service/part3 (url encoding)

This commit is contained in:
Shailaja Kumari 2024-02-15 08:15:03 +05:30
parent b5373d144e
commit fe531ef859
Signed by: shailaja
GPG Key ID: 81C942771BB69898

View File

@ -2,7 +2,7 @@ import os
from flask import Flask, render_template, request, redirect, abort, url_for, session from flask import Flask, render_template, request, redirect, abort, url_for, session
import requests import requests
from datetime import datetime from datetime import datetime
from urllib.parse import quote_plus, urlencode from urllib.parse import urlencode
def get_env_variable(var_name): def get_env_variable(var_name):
value = os.environ.get(var_name) value = os.environ.get(var_name)
@ -28,45 +28,43 @@ AUTH_URL = 'https://github.com/login/oauth/authorize'
@app.route('/') @app.route('/')
def home(): def home():
"""Home route that either shows user info or initiates OAuth flow.""" if is_logged_in():
if 'token_id' in session: token_id = session.get('token_id')
try:
# Attempt to fetch user info using the stored access token
token_id = session['token_id']
resp = requests.get(f'{database_url}/token/{token_id}') resp = requests.get(f'{database_url}/token/{token_id}')
resp.raise_for_status() # This will raise an exception for HTTP errors raise_for_status(resp)
token = resp.json()['token'] resp_json = resp.json()
token = resp_json['token']
# Use the access token to fetch user info from GitHub user_info = requests.get('https://api.github.com/user', headers={
user_info_resp = requests.get('https://api.github.com/user', headers={'Authorization': f'token {token["access_token"]}'}) 'Authorization': f'Bearer {token.get("access_token")}'
user_info_resp.raise_for_status() }).json()
user_info = user_info_resp.json()
# Prepare user info and token details for rendering last_synced = datetime.fromtimestamp(token.get('updated_at')).strftime('%Y-%m-%d %H:%M:%S')
last_synced = datetime.fromtimestamp(token['updated_at']).strftime('%Y-%m-%d %H:%M:%S') next_sync = datetime.fromtimestamp(token.get('updated_at') + token.get('expiration_seconds')).strftime('%Y-%m-%d %H:%M:%S')
next_sync = datetime.fromtimestamp(token['updated_at'] + token['expires_in']).strftime('%Y-%m-%d %H:%M:%S') return render_template('home.html',
user_login=user_info.get('login'),
user_email=user_info.get('email'), # for inoreader it's userName and userEmail
readwise_api_key=token.get('readwise_api_key') or '',
last_synced=last_synced, next_sync=next_sync)
return render_template('home.html', user_info=user_info, last_synced=last_synced, next_sync=next_sync) # Generate a CSRF protection string
except Exception as e: session['csrf_protection_string'] = os.urandom(16).hex()
# Handle errors (e.g., token expired) by clearing the session and redirecting to login # Construct the OAuth URL with URL encoding
session.pop('token_id', None) oauth_params = {
return redirect(url_for('home'))
else:
# User not logged in; start OAuth flow
session['csrf_protection_string'] = os.urandom(16).hex() # CSRF protection
# Construct OAuth URL
params = {
'client_id': client_id, 'client_id': client_id,
'redirect_uri': redirect_uri, 'redirect_uri': redirect_uri,
'response_type': 'code', 'response_type': 'code',
'scope': optional_scopes, 'scope': optional_scopes,
'state': session['csrf_protection_string'] 'state': session['csrf_protection_string']
} }
oauth_url = f'{AUTH_URL}?{urlencode(params)}' # Use urlencode to properly encode the URL parameters
oauth_url = f'{AUTH_URL}?{urlencode(oauth_params)}'
# Pass dynamic variables to the template
return render_template('login.html',oauth_url )
return redirect(oauth_url)
@app.route('/oauth-redirect') @app.route('/oauth-redirect')
def oauth_redirect(): def oauth_redirect():
auth_code = request.args.get('code') auth_code = request.args.get('code')
@ -119,7 +117,7 @@ def oauth_redirect():
user_info = requests.get('https://api.github.com/user', headers={ user_info = requests.get('https://api.github.com/user', headers={
'Authorization': f'Bearer {token.get("access_token")}' 'Authorization': f'Bearer {token.get("access_token")}'
}).json() }).json()
print(user_info)
# Save tokens for later use # Save tokens for later use
token_id = save_token( token_id = save_token(
user_info.get('email'), # for inoreader it's userEmail user_info.get('email'), # for inoreader it's userEmail