Add state for authentication

lnbits/extensions/twitchalerts/crud.py

@@ -6,6 +6,8 @@ from ..satspay.crud import delete_charge
 import httpx
 
 from typing import Optional
+
+from lnbits.helpers import urlsafe_short_hash
 from lnbits.core.crud import get_wallet
 
 
@@ -80,6 +82,7 @@ async def create_service(
     client_secret: str,
     wallet: str,
     servicename: str,
+    state: str = None,
     onchain: str = None,
 ) -> Service:
     result = await db.execute(
@@ -91,9 +94,10 @@ async def create_service(
             wallet,
             servicename,
             authenticated,
+            state,
             onchain
         )
-        VALUES (?, ?, ?, ?, ?, ?, ?)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
         """,
         (
             twitchuser,
@@ -102,6 +106,7 @@ async def create_service(
             wallet,
             servicename,
             False,
+            urlsafe_short_hash(),
             onchain,
         ),
     )

lnbits/extensions/twitchalerts/migrations.py

@@ -4,6 +4,7 @@ async def m001_initial(db):
         """
         CREATE TABLE IF NOT EXISTS Services (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
+            state TEXT NOT NULL,
             twitchuser TEXT NOT NULL,
             client_id TEXT NOT NULL,
             client_secret TEXT NOT NULL,

lnbits/extensions/twitchalerts/models.py

@@ -18,6 +18,7 @@ class Donation(NamedTuple):
 
 class Service(NamedTuple):
     id: int
+    state: str
     twitchuser: str
     client_id: str
     client_secret: str

lnbits/extensions/twitchalerts/views_api.py

@@ -9,6 +9,7 @@ from .crud import (
     create_donation,
     post_donation,
     create_service,
+    get_service,
     authenticate_service
 )
 from ..satspay.crud import create_charge, get_charge
@@ -34,11 +35,45 @@ async def api_create_service():
     return redirect(redirect_url)
 
 
+@twitchalerts_ext.route("/api/v1/getaccess/<service_id>", methods=["GET"])
+async def api_get_access(service_id):
+    service = await get_service(service_id)
+    if service:
+        uri_base = request.scheme + "://"
+        uri_base += request.headers["Host"] + "/twitchalerts/api/v1"
+        redirect_uri = uri_base + f"/authenticate/{service_id}"
+        params = {
+            "response_type": "code",
+            "client_id": service.client_id,
+            "client_secret": service.client_secret,
+            "redirect_uri": redirect_uri,
+            "scope": "donations.create",
+            "state": service.state
+        }
+        endpoint_url = "https://streamlabs.com/api/v1.0/authorize/?"
+        querystring = "&".join(
+            [f"{key}={value}" for key, value in params.items()]
+        )
+        redirect_url = endpoint_url + querystring
+        return redirect(redirect_url)
+    else:
+        return (
+            jsonify({"message": "Service does not exist!"}),
+            HTTPStatus.BAD_REQUEST
+        )
+
+
 @twitchalerts_ext.route("/api/v1/authenticate/<service_id>", methods=["GET"])
 async def api_authenticate_service(service_id):
     code = request.args.get('code')
-    redirect_uri = request.scheme + "://" + request.headers["Host"]
+    state = request.args.get('state')
-    redirect_uri += f"/twitchalerts/api/v1/authenticate/{service_id}"
+    service = await get_service(service_id)
+    if service.state != state:
+        return (
+            jsonify({"message": "State doesn't match!"}),
+            HTTPStatus.BAD_Request
+        )
+    redirect_uri = f"/twitchalerts/api/v1/authenticate/{service_id}"
     url = await authenticate_service(service_id, code, redirect_uri)
     return redirect(url)