Cleaning up the API a bit, less of a focus on doing any kind of security right now

README.md

@@ -2,24 +2,17 @@
 
 ## Back End
 
+In the future, names should be tracked via actual tokens
+
 ```
 API Endpoints
 GET /
     Returns {
-        "version": string
-    }
-POST /name
-    Accepts {
-        "name": string,
-        "secret": string
-    }
-    Returns 400 vs 204, sets session cookie
-GET /valid-session
-    Returns {
-        "valid": boolean
+        "version": string,
+        "status": string
     }
 PUT /game
-    Requires session cookie
+    Header Authorization: Name string
     Accepts {
         "timer": number
     }
@@ -53,10 +46,10 @@ GET /game/{ID}
         ]
     }
 POST /game/{ID}/join
-    Requires session cookie
+    Header Authorization: Name string
     Returns 201 vs 401
 GET /game/{ID}/guesses
-    Requires session cookie
+    Header Authorization: Name string
     Returns {
         "currentRound": string || null,
         "guesses": {
@@ -68,7 +61,7 @@ GET /game/{ID}/guesses
         }
     }
 POST /game/{ID}/guesses/{round}
-    Requires session cookie
+    Header Authorization: Name string
     Accepts {
         "lat": number,
         "lng": number

server/app.py

@@ -3,7 +3,6 @@ from flask_cors import CORS
 import toml
 
 from db import db
-from misc_api import misc
 from game_api import game
 
 app = Flask(__name__)
@@ -17,11 +16,16 @@ app.config["GOOGLE_API_KEY"] = secrets["google_api_key"]
 app.config["SQLALCHEMY_DATABASE_URI"] = secrets["db_uri"]
 app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
 
-app.register_blueprint(misc)
 app.register_blueprint(game, url_prefix="/game")
 
 db.init_app(app)
 db.create_all(app=app)
 
+
+@app.route("/")
+def version():
+    return jsonify({"version": "1", "status": "healthy"})
+
+
 if __name__ == "__main__":
     app.run("0.0.0.0", 5000, debug=True)

server/game_api.py

@@ -1,7 +1,7 @@
 from functools import wraps
 import uuid
 
-from flask import Blueprint, session, abort, request, current_app, jsonify
+from flask import Blueprint, abort, request, current_app, jsonify
 
 from db import db, Game, CoordSet, GuessSet
 from lib import generate_coord, score
@@ -10,10 +10,10 @@ game = Blueprint("game", __name__)
 
 
 def require_name():
-    name = session.get("name", None)
+    name = request.headers.get("Authorization", type=str)
     if name is None:
         abort(401)
-    return name
+    return name.split()[-1]
 
 
 def require_game(game_id):
@@ -102,7 +102,7 @@ def join(game_id):
     g = require_game(game_id)
 
     if GuessSet.query.get((g.game_id, name)) is not None:
-        abort(400)
+        abort(409)
 
     cs = CoordSet()
     db.session.add(cs)
@@ -127,7 +127,7 @@ def guesses(game_id):
 def make_guess(game_id, round_num):
     gs = require_guess_set(game_id)
     if round_num != gs.get_current_round():
-        abort(400)
+        abort(409)
 
     lat = request.json.get("lat", None)
     lng = request.json.get("lng", None)

server/misc_api.py

@@ -1,26 +0,0 @@
-from flask import Blueprint, jsonify, session, request, current_app, abort
-
-misc = Blueprint("misc", __name__)
-
-
-@misc.route("/")
-def version():
-    return jsonify({"version": "1"})
-
-
-@misc.route("/name", methods=["POST"])
-def name():
-    secret = request.json.get("secret", None)
-    if current_app.config["GROUP_PASS"] != secret:
-        abort(400)
-
-    name = request.json.get("name", None)
-    if name is None:
-        abort(400)
-
-    session["name"] = name
-    return "", 204
-
-@misc.route("/valid-session")
-def valid_session():
-    return jsonify({"valid": ("name" in session)})