Merge branch 'main' into discord-webhook

Signed-off-by: Hassan Abouelela <[email protected]> # Conflicts: # backend/routes/forms/submit.py
author: Hassan Abouelela <[email protected]> 2020-12-17 12:53:14 +0300
committer: Hassan Abouelela <[email protected]> 2020-12-17 12:55:59 +0300
commit: 2552ca6aa43d148b12d19dd6c511fa14864cede4 (patch)
tree: b0e485760dec7c82f3165bfce0651f1f70534b07 /backend/routes/auth/authorize.py
parent: Adds Webhook Sending Functionality (diff)
parent: Merge pull request #37 from python-discord/docs/api-spec (diff)
1 files changed, 26 insertions, 2 deletions
diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py
index 41c0a0b..2509109 100644
--- a/backend/routes/auth/authorize.py
+++ b/backend/routes/auth/authorize.py
@@ -2,13 +2,26 @@
 Use a token received from the Discord OAuth2 system to fetch user information.
 """
 
+import httpx
 import jwt
+from pydantic.fields import Field
+from pydantic.main import BaseModel
+from spectree.response import Response
 from starlette.requests import Request
 from starlette.responses import JSONResponse
 
 from backend.constants import SECRET_KEY
 from backend.route import Route
 from backend.discord import fetch_bearer_token, fetch_user_details
+from backend.validation import ErrorMessage, api
+
+
+class AuthorizeRequest(BaseModel):
+    token: str = Field(description="The access token received from Discord.")
+
+
+class AuthorizeResponse(BaseModel):
+    token: str = Field(description="A JWT token containing the user information")
 
 
 class AuthorizeRoute(Route):
@@ -19,11 +32,22 @@ class AuthorizeRoute(Route):
     name = "authorize"
     path = "/authorize"
 
+    @api.validate(
+        json=AuthorizeRequest,
+        resp=Response(HTTP_200=AuthorizeResponse, HTTP_400=ErrorMessage),
+        tags=["auth"]
+    )
     async def post(self, request: Request) -> JSONResponse:
+        """Generate an authorization token."""
         data = await request.json()
 
-        bearer_token = await fetch_bearer_token(data["token"])
-        user_details = await fetch_user_details(bearer_token["access_token"])
+        try:
+            bearer_token = await fetch_bearer_token(data["token"])
+            user_details = await fetch_user_details(bearer_token["access_token"])
+        except httpx.HTTPStatusError:
+            return JSONResponse({
+                "error": "auth_failure"
+            }, status_code=400)
 
         user_details["admin"] = await request.state.db.admins.find_one(
             {"_id": user_details["id"]}
author	Hassan Abouelela <[email protected]>	2020-12-17 12:53:14 +0300
committer	Hassan Abouelela <[email protected]>	2020-12-17 12:55:59 +0300
commit	2552ca6aa43d148b12d19dd6c511fa14864cede4 (patch)
tree	b0e485760dec7c82f3165bfce0651f1f70534b07 /backend/routes/auth/authorize.py
parent	Adds Webhook Sending Functionality (diff)
parent	Merge pull request #37 from python-discord/docs/api-spec (diff)