omicron/mft
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Update auth validation code to hash incoming tokens

Browse Source
This commit is contained in:
omicron
2025-12-26 23:12:06 +01:00
parent 4f6e5cd33a
commit 4becbcdea3
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mft/auth.py
View File

@@ -2,6 +2,7 @@ from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from mft.database import get_db from mft.database import get_db
import hashlib
security = HTTPBearer() security = HTTPBearer()
@@ -23,6 +24,7 @@ def verify_token(
HTTPException: If token is invalid or disabled HTTPException: If token is invalid or disabled
""" """
token = credentials.credentials token = credentials.credentials
token_hash = hashlib.sha256(token.encode()).hexdigest()
with get_db() as conn: with get_db() as conn:
cursor = conn.cursor() cursor = conn.cursor()
@@ -32,7 +34,7 @@ def verify_token(
FROM auth FROM auth
WHERE token = ? WHERE token = ?
""", """,
(token,), (token_hash,),
).fetchone() ).fetchone()
if result is None or not result["enabled"]: if result is None or not result["enabled"]: