Return 401 when token is invalid

2022-04-07 01:45:02 +02:00 · 2022-04-07 01:45:02 +02:00 · 41b9e4c6c1
commit 41b9e4c6c1
parent 2fcfeacd44
1 changed files with 11 additions and 2 deletions
--- a/app/routes.py
+++ b/app/routes.py
@ -27,7 +27,8 @@ from flask import jsonify, make_response, request, redirect, render_template, \
    send_file, session, url_for, g
 from requests import exceptions, get
 from requests.models import PreparedRequest
-from cryptography.fernet import Fernet
+from cryptography.fernet import Fernet, InvalidToken
+from cryptography.exceptions import InvalidSignature

 # Load DDG bang json files only on init
 bang_json = json.load(open(app.config['BANG_FILE'])) or {}
@ -458,7 +459,15 @@ def imgres():
@auth_required
 def element():
    cipher_suite = Fernet(g.session_key)
-    src_url = cipher_suite.decrypt(request.args.get('url').encode()).decode()
+    url = request.args.get('url')
+    src_url = ""
+    try:
+        src_url = cipher_suite.decrypt(url.encode()).decode()
+    except (InvalidSignature, InvalidToken) as e:
+        return render_template(
+            'error.html',
+            error_message=str(e)), 401
+
    src_type = request.args.get('type')

    try: