Add state for authentication

2025-02-24 14:51:05 +01:00 · 2021-06-22 18:05:07 +02:00 · 2021-06-22 18:05:07 +02:00 · 8386facbdb
commit 8386facbdb
parent d16eae2d9d
4 changed files with 45 additions and 3 deletions
--- a/lnbits/extensions/twitchalerts/crud.py
+++ b/lnbits/extensions/twitchalerts/crud.py
@ -6,6 +6,8 @@ from ..satspay.crud import delete_charge
 import httpx

 from typing import Optional
+
+from lnbits.helpers import urlsafe_short_hash
 from lnbits.core.crud import get_wallet


@ -80,6 +82,7 @@ async def create_service(
    client_secret: str,
    wallet: str,
    servicename: str,
+    state: str = None,
    onchain: str = None,
 ) -> Service:
    result = await db.execute(
@ -91,9 +94,10 @@ async def create_service(
            wallet,
            servicename,
            authenticated,
+            state,
            onchain
        )
-        VALUES (?, ?, ?, ?, ?, ?, ?)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
        """,
        (
            twitchuser,
@ -102,6 +106,7 @@ async def create_service(
            wallet,
            servicename,
            False,
+            urlsafe_short_hash(),
            onchain,
        ),
    )
--- a/lnbits/extensions/twitchalerts/migrations.py
+++ b/lnbits/extensions/twitchalerts/migrations.py
@ -4,6 +4,7 @@ async def m001_initial(db):
        """
        CREATE TABLE IF NOT EXISTS Services (
            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            state TEXT NOT NULL,
            twitchuser TEXT NOT NULL,
            client_id TEXT NOT NULL,
            client_secret TEXT NOT NULL,
--- a/lnbits/extensions/twitchalerts/models.py
+++ b/lnbits/extensions/twitchalerts/models.py
@ -18,6 +18,7 @@ class Donation(NamedTuple):

 class Service(NamedTuple):
    id: int
+    state: str
    twitchuser: str
    client_id: str
    client_secret: str
--- a/lnbits/extensions/twitchalerts/views_api.py
+++ b/lnbits/extensions/twitchalerts/views_api.py
@ -9,6 +9,7 @@ from .crud import (
    create_donation,
    post_donation,
    create_service,
+    get_service,
    authenticate_service
 )
 from ..satspay.crud import create_charge, get_charge
@ -34,11 +35,45 @@ async def api_create_service():
    return redirect(redirect_url)


+@twitchalerts_ext.route("/api/v1/getaccess/<service_id>", methods=["GET"])
+async def api_get_access(service_id):
+    service = await get_service(service_id)
+    if service:
+        uri_base = request.scheme + "://"
+        uri_base += request.headers["Host"] + "/twitchalerts/api/v1"
+        redirect_uri = uri_base + f"/authenticate/{service_id}"
+        params = {
+            "response_type": "code",
+            "client_id": service.client_id,
+            "client_secret": service.client_secret,
+            "redirect_uri": redirect_uri,
+            "scope": "donations.create",
+            "state": service.state
+        }
+        endpoint_url = "https://streamlabs.com/api/v1.0/authorize/?"
+        querystring = "&".join(
+            [f"{key}={value}" for key, value in params.items()]
+        )
+        redirect_url = endpoint_url + querystring
+        return redirect(redirect_url)
+    else:
+        return (
+            jsonify({"message": "Service does not exist!"}),
+            HTTPStatus.BAD_REQUEST
+        )
+
+
@twitchalerts_ext.route("/api/v1/authenticate/<service_id>", methods=["GET"])
 async def api_authenticate_service(service_id):
    code = request.args.get('code')
-    redirect_uri = request.scheme + "://" + request.headers["Host"]
-    redirect_uri += f"/twitchalerts/api/v1/authenticate/{service_id}"
+    state = request.args.get('state')
+    service = await get_service(service_id)
+    if service.state != state:
+        return (
+            jsonify({"message": "State doesn't match!"}),
+            HTTPStatus.BAD_Request
+        )
+    redirect_uri = f"/twitchalerts/api/v1/authenticate/{service_id}"
    url = await authenticate_service(service_id, code, redirect_uri)
    return redirect(url)