fix join_server

2025-12-28 12:07:31 +05:00
parent 5db5b98dbc
commit 419a973d49
1 changed files with 19 additions and 9 deletions
--- a/app/services/auth.py
+++ b/app/services/auth.py
@ -330,7 +330,7 @@ class AuthService:
        
    async def join_server(self, request_data: dict):
        access_token = request_data.get("accessToken")
-        selected_profile = request_data.get("selectedProfile")
+        selected_profile = request_data.get("selectedProfile")  # STRING UUID
        server_id = request_data.get("serverId")

        if not all([access_token, selected_profile, server_id]):
@ -338,26 +338,36 @@ class AuthService:

        session = await sessions_collection.find_one({
            "access_token": access_token,
-            "client_token": request_data.get("clientToken"),
        })

-        if not session or datetime.utcnow() > session["expires_at"]:
-            raise HTTPException(status_code=401, detail="Invalid or expired session")
+        if not session:
+            raise HTTPException(status_code=401, detail="Invalid session")

-        decoded_token = decode_token(access_token)
-        if not decoded_token:
+        if datetime.utcnow() > session["expires_at"]:
+            raise HTTPException(status_code=401, detail="Session expired")
+
+        decoded = decode_token(access_token)
+        if not decoded:
            raise HTTPException(status_code=401, detail="Invalid access token")

-        token_uuid = decoded_token.get("uuid", "").replace("-", "")
+        # 🔥 ВАЖНО
+        token_uuid = decoded["uuid"].replace("-", "")
+        
+        print("JOIN DEBUG:", {
+            "token_uuid": token_uuid,
+            "selected_profile": selected_profile,
+            "raw": request_data
+        })
+        
        if token_uuid != selected_profile:
-            raise HTTPException(status_code=403, detail="Token doesn't match selected profile")
+            raise HTTPException(status_code=403, detail="Profile mismatch")

        await sessions_collection.update_one(
            {"_id": session["_id"]},
            {"$set": {"server_id": server_id}},
        )

-        return True
+        return JSONResponse(status_code=204, content=None)

    async def has_joined(self, username: str, server_id: str):
        user = await users_collection.find_one({"username": username})