Separate micro services

app/Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.8-slim-buster
+
+WORKDIR /app
+
+ADD . /app
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+EXPOSE 5000
+
+CMD ["python", "main.py"]

app/main.py

@@ -0,0 +1,94 @@
+import os
+from flask import Flask, render_template, request, redirect, abort
+import requests
+
+def get_env_variable(var_name):
+    value = os.environ.get(var_name)
+    if not value:
+        raise ValueError(f"Missing required environment variable: {var_name}")
+    return value
+
+app = Flask(__name__)
+
+# Read environment variables outside the route function
+client_id = get_env_variable('CLIENT_ID')
+redirect_uri = get_env_variable('REDIRECT_URI')
+optional_scopes = get_env_variable('OPTIONAL_SCOPES')
+database_url = get_env_variable('DATABASE_URL')
+
+csrf_protection_string = None
+
+@app.route('/')
+def home():
+    if is_logged_in():
+        return render_template('success.html')
+
+    # Generate a CSRF protection string
+    global csrf_protection_string
+    csrf_protection_string = os.urandom(16).hex()
+
+    # Pass dynamic variables to the template
+    return render_template('index.html', client_id=client_id, redirect_uri=redirect_uri, 
+                           optional_scopes=optional_scopes, csrf_protection_string=csrf_protection_string)
+
+@app.route('/oauth-redirect')
+def oauth_redirect():
+    auth_code = request.args.get('code')
+    csrf_token = request.args.get('state')
+
+    # Verify the CSRF protection string
+    if csrf_token != csrf_protection_string:
+        abort(400, 'Invalid CSRF token. Please try again.')
+
+    # Exchange authorization code for access and refresh tokens
+    response = requests.post(
+        'https://www.inoreader.com/oauth2/token',
+        headers={
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'User-agent': 'your-user-agent'
+        },
+        data={
+            'code': auth_code,
+            'redirect_uri': get_env_variable('REDIRECT_URI'),
+            'client_id': get_env_variable('CLIENT_ID'),
+            'client_secret': get_env_variable('CLIENT_SECRET'),
+            'scope': '',
+            'grant_type': 'authorization_code'
+        }
+    )
+
+    response.raise_for_status()
+
+    tokens = response.json()
+
+    # Save tokens for later use
+    save_tokens(tokens['access_token'], tokens['refresh_token'], tokens['expires_in'])
+
+    return redirect('/')
+
+def is_logged_in():
+    response = requests.get(f'{database_url}/token/latest')
+    response.raise_for_status()
+    if response.status_code == 204:
+        return False
+    elif response.status_code == 200:
+        resp_json = response.json()
+        return resp_json['token']['expiration_seconds'] + resp_json['token']['timestamp'] > datetime.now().timestamp()
+    return False
+
+def save_tokens(access_token, refresh_token, expiration_seconds):
+    response = requests.post(
+        f'{database_url}/token',
+        headers={
+            'Content-Type': 'application/json'
+        },
+        json={
+            'access_token': access_token,
+            'refresh_token': refresh_token,
+            'expiration_seconds': expiration_seconds
+        }
+    )
+    response.raise_for_status()
+
+if __name__ == '__main__':
+    app.run(debug=True, port=5000)

app/requirements.txt

@@ -0,0 +1,2 @@
+Flask==3.0.1
+requests==2.31.0

app/templates/index.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Simple Frontend</title>
+</head>
+<body>
+    <button onclick="redirectToOAuth()">Click Me</button>
+
+    <script>
+        function redirectToOAuth() {
+            // Encode URL components using Jinja filters
+            var encodedRedirectUri = encodeURIComponent('{{ redirect_uri }}');
+            var encodedOptionalScopes = encodeURIComponent('{{ optional_scopes }}');
+
+            // Construct the URL using Jinja variables
+            var oauthUrl = `https://www.inoreader.com/oauth2/auth?client_id={{ client_id }}&redirect_uri=${encodedRedirectUri}&response_type=code&scope=${encodedOptionalScopes}&state={{ csrf_protection_string }}`;
+
+            // Redirect to the constructed URL
+            window.location.href = oauthUrl;
+        }
+    </script>
+</body>
+</html>

app/templates/success.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Simple Frontend</title>
+</head>
+<body>
+    <h1>Logged In!</h1>
+</body>
+</html>

database/Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.8-slim-buster
+
+WORKDIR /app
+
+ADD . /app
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+EXPOSE 5000
+
+CMD ["python", "main.py"]

