upload_tokens: Fix another detached database session issue

barthalion · barthalion · commit f3f8aff64ff6 · 2025-02-05T19:43:22.000+01:00
diff --git a/backend/app/routes/upload_tokens.py b/backend/app/routes/upload_tokens.py
@@ -173,7 +173,6 @@ def create_upload_token(
     issued_to = login.user
     expires_at = issued_at + datetime.timedelta(days=180)
 
-    # Create the row in the database
     token = models.UploadToken(
         comment=request.comment,
         app_id=app_id,
@@ -183,11 +182,30 @@ def create_upload_token(
         issued_to=issued_to.id,
         expires_at=expires_at,
     )
+
     with get_db("writer") as db:
         db.session.add(token)
         db.session.commit()
         token_id = token.id
 
+    encoded = jwt.encode(
+        {
+            "jti": f"backend_{token_id}",
+            "sub": "build",
+            "scope": request.scopes,
+            "repos": request.repos,
+            "prefixes": [app_id],
+            "iat": issued_at,
+            "exp": expires_at,
+            "token_type": "app",
+        },
+        base64.b64decode(config.settings.flat_manager_build_secret),
+        algorithm="HS256",
+    )
+
+    if config.settings.flat_manager_build_token_prefix is not None:
+        encoded = config.settings.flat_manager_build_token_prefix + encoded
+
     if app_metadata := get_json_key(f"apps:{app_id}"):
         app_name = app_metadata["name"]
     else:
@@ -212,25 +230,6 @@ def create_upload_token(
 
     worker.send_email_new.send(payload)
 
-    # Create the JWT
-    encoded = jwt.encode(
-        {
-            "jti": jti(token),
-            "sub": "build",
-            "scope": request.scopes,
-            "repos": request.repos,
-            "prefixes": [app_id],
-            "iat": issued_at,
-            "exp": expires_at,
-            "token_type": "app",
-        },
-        base64.b64decode(config.settings.flat_manager_build_secret),
-        algorithm="HS256",
-    )
-
-    if config.settings.flat_manager_build_token_prefix is not None:
-        encoded = config.settings.flat_manager_build_token_prefix + encoded
-
     return NewTokenResponse(
         token=encoded,
         details=_token_response(token, issued_to.display_name),
