try decoding payload

2 years ago · 5be8b228ba
parent 41273537b8
commit 5be8b228ba
3 changed files with 15 additions and 3 deletions
--- a/pokeranalytics_backend/settings.py
+++ b/pokeranalytics_backend/settings.py
@ -22,6 +22,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent

 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'django-insecure-v9l*b^t^2eqp877kdrt%5g#y=8$e%e^sa!65(1@t+rp@avwx+@'
+ASS_KEY_FILE = BASE_DIR / 'AuthKey_JZC9L76TDT.p8'

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
--- a/subscriptions/views.py
+++ b/subscriptions/views.py
@ -2,7 +2,8 @@ from django.shortcuts import render
 from django.http import HttpResponse, JsonResponse
 from django.views.decorators.csrf import csrf_exempt
 from .models import ASSNotification
-import json
+from django.conf import settings
+import json, jwt

 def index(request):
    return HttpResponse("Hello, world. You're at the subs index.")
@ -18,8 +19,18 @@ def app_store_webhook(request):
    fulljson = json.loads(data)
    signedPayload = fulljson['signedPayload']

+
+    KEY_FILE = settings.ASS_KEY_FILE
+
+    with open(KEY_FILE,'r') as key_file:
+        key = ''.join(key_file.readlines())
+
+    decodedPayload = jwt.decode(signedPayload, key, algorithms=['ES256'])
+
+
+
    notification = ASSNotification(
-        content=signedPayload,
+        content=decodedPayload,
    )
    notification.save()

--- a/token_generator.py
+++ b/token_generator.py
@ -43,7 +43,7 @@ key=key
 with open('jwt_signed.txt', 'w') as output:
     output.write(client_secret)

-curl -X POST -v -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkpaQzlMNzZURFQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiI2OWE2ZGU4My0wMmYyLTQ3ZTMtZTA1My01YjhjN2MxMWE0ZDEiLCJpYXQiOjE3MDUzMjIxMjUsImV4cCI6MTcwNTMyNTQyNSwiYXVkIjoiYXBwc3RvcmVjb25uZWN0LXYxIiwiYmlkIjoic3RheC5TbGFzaFBva2VyLm5vc2VibGVlZCJ9.dM2cM92BX7f4f8fuF72HRaOutK1POs6tQcVriXMQQIA_tA_HOayXYuTRt_cUc4HLqErkRj9NNiT0CV0ZJECqpQ' https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/test
+# curl -X POST -v -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkpaQzlMNzZURFQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiI2OWE2ZGU4My0wMmYyLTQ3ZTMtZTA1My01YjhjN2MxMWE0ZDEiLCJpYXQiOjE3MDUzMjIxMjUsImV4cCI6MTcwNTMyNTQyNSwiYXVkIjoiYXBwc3RvcmVjb25uZWN0LXYxIiwiYmlkIjoic3RheC5TbGFzaFBva2VyLm5vc2VibGVlZCJ9.dM2cM92BX7f4f8fuF72HRaOutK1POs6tQcVriXMQQIA_tA_HOayXYuTRt_cUc4HLqErkRj9NNiT0CV0ZJECqpQ' https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/test
 # Usage, after run this code by python3
 # get token from `client_secret.txt` and replace to [signed token]
 # Remember expired time maximum is 20 minutes