From 060df3b7403d1ed6c9f9cf886f100c9b01f4eb03 Mon Sep 17 00:00:00 2001
From: Arzumify <jliwin98@hectabit.org>
Date: Tue, 14 May 2024 00:46:42 +0100
Subject: [PATCH] OAuth2 support (beta)

---
 main | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/main b/main
index 60d1184..b1cab51 100644
--- a/main
+++ b/main
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 import os
+import requests
 import configparser
 import sqlite3
 import time
@@ -386,6 +387,39 @@ async def apilogin():
             "error": "https://http.cat/images/400.jpg"
         }, 400
 
+@app.route("/api/oauth", methods=("GET", "POST"))
+async def apilogin():
+    if request.method == "POST":
+        data = await request.get_json()
+        username = data["username"]
+        password = data["access_token"]
+
+        response = requests.post("https://auth.hectabit.org/api/loggedin", {"access_token": password})
+        if response.status_code == 200:
+            userID = check_username_taken(username)
+            user = get_user(userID)
+            if user == "error":
+                conn.execute("INSERT INTO users (username, password, created, htmldescription) VALUES (?, ?, ?, ?)",
+                     (username, "OAUTH2", str(time.time()), ""))
+        else:
+            return {"error": "oauth2 token error"}, response.status_code
+
+        randomCharacters = secrets.token_hex(512)
+
+        conn = get_db_connection()
+        conn.execute("INSERT INTO sessions (session, id) VALUES (?, ?)",
+                     (randomCharacters, userID))
+        conn.commit()
+        conn.close()
+
+        return {
+                    "key": randomCharacters
+                }, 200
+    else:
+        return {
+            "error": "https://http.cat/images/405.jpg"
+        }, 405
+
 @app.route("/apidocs", methods=("GET", "POST"))
 async def apidocs():
     usersession = request.cookies.get("session_DO_NOT_SHARE")