From 8386facbdb66bd5d35691b60a3d82b35b89f0855 Mon Sep 17 00:00:00 2001 From: Fitti Date: Tue, 22 Jun 2021 18:05:07 +0200 Subject: [PATCH] Add state for authentication --- lnbits/extensions/twitchalerts/crud.py | 7 +++- lnbits/extensions/twitchalerts/migrations.py | 1 + lnbits/extensions/twitchalerts/models.py | 1 + lnbits/extensions/twitchalerts/views_api.py | 39 +++++++++++++++++++- 4 files changed, 45 insertions(+), 3 deletions(-) diff --git a/lnbits/extensions/twitchalerts/crud.py b/lnbits/extensions/twitchalerts/crud.py index 298c56804..1f750423b 100644 --- a/lnbits/extensions/twitchalerts/crud.py +++ b/lnbits/extensions/twitchalerts/crud.py @@ -6,6 +6,8 @@ from ..satspay.crud import delete_charge import httpx from typing import Optional + +from lnbits.helpers import urlsafe_short_hash from lnbits.core.crud import get_wallet @@ -80,6 +82,7 @@ async def create_service( client_secret: str, wallet: str, servicename: str, + state: str = None, onchain: str = None, ) -> Service: result = await db.execute( @@ -91,9 +94,10 @@ async def create_service( wallet, servicename, authenticated, + state, onchain ) - VALUES (?, ?, ?, ?, ?, ?, ?) + VALUES (?, ?, ?, ?, ?, ?, ?, ?) """, ( twitchuser, @@ -102,6 +106,7 @@ async def create_service( wallet, servicename, False, + urlsafe_short_hash(), onchain, ), ) diff --git a/lnbits/extensions/twitchalerts/migrations.py b/lnbits/extensions/twitchalerts/migrations.py index 39d7f0ae6..6396ded55 100644 --- a/lnbits/extensions/twitchalerts/migrations.py +++ b/lnbits/extensions/twitchalerts/migrations.py @@ -4,6 +4,7 @@ async def m001_initial(db): """ CREATE TABLE IF NOT EXISTS Services ( id INTEGER PRIMARY KEY AUTOINCREMENT, + state TEXT NOT NULL, twitchuser TEXT NOT NULL, client_id TEXT NOT NULL, client_secret TEXT NOT NULL, diff --git a/lnbits/extensions/twitchalerts/models.py b/lnbits/extensions/twitchalerts/models.py index 827b8d8d2..349ba3beb 100644 --- a/lnbits/extensions/twitchalerts/models.py +++ b/lnbits/extensions/twitchalerts/models.py @@ -18,6 +18,7 @@ class Donation(NamedTuple): class Service(NamedTuple): id: int + state: str twitchuser: str client_id: str client_secret: str diff --git a/lnbits/extensions/twitchalerts/views_api.py b/lnbits/extensions/twitchalerts/views_api.py index fb2c8e233..11e2823bd 100644 --- a/lnbits/extensions/twitchalerts/views_api.py +++ b/lnbits/extensions/twitchalerts/views_api.py @@ -9,6 +9,7 @@ from .crud import ( create_donation, post_donation, create_service, + get_service, authenticate_service ) from ..satspay.crud import create_charge, get_charge @@ -34,11 +35,45 @@ async def api_create_service(): return redirect(redirect_url) +@twitchalerts_ext.route("/api/v1/getaccess/", methods=["GET"]) +async def api_get_access(service_id): + service = await get_service(service_id) + if service: + uri_base = request.scheme + "://" + uri_base += request.headers["Host"] + "/twitchalerts/api/v1" + redirect_uri = uri_base + f"/authenticate/{service_id}" + params = { + "response_type": "code", + "client_id": service.client_id, + "client_secret": service.client_secret, + "redirect_uri": redirect_uri, + "scope": "donations.create", + "state": service.state + } + endpoint_url = "https://streamlabs.com/api/v1.0/authorize/?" + querystring = "&".join( + [f"{key}={value}" for key, value in params.items()] + ) + redirect_url = endpoint_url + querystring + return redirect(redirect_url) + else: + return ( + jsonify({"message": "Service does not exist!"}), + HTTPStatus.BAD_REQUEST + ) + + @twitchalerts_ext.route("/api/v1/authenticate/", methods=["GET"]) async def api_authenticate_service(service_id): code = request.args.get('code') - redirect_uri = request.scheme + "://" + request.headers["Host"] - redirect_uri += f"/twitchalerts/api/v1/authenticate/{service_id}" + state = request.args.get('state') + service = await get_service(service_id) + if service.state != state: + return ( + jsonify({"message": "State doesn't match!"}), + HTTPStatus.BAD_Request + ) + redirect_uri = f"/twitchalerts/api/v1/authenticate/{service_id}" url = await authenticate_service(service_id, code, redirect_uri) return redirect(url)