wpp/weirsoe-party-protocol
8
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(f3): require player session token for lie submission
All checks were successful
CI / test-and-quality (push) Successful in 1m34s
Details
CI / test-and-quality (pull_request) Successful in 1m34s
Details

Browse Source
This commit is contained in:
Asger Geel Weirsøe
2026-02-27 23:11:59 +01:00
parent 86dbd4fabc
commit 37e1d32675
5 changed files with 80 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lobby/views.py
View File

@@ -104,6 +104,7 @@ def join_session(request: HttpRequest) -> JsonResponse:
"player": {
"id": player.id,
"nickname": player.nickname,
"session_token": player.session_token,
"score": player.score,
},
"session": {
@@ -296,11 +297,15 @@ def submit_lie(request: HttpRequest, code: str, round_question_id: int) -> JsonR
session_code = code.strip().upper()
player_id = payload.get("player_id")
session_token = str(payload.get("session_token", "")).strip()
lie_text = str(payload.get("text", "")).strip()
if not player_id:
return JsonResponse({"error": "player_id is required"}, status=400)
if not session_token:
return JsonResponse({"error": "session_token is required"}, status=400)
if not lie_text or len(lie_text) > 255:
return JsonResponse({"error": "text must be between 1 and 255 characters"}, status=400)
@@ -317,6 +322,9 @@ def submit_lie(request: HttpRequest, code: str, round_question_id: int) -> JsonR
except Player.DoesNotExist:
return JsonResponse({"error": "Player not found in session"}, status=404)
if player.session_token != session_token:
return JsonResponse({"error": "Invalid player session token"}, status=403)
try:
round_question = RoundQuestion.objects.get(
pk=round_question_id,