Skip to content
Snippets Groups Projects
Select Git revision
  • 1530a4646b5bb7ab2930d1433eda87d5f0936125
  • main default protected
  • 75389691-a67c-422a-91e9-aa58bfb5-main-patch-32205
  • test-pipe
  • extended-scripts
  • structured-badges
  • guix-pipeline
  • cabal-pipeline
8 results

Tiled.hs

Blame
  • app.py 2.87 KiB
    import os
    import secrets
    
    from flask import Flask, session, request, redirect, abort, Response
    
    from requests_oauthlib import OAuth2Session
    
    def create_app(test_config=None):
    	app = Flask(__name__)
    	app.config['SECRET_KEY'] = secrets.token_hex(128)
    	app.config.from_pyfile('default_config.py')
    	if not test_config:
    		app.config.from_pyfile('config.py', silent=True)
    	else:
    		app.config.from_mapping(test_config)
    
    	@app.route("/auth")
    	def auth():
    		if not session.get('user_id'):
    			abort(401)
    		resp = Response('Ok', 200)
    		resp.headers['OAUTH-USER-ID'] = session['user_id']
    		resp.headers['OAUTH-USER-NAME'] = session['user_name']
    		resp.headers['OAUTH-USER-NICKNAME'] = session['user_nickname']
    		resp.headers['OAUTH-USER-EMAIL'] = session['user_email']
    		resp.headers['OAUTH-USER-GROUPS'] = ','.join(session['user_groups'])
    		return resp
    
    	def get_oauth(**kwargs):
    		return OAuth2Session(request.headers['X-CLIENT-ID'],
    			redirect_uri=request.headers['X-REDIRECT-URI'], **kwargs)
    
    	@app.route("/login")
    	def login():
    		client = get_oauth()
    		url, state = client.authorization_url(app.config['OAUTH2_AUTH_URL'])
    		session['state'] = state
    		session['url'] = request.values.get('url', '/')
    		return redirect(url)
    
    	@app.route("/callback")
    	def callback():
    		client = get_oauth(state=session.pop('state'))
    		token = client.fetch_token(app.config['OAUTH2_TOKEN_URL'],
    			client_secret=request.headers['X-CLIENT-SECRET'],
    			authorization_response=request.url, verify=(not app.debug))
    		userinfo = client.get(app.config['OAUTH2_USERINFO_URL']).json()
    		session['user_id'] = userinfo['id']
    		session['user_name'] = userinfo['name']
    		session['user_nickname'] = userinfo['nickname']
    		session['user_email'] = userinfo['email']
    		session['user_groups'] = userinfo['groups']
    		return redirect(session.pop('url'))
    
    	@app.route("/logout")
    	def logout():
    		session.clear()
    		return 'Ok', 200
    
    	@app.route("/status")
    	def status():
    		resp = Response('''Proxy Configuration Status
    
    For this proxy service to work properly, the OAuth client crendentials must
    be injected in by the webserver as HTTP-headers:
    
    X-CLIENT-ID: %s
    X-CLIENT-SECRET: %s
    X-REDIRECT-URI: %s
    
    If you accessed this ressource with the URL
    
    		https://mydomain/mysubpath/info
    
    then the redirect URI must be set to:
    
    		https://mydomain/mysubpath/callback
    
    This exact redirect URI must also be registered with the OAuth server as
    a valid redirect_uri for the client_id.
    '''%(request.headers.get('X-CLIENT-ID', '(unset)'),
    		'(set)' if request.headers.get('X-CLIENT-SECRET') else '(unset)',
    		request.headers.get('X-REDIRECT-URI', '(unset)')))
    		resp.mimetype = 'text/plain; charset=utf-8'
    		return resp
    
    	return app
    
    if __name__ == '__main__':
    	# oauthlib enforces the OAuth2.0 requirement to use HTTPS, when this is not set
    	os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' # Don't do that in production!
    	testapp = create_app()
    	testapp.run(debug=True, host='localhost', port=5002)