From 13c7fec864e0dbb046e5becc3f6fafe508f3f201 Mon Sep 17 00:00:00 2001
From: SimolZimol <70102430+SimolZimol@users.noreply.github.com>
Date: Fri, 6 Sep 2024 10:26:46 +0200
Subject: [PATCH] 	modified:   Dockerfile 	modified:   app.py 
 modified:   bot.py

---
 Dockerfile |  3 ++
 app.py     | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 bot.py     |  4 +--
 3 files changed, 97 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4c6366b..56d46bd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,9 @@ ENV ADMIN_PASS=$ADMIN_PASS
 ENV FLASK_ENV=development
 ENV VISION_ENABLED=$VISION_ENABLED
 ENV ASKMULTUS_ENABLED=$ASKMULTUS_ENABLED
+ENV DISCORD_CLIENT_ID=$DISCORD_CLIENT_ID
+ENV DISCORD_CLIENT_SECRET=$DISCORD_CLIENT_SECRET
+ENV DISCORD_REDIRECT_URI=$DISCORD_REDIRECT_URI
 
 # Startbefehl für das Webpanel
 CMD ["python", "app.py"]
diff --git a/app.py b/app.py
index ff5ee60..3f91a95 100644
--- a/app.py
+++ b/app.py
@@ -7,10 +7,11 @@ import os
 import subprocess
 import psutil
 import mysql.connector
+import requests
 from datetime import datetime
 
 app = Flask(__name__)
-app.secret_key = os.getenv("FLASK_SECRET_KEY", "default_secret_key")
+app.secret_key = os.getenv("FLASK_SECRET_KEY")
 
 LOG_FILE_PATH = os.path.join("logs", f"{datetime.now().strftime('%Y-%m-%d')}.log")
 
@@ -21,6 +22,96 @@ DB_USER = os.getenv("DB_USER")
 DB_PASS = os.getenv("DB_PASSWORD")
 DB_NAME = os.getenv("DB_DATABASE")
 
+DISCORD_CLIENT_ID = os.getenv("DISCORD_CLIENT_ID")
+DISCORD_CLIENT_SECRET = os.getenv("DISCORD_CLIENT_SECRET")
+DISCORD_REDIRECT_URI = os.getenv("DISCORD_REDIRECT_URI")
+DISCORD_API_BASE_URL = "https://discord.com/api"
+
+def get_db_connection():
+    connection = mysql.connector.connect(
+        host=DB_HOST,
+        user=DB_USER,
+        password=DB_PASS,
+        database=DB_NAME
+    )
+    return connection
+
+@app.route("/login")
+def login():
+    discord_authorize_url = f"https://discord.com/api/oauth2/authorize?client_id={DISCORD_CLIENT_ID}&redirect_uri={DISCORD_REDIRECT_URI}&response_type=code&scope=identify"
+    return redirect(discord_authorize_url)
+
+# Route for OAuth2 Callback
+@app.route("/callback")
+def callback():
+    code = request.args.get("code")
+    if code is None:
+        return redirect(url_for("login"))
+
+    # Step 1: Exchange the authorization code for an access token
+    data = {
+        "client_id": DISCORD_CLIENT_ID,
+        "client_secret": DISCORD_CLIENT_SECRET,
+        "grant_type": "authorization_code",
+        "code": code,
+        "redirect_uri": DISCORD_REDIRECT_URI
+    }
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    response = requests.post(f"{DISCORD_API_BASE_URL}/oauth2/token", data=data, headers=headers)
+    response_data = response.json()
+    
+    if response.status_code != 200:
+        return jsonify(response_data), 400
+    
+    access_token = response_data.get("access_token")
+
+    # Step 2: Use the access token to fetch the user's info from Discord
+    headers = {
+        "Authorization": f"Bearer {access_token}"
+    }
+    user_response = requests.get(f"{DISCORD_API_BASE_URL}/users/@me", headers=headers)
+    user_data = user_response.json()
+
+    if user_response.status_code != 200:
+        return jsonify(user_data), 400
+    
+    discord_user_id = user_data["id"]
+    discord_username = user_data["username"]
+
+    # Step 3: Check user's permissions from the database
+    connection = get_db_connection()
+    cursor = connection.cursor(dictionary=True)
+    cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (discord_user_id,))
+    result = cursor.fetchone()
+
+    if result is None:
+        return "Access Denied: You are not registered in the database.", 403
+    
+    user_permission = result["permission"]
+
+    if user_permission < 8:  # Check if user is Admin or higher
+        return "Access Denied: You do not have sufficient permissions.", 403
+    
+    # Step 4: Log the user in
+    session["user_id"] = discord_user_id
+    session["username"] = discord_username
+    session["permission"] = user_permission
+
+    return redirect(url_for("index"))
+
+# Route for Logout
+@app.route("/logout")
+def logout():
+    session.clear()
+    return redirect(url_for("login"))
+
+# Route for Admin Dashboard (Protected)
+@app.route("/admin")
+def index():
+    if "user_id" in session and session["permission"] >= 8:
+        return f"Hello, {session['username']}! Welcome to the Admin Panel."
+    return redirect(url_for("login"))
+
 # Globale Variablen für die Intros
 INTRO_FILE = "introduction.txt"
 ASKNOTES_INTRO_FILE = "asknotesintro.txt"
diff --git a/bot.py b/bot.py
index 4652f1c..d85bbc1 100644
--- a/bot.py
+++ b/bot.py
@@ -648,7 +648,7 @@ async def leave(ctx):
 
 @client.hybrid_command()
 async def toggle_feature(ctx, feature: str, state: str):
-    """Allows admin to enable or disable features based on user permissions."""
+    """Allows admin to enable or disable features."""
     user_id = ctx.author.id
     user_data = load_user_data(user_id)
     user_perms = user_data["permission"]
@@ -687,7 +687,7 @@ if not os.path.exists(CACHE_DIR):
 
 @client.hybrid_command()
 async def addnotes(ctx, type: str, *, source: str):
-    """Fügt eine Notiz hinzu, die später abgefragt werden kann."""
+    """Adds a note that can be consulted later."""
     await ctx.defer()  # Signalisiert, dass die Bearbeitung des Befehls begonnen hat
 
     user_id = ctx.author.id