def get(self):
# checks if the user can create a new package entry
# if so, returns a new secret
# user then must post the signed package to this endpoint
if not ENGINE.check_package(request.form['owner'], request.form['package']):
# try to pull the users public key
query = ENGINE.get_key(request.form['owner'])
# in doing so, check if the user exists
if query == None:
return error_payload('Owner does not exist.')
# construct the user's public key
user_public_key = rsa.PublicKey(int(query[0]), int(query[1]))
# create a new secret
secret = random_string(53)
# sign and store it in the db so no plain text instance exists in the universe
server_signed_secret = str(rsa.encrypt(secret.encode('utf8'), KEY[0]))
query = ENGINE.set_secret(request.form['owner'], server_signed_secret)
# sign and send secret to user
user_signed_secret = rsa.encrypt(secret.encode('utf8'), user_public_key)
return success_payload(str(user_signed_secret), 'Package available to register.')
else:
return error_payload('Package already exists.')
评论列表
文章目录
