diff --git a/app/services/auth.py b/app/services/auth.py index 3f47aca..29c1f83 100644 --- a/app/services/auth.py +++ b/app/services/auth.py @@ -330,7 +330,7 @@ class AuthService: async def join_server(self, request_data: dict): access_token = request_data.get("accessToken") - selected_profile = request_data.get("selectedProfile") + selected_profile = request_data.get("selectedProfile") # STRING UUID server_id = request_data.get("serverId") if not all([access_token, selected_profile, server_id]): @@ -338,26 +338,36 @@ class AuthService: session = await sessions_collection.find_one({ "access_token": access_token, - "client_token": request_data.get("clientToken"), }) - if not session or datetime.utcnow() > session["expires_at"]: - raise HTTPException(status_code=401, detail="Invalid or expired session") + if not session: + raise HTTPException(status_code=401, detail="Invalid session") - decoded_token = decode_token(access_token) - if not decoded_token: + if datetime.utcnow() > session["expires_at"]: + raise HTTPException(status_code=401, detail="Session expired") + + decoded = decode_token(access_token) + if not decoded: raise HTTPException(status_code=401, detail="Invalid access token") - token_uuid = decoded_token.get("uuid", "").replace("-", "") + # 🔥 ВАЖНО + token_uuid = decoded["uuid"].replace("-", "") + + print("JOIN DEBUG:", { + "token_uuid": token_uuid, + "selected_profile": selected_profile, + "raw": request_data + }) + if token_uuid != selected_profile: - raise HTTPException(status_code=403, detail="Token doesn't match selected profile") + raise HTTPException(status_code=403, detail="Profile mismatch") await sessions_collection.update_one( {"_id": session["_id"]}, {"$set": {"server_id": server_id}}, ) - return True + return JSONResponse(status_code=204, content=None) async def has_joined(self, username: str, server_id: str): user = await users_collection.find_one({"username": username})