From 9905c514e61cff528a491d259b874e0682189684 Mon Sep 17 00:00:00 2001
From: Michael DeMarco <michaelfromyeg@gmail.com>
Date: Sun, 7 Jan 2024 16:56:22 -0800
Subject: [PATCH] feat: minor improvements; exempt get /video

---
 bereal/server.py     | 9 +++++----
 scripts/test-cors.sh | 9 +++++++++
 2 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 scripts/test-cors.sh

diff --git a/bereal/server.py b/bereal/server.py
index 3f0a56c..0c71a31 100644
--- a/bereal/server.py
+++ b/bereal/server.py
@@ -13,7 +13,7 @@
 from datetime import datetime, timedelta  # noqa: E402
 from typing import Any  # noqa: E402
 
-from flask import Flask, Response, jsonify, request, abort, send_from_directory  # noqa: E402
+from flask import Flask, Response, jsonify, request, send_from_directory  # noqa: E402
 from flask_apscheduler import APScheduler  # noqa: E402
 from flask_cors import CORS  # noqa: E402
 from flask_limiter import Limiter  # noqa: E402
@@ -165,7 +165,7 @@ def create_video() -> tuple[Response, int]:
     bereal_token = request.args.get("berealToken")
 
     if not bereal_token or bereal_token != get_bereal_token(phone):
-        abort(401)
+        return jsonify({"error": "Unauthorized", "message": "Invalid token"}), 401
 
     token = request.form["token"]
     year = request.form["year"]
@@ -204,7 +204,7 @@ def task_status(task_id) -> tuple[Response, int]:
     bereal_token = request.args.get("berealToken")
 
     if not bereal_token or bereal_token != get_bereal_token(phone):
-        abort(401)
+        return jsonify({"error": "Unauthorized", "message": "Invalid token"}), 401
 
     task = make_video.AsyncResult(task_id)
 
@@ -232,6 +232,7 @@ def task_status(task_id) -> tuple[Response, int]:
 
 
 @app.route("/video/<filename>", methods=["GET"])
+@limiter.exempt
 def get_video(filename: str) -> tuple[Response, int]:
     """
     Serve a video file.
@@ -240,7 +241,7 @@ def get_video(filename: str) -> tuple[Response, int]:
     bereal_token = request.args.get("berealToken")
 
     if not bereal_token or bereal_token != get_bereal_token(phone):
-        abort(401)
+        return jsonify({"error": "Unauthorized", "message": "Invalid token"}), 401
 
     logger.debug("Serving video file %s/%s to %s...", EXPORTS_PATH, filename, phone)
     return send_from_directory(EXPORTS_PATH, filename, mimetype="video/mp4"), 200
diff --git a/scripts/test-cors.sh b/scripts/test-cors.sh
new file mode 100644
index 0000000..be990dd
--- /dev/null
+++ b/scripts/test-cors.sh
@@ -0,0 +1,9 @@
+curl -H "Origin: https://bereal.michaeldemar.co" \
+    -H "Access-Control-Request-Method: GET" \
+    -H "Access-Control-Request-Headers: X-Requested-With" \
+    https://api.bereal.michaeldemar.co/status
+
+curl -H "Origin: https://bereal.michaeldemar.co" \
+    -H "Access-Control-Request-Method: GET" \
+    -H "Access-Control-Request-Headers: X-Requested-With" \
+    https://api.bereal.michaeldemar.co/video/myvideo.mp4