fix: Missing Authentication Checks

This commit is contained in:
2026-06-29 16:37:39 +02:00
parent 5e17fd27d6
commit eca5eacd70
+13 -1
View File
@@ -208,8 +208,14 @@ async def callback(code: str, state: str):
@app.get("/exchange-token") @app.get("/exchange-token")
async def exchange_token(code: str): async def exchange_token(
code: str,
headers: Annotated[AuthHeaders, Header()],
):
"""Exchange authorization code for access token""" """Exchange authorization code for access token"""
if not headers.authorized():
raise HTTPException(401, detail="get out")
# Exchange authorization code for access token # Exchange authorization code for access token
token_data = { token_data = {
"grant_type": "authorization_code", "grant_type": "authorization_code",
@@ -252,6 +258,9 @@ async def exchange_token(code: str):
@app.get("/userinfo") @app.get("/userinfo")
async def userinfo(headers: Annotated[AuthHeaders, Header()]): async def userinfo(headers: Annotated[AuthHeaders, Header()]):
"""Get user info from access token""" """Get user info from access token"""
if not headers.authorized():
raise HTTPException(401, detail="get out")
access_token = headers.token() access_token = headers.token()
userinfo_response = requests.get( userinfo_response = requests.get(
@@ -355,6 +364,9 @@ async def game(
game_id: int, game_id: int,
account: str = "default", account: str = "default",
): ):
if not headers.authorized():
raise HTTPException(401, detail="get out")
username, password, userid, existing_token, club_id = myice.get_login( username, password, userid, existing_token, club_id = myice.get_login(
config_section=account config_section=account
) )