add protection that shares the data with my webside

my_modules/decoratory/header.py

@@ -1,4 +1,4 @@
-from my_modules.app.constens import SECRET_KEY
+from my_modules.app.constens import THE_IP_BOT_MANAGER
 from my_modules.app.logger import logger
 from my_modules.app.setup import LIMITER
 from my_modules.functions import get_ip
@@ -6,7 +6,7 @@ from my_modules.functions import get_ip
 from quart import jsonify, request, url_for, Response, current_app, session, abort
 from functools import wraps
 from datetime import datetime
-import asyncio, msgpack, json, jwt
+import asyncio, msgpack, json
 
 def encode_object_default(obj):
   if isinstance(obj, datetime):
@@ -24,6 +24,27 @@ async def get_auth_token():
 
   return None
 
+async def verify_token(token:str):
+  decoded_payload = await current_app.convex.decode_access_token_payload(access_token=token)
+  decoded_payload_error_state = decoded_payload.get('state', None)
+
+  if decoded_payload is None:
+    return {'error': "No Data from Database"}, 504
+  elif decoded_payload_error_state == 1:
+    await logger.error(decoded_payload.get('error'))
+    return {'error': 'Invalid access token'}, 401
+  elif decoded_payload_error_state == 2:
+    await logger.error(decoded_payload.get('error'))
+    return {'error': 'Wrong access token type'}, 401
+  elif decoded_payload_error_state == 3:
+    await logger.error(decoded_payload.get('error'))
+    return {'error': 'Refresh token not found', 'msg': 'Please login again and generate a new Token', 'url': url_for('auth_login.login')}, 403
+  elif decoded_payload_error_state == 4:
+    await logger.error(decoded_payload.get('error'))
+    return {'error': 'Refresh token expired'}, 401
+
+  return decoded_payload, None
+
 # Custom decorator for token validation
 def token_required(func):
   @wraps(func)
@@ -33,17 +54,10 @@ def token_required(func):
       await logger.error('API Token is missing')
       return jsonify(error='Token is missing'), 400
 
-    try:
-      decoded_payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
-      if not await current_app.edgedb.check_if_refresh_token_exists_by_id(decoded_payload['refresh_id']):
-        await logger.error(f'API Refresh Token not found: {decoded_payload['refresh_id']}')
-        return jsonify(error='Refresh Token not found', msg='Please login again', url=url_for('login')), 403
-    except jwt.ExpiredSignatureError:
-      await logger.error('API Token has expired')
-      return jsonify(error='Token has expired'), 401
-    except jwt.InvalidTokenError:
-      await logger.error('API Token is invalid')
-      return jsonify(error='Token is invalid'), 401
+    decoded_payload, status_code = await verify_token(token)
+    decoded_payload_error = decoded_payload.get('error', None)
+    if decoded_payload_error:
+      return jsonify(decoded_payload), status_code
 
     return await func(user=decoded_payload, *args, **kwargs)
   return wrapper
@@ -116,8 +130,8 @@ def apply_limit(endpoint_name, limits:dict=None):
   def make_key_func(endpoint):
     def key_func():
       ip = get_ip()
-      # if THE_IP_BOT_MANAGER.is_client_ip_always_allowed(ip):
-      #   return None  # No key, no increment, no enforcement
+      if THE_IP_BOT_MANAGER.is_client_ip_always_allowed(ip):
+        return None  # No key, no increment, no enforcement
 
       # Combine endpoint name and HTTP method (and client IP) into the rate-limit key
       return f":{ip}:{endpoint}:{request.method}:"