From ff65e4a333a958cbc9b2ef3661a91e8e9b3f45d4 Mon Sep 17 00:00:00 2001
From: DIKER0K <sitnikovdima2006@gmail.com>
Date: Fri, 18 Jul 2025 03:13:52 +0500
Subject: [PATCH] required acess token and client token in set, delete skin and
 capes

---
 app/api/capes.py | 26 +++++++++++++++++++++++---
 app/api/skins.py | 27 ++++++++++++++++++++++++---
 2 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/app/api/capes.py b/app/api/capes.py
index 15b6e44..1b85d20 100644
--- a/app/api/capes.py
+++ b/app/api/capes.py
@@ -1,12 +1,32 @@
-from fastapi import APIRouter, UploadFile, File
+from fastapi import APIRouter, UploadFile, File, HTTPException, Form
 from app.services.cape import CapeService
+from app.services.auth import AuthService
 
 router = APIRouter(tags=["Capes"])
 
 @router.post("/user/{username}/cape")
-async def set_cape(username: str, cape_file: UploadFile = File(...)):
+async def set_cape(
+    username: str, 
+    cape_file: UploadFile = File(...),
+    accessToken: str = Form(...),
+    clientToken: str = Form(...)
+):
+    # Validate the token
+    is_valid = await AuthService().validate(accessToken, clientToken)
+    if not is_valid:
+        raise HTTPException(status_code=401, detail="Invalid authentication tokens")
+        
     return await CapeService().set_cape(username, cape_file)
 
 @router.delete("/user/{username}/cape")
-async def remove_cape(username: str):
+async def remove_cape(
+    username: str,
+    accessToken: str,
+    clientToken: str
+):
+    # Validate the token
+    is_valid = await AuthService().validate(accessToken, clientToken)
+    if not is_valid:
+        raise HTTPException(status_code=401, detail="Invalid authentication tokens")
+        
     return await CapeService().remove_cape(username)
diff --git a/app/api/skins.py b/app/api/skins.py
index 0f59e71..b782440 100644
--- a/app/api/skins.py
+++ b/app/api/skins.py
@@ -1,12 +1,33 @@
-from fastapi import APIRouter, UploadFile, File, Form
+from fastapi import APIRouter, UploadFile, File, Form, HTTPException
 from app.services.skin import SkinService
+from app.services.auth import AuthService
 
 router = APIRouter(tags=["Skins"])
 
 @router.post("/user/{username}/skin")
-async def set_skin(username: str, skin_file: UploadFile = File(...), skin_model: str = Form("classic")):
+async def set_skin(
+    username: str, 
+    skin_file: UploadFile = File(...), 
+    skin_model: str = Form("classic"),
+    accessToken: str = Form(...),
+    clientToken: str = Form(...)
+):
+    # Validate the token
+    is_valid = await AuthService().validate(accessToken, clientToken)
+    if not is_valid:
+        raise HTTPException(status_code=401, detail="Invalid authentication tokens")
+        
     return await SkinService().set_skin(username, skin_file, skin_model)
 
 @router.delete("/user/{username}/skin")
-async def remove_skin(username: str):
+async def remove_skin(
+    username: str,
+    accessToken: str,
+    clientToken: str
+):
+    # Validate the token
+    is_valid = await AuthService().validate(accessToken, clientToken)
+    if not is_valid:
+        raise HTTPException(status_code=401, detail="Invalid authentication tokens")
+        
     return await SkinService().remove_skin(username)