-
Notifications
You must be signed in to change notification settings - Fork 1
/
oauth.py
170 lines (136 loc) · 4.55 KB
/
oauth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
import os
import uuid
from urllib.parse import quote_plus
from authlib.integrations.flask_client import OAuth
from flask import (
Blueprint,
flash,
redirect,
url_for,
request,
session,
)
from flask_login import (
login_required,
login_user,
logout_user,
current_user,
)
from werkzeug.security import check_password_hash
from config import *
from models import User
DISCORD_API_BASE_URL = "https://discord.com/api/"
DISCORD_API_AUTHORIZE_URL = "https://discord.com/oauth2/authorize"
DISCORD_API_ACCESS_TOKEN_URL = "https://discord.com/api/oauth2/token"
DISCORD_API_REVOKE_TOKEN_URL = "https://discord.com/api/oauth2/token/revoke"
DISCORD_CLIENT_ID = os.environ.get("DISCORD_CLIENT_ID")
DISCORD_CLIENT_SECRET = os.environ.get("DISCORD_CLIENT_SECRET")
DISCORD_CLIENT_OAUTH2_SCOPES = "identify guilds.members.read"
# (server id, role id)
DISCORD_SERVER_WHITELIST = [
("864267081255616542", "864276628237713459"),
("1089761570713772153", "1089771478154743961"),
("1114660019212910622", None)
]
BASIC_LOGIN_DIGEST = os.environ.get("BASIC_LOGIN_DIGEST")
oauth = OAuth()
oauth.register(
name="discord",
client_id=DISCORD_CLIENT_ID,
client_secret=DISCORD_CLIENT_SECRET,
authorize_url=DISCORD_API_AUTHORIZE_URL,
authorize_params={"prompt": "consent"},
access_token_url=DISCORD_API_ACCESS_TOKEN_URL,
access_token_params=None,
api_base_url=DISCORD_API_BASE_URL,
client_kwargs={
"scope": DISCORD_CLIENT_OAUTH2_SCOPES,
},
)
user = Blueprint("user", __name__)
@user.route("/login/discord", methods=["POST"])
def login_discord():
if current_user.is_authenticated:
return redirect("/")
redirect_url = url_for(".authorize_discord", _external=True)
return oauth.discord.authorize_redirect(redirect_url)
@user.route("/login/basic", methods=["POST"])
def login_backup():
if current_user.is_authenticated:
return redirect("/")
if session.get("locale") == "ja":
msgs = [
"ログインに成功しました!",
"パスワードが正しくない。",
]
else:
msgs = ["Success!", "The password you entered was incorrect."]
username = request.form["username"]
password = request.form["password"]
if check_password_hash(BASIC_LOGIN_DIGEST, password):
user = User(id=uuid.uuid4())
login_user(user)
session["_username"] = username
# flash(msgs[0], "success")
else:
flash(msgs[1], "error")
return redirect("/")
@user.route("/authorize/discord")
def authorize_discord():
if current_user.is_authenticated:
return redirect("/")
if session.get("_flashes") is not None:
session["_flashes"].clear()
if session.get("locale") == "ja":
msgs = [
"ログインに成功しました!", #
"Discordアカウントには、ログインの権限がありません。", #
"ログインにエラーが発生しました。",
]
else:
msgs = [
"Success!",
"Your Discord account does not have permission to login.",
"There was an error logging in.",
]
try:
oauth.discord.authorize_access_token()
if is_authorized_user():
user = User(id=uuid.uuid4())
login_user(user)
user_info = oauth.discord.get(quote_plus("users/@me")).json()
username = user_info["username"]
usercode = user_info["discriminator"]
if int(usercode) > 0:
session["_username"] = f"{username}#{usercode}"
else:
session["_username"] = username
session["_discord_user"] = user_info
# flash(msgs[0], "success")
else:
flash(msgs[1], "error")
except:
flash(msgs[2], "error")
return redirect("/")
@user.route("/logout")
def logout():
if current_user.is_authenticated:
logout_user()
if "_username" in session:
session.pop("_username")
if "_discord_user" in session:
session.pop("_discord_user")
return redirect("/")
def is_authorized_user():
# return any(has_server_role(sid, rid) for (sid, rid) in DISCORD_SERVER_WHITELIST)
return True
def has_server_role(server_id, role_id):
resp = oauth.discord.get(quote_plus(f"users/@me/guilds/{server_id}/member"))
if resp.ok:
if role_id is None:
return True
member = resp.json()
for role in member["roles"]:
if role == role_id:
return True
return False