This repository has been archived by the owner on Dec 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create_oauth_client.py
79 lines (64 loc) · 2.51 KB
/
create_oauth_client.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import os
import urllib.parse
import requests
from flask import session, url_for, request, redirect, abort, jsonify
from flask_oauthlib.client import OAuth
from werkzeug import security
CONSUMER_KEY = os.environ("OAUTH_KEY", "local-dev-email")
SECRET = os.environ("OAUTH_SECRET", "KH0mvknMUWT5w3U7zvz6wsUQZoy6UmQ")
def create_oauth_client(app):
oauth = OAuth(app)
app.secret_key = SECRET
if not app.debug:
app.config.update(
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE='Lax',
)
remote = oauth.remote_app(
"ok-server", # Server Name
consumer_key=CONSUMER_KEY,
consumer_secret=SECRET,
request_token_params={"scope": "email", "state": lambda: security.gen_salt(10)},
base_url="https://okpy.org/api/v3/",
request_token_url=None,
access_token_method="POST",
access_token_url="https://okpy.org/oauth/token",
authorize_url="https://okpy.org/oauth/authorize",
)
def check_req(uri, headers, body):
""" Add access_token to the URL Request. """
if "access_token" not in uri and session.get("dev_token"):
params = {"access_token": session.get("dev_token")[0]}
url_parts = list(urllib.parse.urlparse(uri))
query = dict(urllib.parse.parse_qsl(url_parts[4]))
query.update(params)
url_parts[4] = urllib.parse.urlencode(query)
uri = urllib.parse.urlunparse(url_parts)
return uri, headers, body
remote.pre_request = check_req
@app.route("/oauth/login")
def login():
response = remote.authorize(callback=url_for("authorized", _external=True))
return response
@app.route("/oauth/authorized")
def authorized():
resp = remote.authorized_response()
if resp is None:
return "Access denied: error=%s" % (request.args["error"])
if isinstance(resp, dict) and "access_token" in resp:
session["dev_token"] = (resp["access_token"], "")
return redirect("/")
@app.route("/api/user", methods=["POST"])
def client_method():
if "dev_token" not in session:
abort(401)
token = session["dev_token"][0]
r = requests.get("https://okpy.org/api/v3/user/?access_token={}".format(token))
if not r.ok:
abort(401)
return jsonify(r.json())
@remote.tokengetter
def get_oauth_token():
return session.get("dev_token")
app.remote = remote