From 64818f1e6e4a4eacfd7aff17a23737a60f43a3c9 Mon Sep 17 00:00:00 2001
From: arzumify <jliwin98@hectabit.org>
Date: Tue, 14 May 2024 01:23:03 +0100
Subject: [PATCH] OAuth2 build working

---
 config.ini           |   8 +--
 main                 |  12 ++--
 templates/oauth.html | 142 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 154 insertions(+), 8 deletions(-)
 create mode 100644 templates/oauth.html

diff --git a/config.ini b/config.ini
index 596f2a9..e39be9f 100644
--- a/config.ini
+++ b/config.ini
@@ -1,6 +1,6 @@
 [config]
-PORT = 8080
-SECRET_KEY = placeholder
+PORT = 8083
+SECRET_KEY = illaaaaaaaaaaaaaaaaaaaaaaaaaaoewhoihowheowheowheow
 UPLOAD_FOLDER = uploads
-PASSWORD_REQUIREMENT = 12
-UPLOAD_LIMIT = 12
\ No newline at end of file
+PASSWORD_REQUIREMENT = 8
+UPLOAD_LIMIT = 8
diff --git a/main b/main
index b1cab51..a1d2c67 100644
--- a/main
+++ b/main
@@ -388,13 +388,15 @@ async def apilogin():
         }, 400
 
 @app.route("/api/oauth", methods=("GET", "POST"))
-async def apilogin():
+async def apioauth():
     if request.method == "POST":
         data = await request.get_json()
         username = data["username"]
         password = data["access_token"]
 
-        response = requests.post("https://auth.hectabit.org/api/loggedin", {"access_token": password})
+        conn = get_db_connection()
+        subdata = '{"access_token":"' + password + '"}'
+        response = requests.post("https://auth.hectabit.org/api/loggedin", subdata)
         if response.status_code == 200:
             userID = check_username_taken(username)
             user = get_user(userID)
@@ -402,11 +404,10 @@ async def apilogin():
                 conn.execute("INSERT INTO users (username, password, created, htmldescription) VALUES (?, ?, ?, ?)",
                      (username, "OAUTH2", str(time.time()), ""))
         else:
-            return {"error": "oauth2 token error"}, response.status_code
+            return {"error": response.json()["error"]}, response.status_code
 
         randomCharacters = secrets.token_hex(512)
 
-        conn = get_db_connection()
         conn.execute("INSERT INTO sessions (session, id) VALUES (?, ?)",
                      (randomCharacters, userID))
         conn.commit()
@@ -625,6 +626,9 @@ async def login():
     else:
         return await render_template("login.html")
 
+@app.route("/oauth", methods=("GET", "POST"))
+async def oauth():
+    return await render_template("oauth.html")
 