database/main.py

@@ -0,0 +1,54 @@
+from flask import Flask, jsonify, request
+from flask_sqlalchemy import SQLAlchemy
+from datetime import datetime
+
+app = Flask(__name__)
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///tokens.db'  # Use SQLite for simplicity
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+db = SQLAlchemy(app)
+
+class Token(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    access_token = db.Column(db.String(255), nullable=False)
+    refresh_token = db.Column(db.String(255), nullable=False)
+    expiration_seconds = db.Column(db.Integer, nullable=False)
+    timestamp = db.Column(db.DateTime, default=datetime.utcnow)
+
+    def __repr__(self):
+        return f'<Token {self.id}>'
+
+# Initialize the database
+db.create_all()
+
+# API to create a new token entry
+@app.route('/token', methods=['POST'])
+def create_token():
+    data = request.get_json()
+    access_token = data.get('access_token')
+    refresh_token = data.get('refresh_token')
+    expiration_seconds = data.get('expiration_seconds')
+
+    new_token = Token(access_token=access_token, refresh_token=refresh_token, expiration_seconds=expiration_seconds)
+    db.session.add(new_token)
+    db.session.commit()
+
+    return ('', 204)
+
+# API to get the latest token entry
+@app.route('/token/latest', methods=['GET'])
+def get_latest_token():
+    latest_token = Token.query.order_by(Token.timestamp.desc()).first()
+    
+    if latest_token:
+        token_info = {
+            'access_token': latest_token.access_token,
+            'refresh_token': latest_token.refresh_token,
+            'expiration_seconds': latest_token.expiration_seconds,
+            'timestamp': latest_token.timestamp.isoformat()
+        }
+        return jsonify({'token': token_info}), 200
+    else:
+        return '', 204
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000, debug=True)

database/requirements.txt

@@ -0,0 +1,2 @@
+Flask==3.0.1
+Flask-SQLAlchemy==3.1.1

job/Dockerfile

@@ -6,6 +6,4 @@ ADD . /app
 
 RUN pip install --no-cache-dir -r requirements.txt
 
-EXPOSE 80
-
 CMD ["python", "main.py"]

job/main.py

@@ -6,6 +6,8 @@ import logging
 
 DATA_STORE_PATH = "/data/last_update_time.txt"
 
+DATABASE_URL = os.getenv("DATABASE_URL")
+
 logging.basicConfig(level=logging.INFO)
 
 class APIHandler:
@@ -35,7 +37,7 @@ def get_new_annotations(last_annotation_time):
     inoreader = APIHandler(
         "https://www.inoreader.com/reader/api/0/stream/contents",
         headers = {
-            'Authorization': 'Bearer ' + os.getenv("INOREADER_ACCESS_TOKEN")
+            'Authorization': 'Bearer ' + get_inoreader_access_token()
         }
     )
 
@@ -99,6 +101,65 @@ def push_annotations_to_readwise(annotations):
         }
     )
 
+def get_inoreader_access_token():
+    response = requests.get(f'{DATABASE_URL}/token/latest')
+    response.raise_for_status()
+
+    if response.status_code == 204:
+        # throw error - not logged in. Please log in first through the web app
+        raise Exception("Not logged in. Please log in first through the web app")
+    elif response.status_code == 200:
+        resp_json = response.json()
+        if resp_json['token']['expiration_seconds'] + resp_json['token']['timestamp'] > datetime.now().timestamp():
+            return resp_json['token']['access_token']
+        else:
+            return refresh_inoreader_access_token(resp_json['token']['refresh_token'])
+
+    access_token = get_token_from_database()
+    if not access_token:
+        access_token = refresh_inoreader_access_token()
+
+    if not access_token:
+        raise Exception("Unable to get access token. Try logging in again through the web app")
+    return access_token
+
+def refresh_inoreader_access_token(refresh_token):
+    response = requests.post(
+        'https://www.inoreader.com/oauth2/token',
+        headers={
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        data={
+            'refresh_token': refresh_token,
+            'client_id': os.getenv("INOREADER_CLIENT_ID"),
+            'client_secret': os.getenv("INOREADER_CLIENT_SECRET"),
+            'grant_type': 'refresh_token'
+        }
+    )
+
+    response.raise_for_status()
+
+    tokens = response.json()
+
+    # Save tokens for later use
+    save_tokens(tokens['access_token'], tokens['refresh_token'], tokens['expires_in'])
+
+    return tokens['access_token']
+
+def save_tokens(access_token, refresh_token, expiration_seconds):
+    response = requests.post(
+        f'{DATABASE_URL}/token',
+        headers={
+            'Content-Type': 'application/json'
+        },
+        json={
+            'access_token': access_token,
+            'refresh_token': refresh_token,
+            'expiration_seconds': expiration_seconds
+        }
+    )
+    response.raise_for_status()
+
 def main():
 
     while True: