diff --git a/main b/main index 97ca657..4d24a80 100644 --- a/main +++ b/main @@ -1,4 +1,5 @@ #!/usr/bin/python3 +import jwt import os import sqlite3 import time @@ -78,12 +79,26 @@ async def oauth2_token_refresh(openid, appId): conn = get_db_connection() # Fetch required data in a single query - login_data = conn.execute("SELECT nextcode, nextsecret FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone() + login_data = conn.execute("SELECT nextcode, nextsecret, nextopenid FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone() + + datatemplate = { + "sub": user["username"], + "iss": "https://auth.hectabit.org", + "name": user["username"], + "aud": appId, + "exp": time.time() + 3600, + "iat": time.time(), + "auth_time": time.time(), + "nonce": str(secrets.token_hex(512)) + } + + jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256') if login_data: nextcode = login_data[0] nextsecret = login_data[1] - conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), str(appId), str(openid))) + nextopenid = login_data[2] + conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ?, openid = ?, nextopenid = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), nextopenid, str(jwt_token), str(appId), str(openid))) conn.commit() conn.close() await asyncio.sleep(3600) @@ -238,8 +253,21 @@ async def apiauthenticate(): if not str(appidcheck) == str(appId): return {}, 401 - conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)", - (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(secrets.token_hex(512)))) + datatemplate = { + "sub": user["username"], + "iss": "https://auth.hectabit.org", + "name": user["username"], + "aud": appId, + "exp": time.time() + 3600, + "iat": time.time(), + "auth_time": time.time(), + "nonce": str(secrets.token_hex(512)) + } + + jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256') + + conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)", + (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(jwt_token))) conn.commit() conn.close()