From f5b103828961799d767ebb2022b552e331bf4c63 Mon Sep 17 00:00:00 2001
From: Tracker-Friendly <jliwin98@danwin1210.de>
Date: Sat, 30 Mar 2024 19:19:57 +0000
Subject: [PATCH] OpenID Proper token

---
 main | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/main b/main
index 97ca657..4d24a80 100644
--- a/main
+++ b/main
@@ -1,4 +1,5 @@
 #!/usr/bin/python3
+import jwt
 import os
 import sqlite3
 import time
@@ -78,12 +79,26 @@ async def oauth2_token_refresh(openid, appId):
         conn = get_db_connection()
 
         # Fetch required data in a single query
-        login_data = conn.execute("SELECT nextcode, nextsecret FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone()
+        login_data = conn.execute("SELECT nextcode, nextsecret, nextopenid FROM logins WHERE appId = ? AND openid = ?", (str(appId), str(openid))).fetchone()
+
+        datatemplate = {
+            "sub": user["username"],
+            "iss": "https://auth.hectabit.org",
+            "name": user["username"],
+            "aud": appId,
+            "exp": time.time() + 3600,
+            "iat": time.time(),
+            "auth_time": time.time(),
+            "nonce": str(secrets.token_hex(512))
+        }
+
+        jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256')
 
         if login_data:
             nextcode = login_data[0]
             nextsecret = login_data[1]
-            conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), str(appId), str(openid)))
+            nextopenid = login_data[2]
+            conn.execute("UPDATE logins SET code = ?, nextcode = ?, secret = ?, nextsecret = ?, openid = ?, nextopenid = ? WHERE appId = ? AND openid = ?", (nextcode, str(secrets.token_hex(512)), nextsecret, str(secrets.token_hex(512)), nextopenid, str(jwt_token), str(appId), str(openid)))
             conn.commit()
             conn.close()
             await asyncio.sleep(3600)
@@ -238,8 +253,21 @@ async def apiauthenticate():
         if not str(appidcheck) == str(appId):
             return {}, 401
 
-        conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)", 
-                (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(secrets.token_hex(512))))
+        datatemplate = {
+            "sub": user["username"],
+            "iss": "https://auth.hectabit.org",
+            "name": user["username"],
+            "aud": appId,
+            "exp": time.time() + 3600,
+            "iat": time.time(),
+            "auth_time": time.time(),
+            "nonce": str(secrets.token_hex(512))
+        }
+
+        jwt_token = jwt.encode(datatemplate, SECRET_KEY, algorithm='HS256')
+
+        conn.execute("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid) VALUES (?, ?, ?, ?, ?, ?, ?)",
+                (str(appId), str(secretkey), str(secrets.token_hex(512)), str(secrets.token_hex(512)), str(secrets.token_hex(512)), int(user["id"]), str(jwt_token)))
 
         conn.commit()
         conn.close()