Candy/Stella
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move sessions to db table instead of JWTs

Browse Source
This commit is contained in:
Andrew Glaze
2025-05-23 11:52:06 -04:00
parent 62260ffc73
commit 49cd62da1d
11 changed files with 114 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Sources/stella/Controllers/OpenApiController.swift
View File

@@ -1,5 +1,5 @@
import Vapor
import JWT
import Fluent
struct OpenApiController: RouteCollection {
func boot(routes: any RoutesBuilder) throws {
@@ -17,10 +17,13 @@ struct OpenApiController: RouteCollection {
guard let zatToken = req.headers["zat"].first else {
throw Abort(.badRequest, reason: "Missing zat header.")
}
let jwt = try await req.jwt.verify(zatToken, as: SessionPayload.self)
guard jwt.accountId.value == beat.playerId else {
guard let session = try await Session.query(on: req.db).filter(\.$id == zatToken).first(),
let playerId = Int(beat.playerId),
session.$account.id == playerId else {
throw Abort(.unauthorized, reason: "zat invalid")
}
return "{}"
}
@@ -29,8 +32,9 @@ struct OpenApiController: RouteCollection {
guard let zatToken = req.headers["zat"].first else {
throw Abort(.badRequest, reason: "Missing zat header.")
}
let jwt = try await req.jwt.verify(zatToken, as: SessionPayload.self)
guard jwt.accountId.value == beat.playerId else {
guard let session = try await Session.query(on: req.db).filter(\.$id == zatToken).first(),
let playerId = Int(beat.playerId),
session.$account.id == playerId else {
throw Abort(.unauthorized, reason: "zat invalid")
}
return "{}"