From 6d65f5045e2de9d644c9caa877e4781eb557b522 Mon Sep 17 00:00:00 2001
From: Edward Betts <edward@4angle.com>
Date: Sun, 21 Jan 2024 08:07:11 +0000
Subject: [PATCH 1/2] Ensure space launch JSON can be parsed before saving

---
 agenda/thespacedevs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agenda/thespacedevs.py b/agenda/thespacedevs.py
index 130be2f..18a5bbb 100644
--- a/agenda/thespacedevs.py
+++ b/agenda/thespacedevs.py
@@ -21,8 +21,8 @@ def next_launch_api(rocket_dir: str, limit: int = 200) -> list[Launch]:
 
     params: dict[str, str | int] = {"limit": limit}
     r = requests.get(url, params=params)
-    open(filename, "w").write(r.text)
     data = r.json()
+    open(filename, "w").write(r.text)
     return [summarize_launch(launch) for launch in data["results"]]
 
 

From 2b89ff7ff9268d863a6fc5a53e95bd14f160b58d Mon Sep 17 00:00:00 2001
From: Edward Betts <edward@4angle.com>
Date: Sun, 21 Jan 2024 15:55:31 +0000
Subject: [PATCH 2/2] Add authentication via UniAuth

---
 agenda/auth.py | 29 +++++++++++++++++++++++++++++
 web_view.py    |  3 +++
 2 files changed, 32 insertions(+)
 create mode 100644 agenda/auth.py

diff --git a/agenda/auth.py b/agenda/auth.py
new file mode 100644
index 0000000..d44696a
--- /dev/null
+++ b/agenda/auth.py
@@ -0,0 +1,29 @@
+"""Authentication via UniAuth."""
+
+import flask
+import werkzeug
+from itsdangerous.url_safe import URLSafeTimedSerializer
+
+max_age = 60 * 60 * 24 * 90
+
+
+def verify_auth_token(token: str) -> str | None:
+    """Verify the authentication token."""
+    serializer = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
+    try:
+        username = serializer.loads(token, salt="auth", max_age=max_age)
+    except Exception:
+        return None
+
+    assert isinstance(username, str)
+    return username
+
+
+def require_authentication() -> werkzeug.Response | None:
+    """Require authentication."""
+    token = flask.request.cookies.get("auth_token")
+    return (
+        None
+        if token and verify_auth_token(token)
+        else flask.redirect(flask.current_app.config["UNIAUTH_LOGIN_URL"])
+    )
diff --git a/web_view.py b/web_view.py
index 99e5cf7..259e751 100755
--- a/web_view.py
+++ b/web_view.py
@@ -15,6 +15,7 @@ import werkzeug
 import werkzeug.debug.tbtools
 import yaml
 
+import agenda.auth
 import agenda.data
 import agenda.error_mail
 import agenda.holidays
@@ -27,6 +28,8 @@ app = flask.Flask(__name__)
 app.debug = False
 app.config.from_object("config.default")
 
+app.before_request(agenda.auth.require_authentication)
+
 agenda.error_mail.setup_error_mail(app)