 @app.route("/settings", methods=("GET", "POST"))
 async def settings():
diff --git a/templates/oauth.html b/templates/oauth.html
new file mode 100644
index 0000000..2aacea5
--- /dev/null
+++ b/templates/oauth.html
@@ -0,0 +1,142 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OAuth2 Test</title>
+</head>
+<body>
+    <h1 id="text">Login using OAuth2</h1>
+    <button onclick="authorize()">Authorize</button>
+    
+    <script>
+        // Configuration
+        const clientId = 'jT89GqLCqobN3pb6Rgkk0klDyicUbdjY';
+        const redirectUri = 'https://cat.hectabit.org/oauth';
+        const authorizationEndpoint = 'https://auth.hectabit.org/login';
+        const tokenEndpoint = 'https://auth.hectabit.org/api/tokenauth';
+        const userinfoEndpoint = 'https://auth.hectabit.org/userinfo'; // Added userinfo endpoint
+
+        // Generate a random code verifier
+        function generateCodeVerifier() {
+            const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
+            const length = 128;
+            return Array.from(crypto.getRandomValues(new Uint8Array(length)))
+                .map((x) => charset[x % charset.length])
+                .join("");
+        }
+
+        // Create a code challenge from the code verifier using SHA-256
+        async function createCodeChallenge(codeVerifier) {
+            const buffer = new TextEncoder().encode(codeVerifier);
+            const hashArrayBuffer = await crypto.subtle.digest('SHA-256', buffer);
+            const hashBase64 = btoa(String.fromCharCode(...new Uint8Array(hashArrayBuffer)))
+                .replace(/=/g, '')
+                .replace(/\+/g, '-')
+                .replace(/\//g, '_');
+            return hashBase64;
+        }
+
+        // Authorization function with PKCE
+        function authorize() {
+            const codeVerifier = generateCodeVerifier();
+            localStorage.setItem('codeVerifier', codeVerifier); // Store code verifier
+            createCodeChallenge(codeVerifier)
+                .then((codeChallenge) => {
+                    const authorizationUrl = `${authorizationEndpoint}?response_type=code&client_id=${clientId}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${codeChallenge}&code_challenge_method=S256`;
+                    window.location.href = authorizationUrl;
+                })
+                .catch((error) => {
+                    console.error('Error generating code challenge:', error);
+                });
+        }
+
+        // Parse the authorization code from the URL
+        function parseCodeFromUrl() {
+            const urlParams = new URLSearchParams(window.location.search);
+            return urlParams.get('code');
+        }
+
+        // Exchange authorization code for access token
+        async function exchangeCodeForToken(code) {
+            const codeVerifier = localStorage.getItem('codeVerifier'); // Retrieve code verifier
+            const formData = new URLSearchParams();
+            formData.append('client_id', String(clientId));
+            formData.append('code', String(code));
+            formData.append('redirect_uri', String(redirectUri));
+            formData.append('grant_type', 'authorization_code');
+            formData.append('code_verifier', String(codeVerifier));
+
+            const response = await fetch(tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded"
+                },
+                body: formData
+            });
+
+            const data = await response.json();
+            const accessToken = data.access_token;
+            const idToken = data.id_token;
+
+            // Request userinfo with id_token in bearer format
+            fetch(userinfoEndpoint, {
+                headers: {
+                    "Authorization": `Bearer ${idToken}`
+                }
+            })
+            .then((response) => {
+                async function doStuff() {
+                    if (response.status == 200) {
+                        const userinfoData = await response.json();
+                        console.log("User:", userinfoData.name)
+                        console.log("Sub:", userinfoData.sub);
+                        document.getElementById("text").innerText = "Authenticating, " + userinfoData.name;
+                        fetch("https://cat.hectabit.org/api/oauth", {
+                            method: "POST",
+                            headers: {
+                                "Content-Type": "application/json"
+                            },
+                            body: JSON.stringify({
+                                username: userinfoData.name,
+                                access_token: data.access_token
+                            })
+                        })
+                        .then((response) => {
+                            async function doStuff2() {
+                                let key = await response.json()
+                                if (response.status == 200) {
+                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+                                    window.location.replace("/")
+                                } else {
+                                    document.getElementById("text").innerText = "Failed: " + key["error"]
+                                }
+                            }
+                            doStuff2()
+                        });
+                        localStorage.setItem("user", userinfoData.name)
+                        localStorage.setItem("sub", userinfoData.sub)
+                    } else {
+                        document.getElementById("text").innerText = "Authentication failed"
+                    }
+                }
+                doStuff()
+            });
+        }
+
+        // Main function to handle OAuth2 flow
+        async function main() {
+            if (localStorage.getItem("user") !== null) {
+                document.getElementById("text").innerText = "Welcome back, " + localStorage.getItem("user")
+            }
+            const code = parseCodeFromUrl();
+            if (code) {
+                await exchangeCodeForToken(code);
+            }
+        }
+
+        // Call the main function on page load
+        main();
+    </script>
+</body>
+</html>