From 7f4f6142c98b10aaecad8afdff9a4a06b518b438 Mon Sep 17 00:00:00 2001
From: julius <julius@0124816.xyz>
Date: Thu, 20 Mar 2025 17:04:20 +0100
Subject: [PATCH] feat: don't rely on secure JWT when it comes to scopes

---
 security.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/security.py b/security.py
index 5ad8bb7..b76916f 100644
--- a/security.py
+++ b/security.py
@@ -141,8 +141,9 @@ async def get_current_user(
     user = get_user(username=token_data.username)
     if user is None:
         raise credentials_exception
+    allowed_scopes = set(user.scopes.split())
     for scope in security_scopes.scopes:
-        if scope not in token_data.scopes:
+        if scope not in allowed_scopes or scope not in token_data.scopes:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
                 detail="Not enough permissions",
@@ -159,6 +160,10 @@ async def get_current_active_user(
     return current_user
 
 
+async def verify_team_scope(user: Annotated[Player, Depends(get_current_active_user)]):
+    allowed_scopes = set(user.scopes.split())
+
+
 async def login_for_access_token(
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()], response: Response
 ) -> Token: