2024-01-24 12:29:35 +01:00
|
|
|
import os
|
2024-01-30 07:02:03 +01:00
|
|
|
from flask import Flask, render_template, request, redirect, abort, url_for, session
|
2024-01-24 12:29:35 +01:00
|
|
|
import requests
|
2024-01-24 14:55:17 +01:00
|
|
|
from datetime import datetime
|
2024-01-24 12:29:35 +01:00
|
|
|
|
|
|
|
|
def get_env_variable(var_name):
|
|
|
|
|
value = os.environ.get(var_name)
|
|
|
|
|
if not value:
|
|
|
|
|
raise ValueError(f"Missing required environment variable: {var_name}")
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
|
|
|
|
# Read environment variables outside the route function
|
|
|
|
|
client_id = get_env_variable('CLIENT_ID')
|
|
|
|
|
redirect_uri = get_env_variable('REDIRECT_URI')
|
|
|
|
|
optional_scopes = get_env_variable('OPTIONAL_SCOPES')
|
|
|
|
|
database_url = get_env_variable('DATABASE_URL')
|
2024-01-30 07:08:58 +01:00
|
|
|
secret_key = get_env_variable('APP_SECRET_KEY')
|
|
|
|
|
|
|
|
|
|
# Set secret key to enable sessions
|
|
|
|
|
app.secret_key = secret_key
|
2024-01-24 12:29:35 +01:00
|
|
|
|
|
|
|
|
csrf_protection_string = None
|
|
|
|
|
|
|
|
|
|
@app.route('/')
|
|
|
|
|
def home():
|
|
|
|
|
if is_logged_in():
|
2024-01-30 06:25:52 +01:00
|
|
|
resp_json = requests.get(f'{database_url}/token/latest').json()
|
|
|
|
|
access_token = resp_json['token']['access_token']
|
2024-01-30 07:02:03 +01:00
|
|
|
|
|
|
|
|
# set session token id
|
|
|
|
|
session['token_id'] = resp_json['token']['id']
|
|
|
|
|
|
2024-01-30 06:25:52 +01:00
|
|
|
user_info = requests.get('https://api.github.com/user', headers={
|
|
|
|
|
'Authorization': f'Bearer {access_token}'
|
|
|
|
|
}).json()
|
|
|
|
|
return render_template('success.html', user_info=user_info)
|
2024-01-24 12:29:35 +01:00
|
|
|
|
|
|
|
|
# Generate a CSRF protection string
|
|
|
|
|
global csrf_protection_string
|
|
|
|
|
csrf_protection_string = os.urandom(16).hex()
|
|
|
|
|
|
|
|
|
|
# Pass dynamic variables to the template
|
|
|
|
|
return render_template('index.html', client_id=client_id, redirect_uri=redirect_uri,
|
|
|
|
|
optional_scopes=optional_scopes, csrf_protection_string=csrf_protection_string)
|
|
|
|
|
|
|
|
|
|
@app.route('/oauth-redirect')
|
|
|
|
|
def oauth_redirect():
|
|
|
|
|
auth_code = request.args.get('code')
|
|
|
|
|
csrf_token = request.args.get('state')
|
|
|
|
|
|
|
|
|
|
# Verify the CSRF protection string
|
|
|
|
|
if csrf_token != csrf_protection_string:
|
|
|
|
|
abort(400, 'Invalid CSRF token. Please try again.')
