From 588a1f2ee4417622c75ca77b585bc7bc93989b30 Mon Sep 17 00:00:00 2001
From: rrr-marble <rrr@marble.lan>
Date: Fri, 2 Jul 2021 13:50:29 +0300
Subject: [PATCH] add: validate session before rating

---
 main.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/main.py b/main.py
index f5ee3b1..9137ff3 100644
--- a/main.py
+++ b/main.py
@@ -72,6 +72,17 @@ async def next_picture(cookie: int):
 @app.get("/rate_picture/{session_id}/{picture_id}/{mark}")
 async def rate_picture(session_id: int, picture_id: int, mark: int):
     """Submit a rating for the picture"""
-    # check if session is valid
+    # check if the cookie is valid
+    cur.execute(
+        """SELECT sessionid 
+            FROM sessions 
+            WHERE cookie = :cookie
+            LIMIT 1""",
+        {"cookie": cookie},
+    )
+    sessionid = cur.fetchone()
+    if sessionid is None:
+        return  # FIXME[2]  # Q: do we return something specific, or just use convention here?
+
     # add new mark to the session table
     pass