From 5be8b228bad617d849316d9c056b6ba4fde0377b Mon Sep 17 00:00:00 2001 From: Laurent Date: Mon, 15 Jan 2024 14:06:24 +0100 Subject: [PATCH] try decoding payload --- pokeranalytics_backend/settings.py | 1 + subscriptions/views.py | 15 +++++++++++++-- token_generator.py | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/pokeranalytics_backend/settings.py b/pokeranalytics_backend/settings.py index 5f8d2e2..9049cae 100644 --- a/pokeranalytics_backend/settings.py +++ b/pokeranalytics_backend/settings.py @@ -22,6 +22,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-v9l*b^t^2eqp877kdrt%5g#y=8$e%e^sa!65(1@t+rp@avwx+@' +ASS_KEY_FILE = BASE_DIR / 'AuthKey_JZC9L76TDT.p8' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True diff --git a/subscriptions/views.py b/subscriptions/views.py index 313294c..dec5270 100644 --- a/subscriptions/views.py +++ b/subscriptions/views.py @@ -2,7 +2,8 @@ from django.shortcuts import render from django.http import HttpResponse, JsonResponse from django.views.decorators.csrf import csrf_exempt from .models import ASSNotification -import json +from django.conf import settings +import json, jwt def index(request): return HttpResponse("Hello, world. You're at the subs index.") @@ -18,8 +19,18 @@ def app_store_webhook(request): fulljson = json.loads(data) signedPayload = fulljson['signedPayload'] + + KEY_FILE = settings.ASS_KEY_FILE + + with open(KEY_FILE,'r') as key_file: + key = ''.join(key_file.readlines()) + + decodedPayload = jwt.decode(signedPayload, key, algorithms=['ES256']) + + + notification = ASSNotification( - content=signedPayload, + content=decodedPayload, ) notification.save() diff --git a/token_generator.py b/token_generator.py index f85b29d..ccce487 100644 --- a/token_generator.py +++ b/token_generator.py @@ -43,7 +43,7 @@ key=key with open('jwt_signed.txt', 'w') as output: output.write(client_secret) -curl -X POST -v -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkpaQzlMNzZURFQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiI2OWE2ZGU4My0wMmYyLTQ3ZTMtZTA1My01YjhjN2MxMWE0ZDEiLCJpYXQiOjE3MDUzMjIxMjUsImV4cCI6MTcwNTMyNTQyNSwiYXVkIjoiYXBwc3RvcmVjb25uZWN0LXYxIiwiYmlkIjoic3RheC5TbGFzaFBva2VyLm5vc2VibGVlZCJ9.dM2cM92BX7f4f8fuF72HRaOutK1POs6tQcVriXMQQIA_tA_HOayXYuTRt_cUc4HLqErkRj9NNiT0CV0ZJECqpQ' https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/test +# curl -X POST -v -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkpaQzlMNzZURFQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiI2OWE2ZGU4My0wMmYyLTQ3ZTMtZTA1My01YjhjN2MxMWE0ZDEiLCJpYXQiOjE3MDUzMjIxMjUsImV4cCI6MTcwNTMyNTQyNSwiYXVkIjoiYXBwc3RvcmVjb25uZWN0LXYxIiwiYmlkIjoic3RheC5TbGFzaFBva2VyLm5vc2VibGVlZCJ9.dM2cM92BX7f4f8fuF72HRaOutK1POs6tQcVriXMQQIA_tA_HOayXYuTRt_cUc4HLqErkRj9NNiT0CV0ZJECqpQ' https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/test # Usage, after run this code by python3 # get token from `client_secret.txt` and replace to [signed token] # Remember expired time maximum is 20 minutes