|
|
|
|
|
|
|
|
|
|
# Exchange authorization code for access and refresh tokens
|
2024-01-30 06:25:52 +01:00
|
|
|
# response = requests.post(
|
|
|
|
|
# 'https://www.inoreader.com/oauth2/token',
|
|
|
|
|
# headers={
|
|
|
|
|
# 'Content-Type': 'application/x-www-form-urlencoded',
|
|
|
|
|
# },
|
|
|
|
|
# data={
|
|
|
|
|
# 'code': auth_code,
|
|
|
|
|
# 'redirect_uri': get_env_variable('REDIRECT_URI'),
|
|
|
|
|
# 'client_id': get_env_variable('CLIENT_ID'),
|
|
|
|
|
# 'client_secret': get_env_variable('CLIENT_SECRET'),
|
|
|
|
|
# 'scope': '',
|
|
|
|
|
# 'grant_type': 'authorization_code'
|
|
|
|
|
# }
|
|
|
|
|
# )
|
|
|
|
|
|
|
|
|
|
# TEST: Github OAuth - REMOVE
|
2024-01-24 12:29:35 +01:00
|
|
|
response = requests.post(
|
2024-01-30 06:25:52 +01:00
|
|
|
'https://github.com/login/oauth/access_token',
|
2024-01-24 12:29:35 +01:00
|
|
|
headers={
|
2024-01-30 06:25:52 +01:00
|
|
|
'Accept': 'application/json'
|
2024-01-24 12:29:35 +01:00
|
|
|
},
|
|
|
|
|
data={
|
|
|
|
|
'code': auth_code,
|
|
|
|
|
'redirect_uri': get_env_variable('REDIRECT_URI'),
|
|
|
|
|
'client_id': get_env_variable('CLIENT_ID'),
|
2024-01-30 06:25:52 +01:00
|
|
|
'client_secret': get_env_variable('CLIENT_SECRET')
|
2024-01-24 12:29:35 +01:00
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
|
|
|
|
|
tokens = response.json()
|
|
|
|
|
|
2024-01-30 06:25:52 +01:00
|
|
|
# TEST: Github OAuth - REMOVE
|
|
|
|
|
tokens['refresh_token'] = 'N/A'
|
|
|
|
|
tokens['expires_in'] = 36000
|
|
|
|
|
|
2024-01-24 12:29:35 +01:00
|
|
|
# Save tokens for later use
|
|
|
|
|
save_tokens(tokens['access_token'], tokens['refresh_token'], tokens['expires_in'])
|
|
|
|
|
|
2024-01-30 07:02:03 +01:00
|
|
|
return redirect(url_for('home'))
|
|
|
|
|
|
|
|
|
|
# logout
|
2024-01-30 07:11:58 +01:00
|
|
|
@app.route('/logout', methods=['POST'])
|
2024-01-30 07:02:03 +01:00
|
|
|
def logout():
|
|
|
|
|
token_id = session.get('token_id')
|
|
|
|
|
|
|
|
|
|
if not token_id:
|
|
|
|
|
return redirect(url_for('home'))
|
|
|
|
|
|
|
|
|
|
# remove token_id from session
|
|
|
|
|
session.pop('token_id', None)
|
|
|
|
|
|
|
|
|
|
response = requests.put(f'{database_url}/token/{token_id}', headers={
|
|
|
|
|
'Content-Type': 'application/json'
|
|
|
|
|
}, json={
|
|
|
|
|
'is_logged_in': False
|
|
|
|
|
})
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
|
|
|
|
|
return redirect(url_for('home'))
|
2024-01-24 12:29:35 +01:00
|
|
|
|
|
|
|
|
def is_logged_in():
|
|
|
|
|
response = requests.get(f'{database_url}/token/latest')
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
if response.status_code == 204:
|
|
|
|
|
return False
|
|
|
|
|
elif response.status_code == 200:
|
|
|
|
|
resp_json = response.json()
|
2024-01-30 07:02:03 +01:00
|
|
|
return resp_json['token']['is_logged_in'] or False
|
2024-01-24 12:29:35 +01:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def save_tokens(access_token, refresh_token, expiration_seconds):
|
|
|
|
|
response = requests.post(
|
|
|
|
|
f'{database_url}/token',
|
|
|
|
|
headers={
|
|
|
|
|
'Content-Type': 'application/json'
|
|
|
|
|
},
|
|
|
|
|
json={
|
|
|
|
|
'access_token': access_token,
|
|
|
|
|
'refresh_token': refresh_token,
|
|
|
|
|
'expiration_seconds': expiration_seconds
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2024-01-24 14:41:56 +01:00
|
|
|
app.run(host='0.0.0.0', debug=True, port=5000)
|
