From 317dff9e3b3cefff63f4971c3bd0144b34b11012 Mon Sep 17 00:00:00 2001
From: norohind <60548839+norohind@users.noreply.github.com>
Date: Wed, 8 Dec 2021 00:56:36 +0300
Subject: [PATCH] web: fix secret check, add ListTokens, RandomToken

---
 web.py | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/web.py b/web.py
index 7ae76eb..0164ba0 100644
--- a/web.py
+++ b/web.py
@@ -12,7 +12,8 @@ logger.propagate = False
 
 def check_secret(req: falcon.request.Request, resp: falcon.response.Response, resource, params) -> None:
     cookies_secret = req.get_cookie_values('key')
-    if cookies_secret[0] != config.access_key:
+
+    if cookies_secret is None or cookies_secret[0] != config.access_key:
         raise falcon.HTTPForbidden
 
 
@@ -83,12 +84,29 @@ class CleanOrphanRecords:
         capi_authorizer.cleanup_orphans()
 
 
+class ListTokens:
+    @falcon.before(check_secret)
+    def on_get(self, req: falcon.request.Request, resp: falcon.response.Response):
+        resp.content_type = falcon.MEDIA_JSON
+        resp.text = json.dumps(capi_authorizer.list_all_users())
+
+
+class RandomToken:
+    # for legacy reasons
+    @falcon.before(check_secret)
+    def on_get(self, req: falcon.request.Request, resp: falcon.response.Response):
+        import random
+        random_state = random.choice(capi_authorizer.list_all_users())
+
+
 application = falcon.App()
 application.add_route('/authorize', AuthInit())
 application.add_route('/fdev-redirect', FDEVCallback())
 application.add_route('/users/{state}', TokenByState())  # for legacy reasons
+application.add_route('/random_token', RandomToken())  # for legacy reasons, subject to decommissioning
 application.add_route('/users/by-state/{state}', TokenByState())
 application.add_route('/users/by-nickname/{nickname}', TokenByNickname())
+application.add_route('/users', ListTokens())
 application.add_route('/tools/clean-orphan-records', CleanOrphanRecords())
 
 if __name__ == '__main__':