: str) -> Optional[UserID]:
token = verify_token(self.secret_key, token)
if token and token.get("expiry", 0) > int(time.time()):
return UserID(token.get("mxid"))
return None
def is_valid_token(token: str) -> bool:
data = verify_token(get_config()["server.unshared_secret"], token)
if not data:
return False
return get_config().is_admin(data.get("user_id", None))