Checking if a valid token has been supplied from the app, only works with Android tokens
All checks were successful
Build & Publish to GHCR / build (push) Successful in 21s
All checks were successful
Build & Publish to GHCR / build (push) Successful in 21s
This commit is contained in:
parent
e3bd837192
commit
582cc0d9b9
@ -1,18 +1,32 @@
|
|||||||
from argon2 import PasswordHasher
|
from argon2 import PasswordHasher
|
||||||
|
import re
|
||||||
|
|
||||||
def is_valid_platform(platform):
|
def is_valid_platform(platform) -> bool:
|
||||||
if platform not in ["ios","android","web"]:
|
if platform not in ["ios","android","web"]:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def is_valid_token(token): #Later check for specific Firebase tokens
|
def is_valid_token(token: str) -> bool:
|
||||||
"""
|
"""
|
||||||
Correct length
|
Validate a push notification token.
|
||||||
No malicious characters
|
|
||||||
Freshness?
|
Criteria:
|
||||||
|
- Must be a string
|
||||||
|
- Correct length (e.g., 140–200 chars)
|
||||||
|
- Only safe characters (alphanumeric, dash, underscore)
|
||||||
"""
|
"""
|
||||||
|
if not isinstance(token, str):
|
||||||
|
return False
|
||||||
|
|
||||||
|
if not (140 <= len(token) <= 200):
|
||||||
|
return False
|
||||||
|
|
||||||
|
if not re.match(r'^[A-Za-z0-9\-_]+$', token):
|
||||||
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
ph = PasswordHasher()
|
ph = PasswordHasher()
|
||||||
|
|
||||||
def hash_api_key(api_key: str) -> str:
|
def hash_api_key(api_key: str) -> str:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user