Add endpoint for generating JWTs

These tokens are provided to flat-manager to authorize the user to
download an app. In the future, this enpoint should first check whether
the user has paid for the app if necessary.

Author: jameswestman

app/config.py

@@ -36,6 +36,7 @@ class Settings(BaseSettings):
     google_client_secret: str = "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"
     google_return_url: str = "http://localhost:3000/login/google"
     cors_origins: str = "http://localhost:3000"
+    flat_manager_secret: str = "c2VjcmV0"
 
 
 settings = Settings()

app/main.py

@@ -1,5 +1,9 @@
+import base64
+from datetime import datetime, timedelta
 from functools import lru_cache
+from typing import List
 
+import jwt
 import sentry_sdk
 from fastapi import FastAPI, Response
 from fastapi.middleware.cors import CORSMiddleware
@@ -199,6 +203,27 @@ def get_summary(appid: str, response: Response):
     return None
 
 
+@app.post("/generate-download-token", status_code=200)
+def get_download_token(appids: List[str]):
+    """Generates a download token for the given app IDs."""
+
+    # TODO: Check the user has rights to download the given app IDs!
+
+    encoded = jwt.encode(
+        {
+            "sub": "download",
+            "exp": datetime.utcnow() + timedelta(hours=24),
+            "prefixes": appids,
+        },
+        base64.b64decode(config.settings.flat_manager_secret),
+        algorithm="HS256",
+    )
+
+    return {
+        "token": encoded,
+    }
+
+
 def sort_ids_by_downloads(ids):
     if len(ids) <= 1:
         return ids

pyproject.toml

@@ -23,6 +23,7 @@ itsdangerous = "^2.1"
 PyGithub = "^1.55"
 vcrpy = "^4.1.1"
 python-gitlab = "^3.1"
+PyJWT = "^2.3.0"
 
 [tool.poetry.dev-dependencies]
 black = "^22.1"