mirrors/lnbits-legend
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits-legend.git synced 2024-11-20 10:39:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent brute-force token overwriting

Browse Source
This commit is contained in:
Fitti 2021-06-23 09:53:10 +02:00
parent c754017e9d
commit 1cd1a99944
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lnbits/extensions/twitchalerts/crud.py
View File

@ -141,15 +141,18 @@ async def authenticate_service(service_id, code, redirect_uri):
response = (await client.post(url, data=data)).json()
print(response)
token = response['access_token']
await service_add_token(service_id, token)
return f"/twitchalerts/?usr={user}"
success = await service_add_token(service_id, token)
return f"/twitchalerts/?usr={user}", success
async def service_add_token(service_id, token):
if (await get_service(service_id)).authenticated:
return False
db.execute(
"UPDATE Services SET token = ? where id = ?",
"UPDATE Services SET authenticated = 1, token = ? where id = ?",
(token, service_id,),
)
return True
async def delete_service(service_id: int) -> None:

10
lnbits/extensions/twitchalerts/views_api.py
View File

@ -77,8 +77,14 @@ async def api_authenticate_service(service_id):
)
redirect_uri = request.scheme + "://" + request.headers["Host"]
redirect_uri += f"/twitchalerts/api/v1/authenticate/{service_id}"
url = await authenticate_service(service_id, code, redirect_uri)
return redirect(url)
url, success = await authenticate_service(service_id, code, redirect_uri)
if success:
return redirect(url)
else:
return (
jsonify({"message": "Service already authenticated!"}),
HTTPStatus.BAD_REQUEST
)
@twitchalerts_ext.route("/api/v1/createdonation", methods=["POST"])