From e7422cfcc005f672db8784389b7f55956cf994e9 Mon Sep 17 00:00:00 2001
From: James Westman <james@jwestman.net>
Date: Thu, 3 Mar 2022 18:05:44 -0600
Subject: [PATCH] Add endpoint for generating JWTs

These tokens are provided to flat-manager to authorize the user to
download an app. In the future, this enpoint should first check whether
the user has paid for the app if necessary.
---
 app/config.py  |  1 +
 app/main.py    | 25 +++++++++++++++++++++++++
 pyproject.toml |  1 +
 3 files changed, 27 insertions(+)

diff --git a/app/config.py b/app/config.py
index 7f746b2..e78dc02 100644
--- a/app/config.py
+++ b/app/config.py
@@ -36,6 +36,7 @@ class Settings(BaseSettings):
     google_client_secret: str = "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"
     google_return_url: str = "http://localhost:3000/login/google"
     cors_origins: str = "http://localhost:3000"
+    flat_manager_secret: str = "c2VjcmV0"
 
 
 settings = Settings()
diff --git a/app/main.py b/app/main.py
index a05ef43..8ab79de 100644
--- a/app/main.py
+++ b/app/main.py
@@ -1,5 +1,9 @@
+import base64
+from datetime import datetime, timedelta
 from functools import lru_cache
+from typing import List
 
+import jwt
 import sentry_sdk
 from fastapi import FastAPI, Response
 from fastapi.middleware.cors import CORSMiddleware
@@ -212,6 +216,27 @@ def get_website_verification(appid: str):
     return verification.get_website_verification(appid)
 
 
+@app.post("/generate-download-token", status_code=200)
+def get_download_token(appids: List[str]):
+    """Generates a download token for the given app IDs."""
+
+    # TODO: Check the user has rights to download the given app IDs!
+
+    encoded = jwt.encode(
+        {
+            "sub": "download",
+            "exp": datetime.utcnow() + timedelta(hours=24),
+            "prefixes": appids,
+        },
+        base64.b64decode(config.settings.flat_manager_secret),
+        algorithm="HS256",
+    )
+
+    return {
+        "token": encoded,
+    }
+
+
 def sort_ids_by_downloads(ids):
     if len(ids) <= 1:
         return ids
diff --git a/pyproject.toml b/pyproject.toml
index 38909db..7a24a6d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -23,6 +23,7 @@ itsdangerous = "^2.1"
 PyGithub = "^1.55"
 vcrpy = "^4.1.1"
 python-gitlab = "^3.1"
+PyJWT = "^2.3.0"
 
 [tool.poetry.dev-dependencies]
 black = "^22.1"