From 50ca76cf2fe30ab9927a2e8a8b092504a0945d7d Mon Sep 17 00:00:00 2001
From: AlexTheGeek <28763288+AlexTheGeek@users.noreply.github.com>
Date: Fri, 26 Jan 2024 11:36:16 +0100
Subject: [PATCH] Check Auth VNC

---
 main.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/main.py b/main.py
index 58919d1..b9fd9f3 100644
--- a/main.py
+++ b/main.py
@@ -441,11 +441,16 @@ def check_auth():
     logger.info("Authentication check: "+current_user.email+", role: "+current_user.role+", id: "+current_user.id)
     return jsonify({'message': 'Authentication check successful'})
 
-@app.route('/check-auth-vnc')
+@app.route('/check-auth-vnc?token=<token_url>')
 @login_required
-def check_auth_vnc():
-    logger.info("Authentication check: "+current_user.email+", role: "+current_user.role+", id: "+current_user.id)
-    return jsonify({'message': 'Authentication check successful'}), 200
+def check_auth_vnc(token_url):
+    vm = VM.query.filter_by(vncurl=token_url).first().users_id
+    if vm.users_id == current_user.id:
+        logger.info("Authentication check: "+current_user.email+", role: "+current_user.role+", id: "+current_user.id+" to Acces VM VNC : "+vm.name)
+        return jsonify({'message': 'Authentication check successful'}), 200
+    else:
+        logger.warning("Wrong User, "+current_user.id+" want to acces to the VM : "+vm.name)
+        return jsonify({'message': 'Unauthorized'}), 401
 
 
 @app.route('/users', methods=['GET'])