94 lines
2.9 KiB
Python
94 lines
2.9 KiB
Python
|
import os
|
||
|
from flask import Flask, render_template, request, redirect, abort
|
||
|
import requests
|
||
|
|
||
|
def get_env_variable(var_name):
|
||
|
value = os.environ.get(var_name)
|
||
|
if not value:
|
||
|
raise ValueError(f"Missing required environment variable: {var_name}")
|
||
|
return value
|
||
|
|
||
|
app = Flask(__name__)
|
||
|
|
||
|
# Read environment variables outside the route function
|
||
|
client_id = get_env_variable('CLIENT_ID')
|
||
|
redirect_uri = get_env_variable('REDIRECT_URI')
|
||
|
optional_scopes = get_env_variable('OPTIONAL_SCOPES')
|
||
|
database_url = get_env_variable('DATABASE_URL')
|
||
|
|
||
|
csrf_protection_string = None
|
||
|
|
||
|
@app.route('/')
|
||
|
def home():
|
||
|
if is_logged_in():
|
||
|
return render_template('success.html')
|
||
|
|
||
|
# Generate a CSRF protection string
|
||
|
global csrf_protection_string
|
||
|
csrf_protection_string = os.urandom(16).hex()
|
||
|
|
||
|
# Pass dynamic variables to the template
|
||
|
return render_template('index.html', client_id=client_id, redirect_uri=redirect_uri,
|
||
|
optional_scopes=optional_scopes, csrf_protection_string=csrf_protection_string)
|
||
|
|
||
|
@app.route('/oauth-redirect')
|
||
|
def oauth_redirect():
|
||
|
auth_code = request.args.get('code')
|
||
|
csrf_token = request.args.get('state')
|
||
|
|
||
|
# Verify the CSRF protection string
|
||
|
if csrf_token != csrf_protection_string:
|
||
|
abort(400, 'Invalid CSRF token. Please try again.')
|
||
|
|
||
|
# Exchange authorization code for access and refresh tokens
|
||
|
response = requests.post(
|
||
|
'https://www.inoreader.com/oauth2/token',
|
||
|
headers={
|
||
|
'Content-Type': 'application/x-www-form-urlencoded',
|
||
|
'User-agent': 'your-user-agent'
|
||
|
},
|
||
|
data={
|
||
|
'code': auth_code,
|
||
|
'redirect_uri': get_env_variable('REDIRECT_URI'),
|
||
|
'client_id': get_env_variable('CLIENT_ID'),
|
||
|
'client_secret': get_env_variable('CLIENT_SECRET'),
|
||
|
'scope': '',
|
||
|
'grant_type': 'authorization_code'
|
||
|
}
|
||
|
)
|
||
|
|
||
|
response.raise_for_status()
|
||
|
|
||
|
tokens = response.json()
|
||
|
|
||
|
# Save tokens for later use
|
||
|
save_tokens(tokens['access_token'], tokens['refresh_token'], tokens['expires_in'])
|
||
|
|
||
|
return redirect('/')
|
||
|
|
||
|
def is_logged_in():
|
||
|
response = requests.get(f'{database_url}/token/latest')
|
||
|
response.raise_for_status()
|
||
|
if response.status_code == 204:
|
||
|
return False
|
||
|
elif response.status_code == 200:
|
||
|
resp_json = response.json()
|
||
|
return resp_json['token']['expiration_seconds'] + resp_json['token']['timestamp'] > datetime.now().timestamp()
|
||
|
return False
|
||
|
|
||
|
def save_tokens(access_token, refresh_token, expiration_seconds):
|
||
|
response = requests.post(
|
||
|
f'{database_url}/token',
|
||
|
headers={
|
||
|
'Content-Type': 'application/json'
|
||
|
},
|
||
|
json={
|
||
|
'access_token': access_token,
|
||
|
'refresh_token': refresh_token,
|
||
|
'expiration_seconds': expiration_seconds
|
||
|
}
|
||
|
)
|
||
|
response.raise_for_status()
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
app.run(debug=True, port=5000)
|