From 1c01837a76fb1a88cb870223f384c02915ba4c49 Mon Sep 17 00:00:00 2001 From: SimolZimol <70102430+SimolZimol@users.noreply.github.com> Date: Fri, 6 Sep 2024 11:16:21 +0200 Subject: [PATCH] modified: app.py --- app.py | 91 ---------------------------------------------------------- 1 file changed, 91 deletions(-) diff --git a/app.py b/app.py index 3f91a95..c337ef5 100644 --- a/app.py +++ b/app.py @@ -7,7 +7,6 @@ import os import subprocess import psutil import mysql.connector -import requests from datetime import datetime app = Flask(__name__) @@ -22,96 +21,6 @@ DB_USER = os.getenv("DB_USER") DB_PASS = os.getenv("DB_PASSWORD") DB_NAME = os.getenv("DB_DATABASE") -DISCORD_CLIENT_ID = os.getenv("DISCORD_CLIENT_ID") -DISCORD_CLIENT_SECRET = os.getenv("DISCORD_CLIENT_SECRET") -DISCORD_REDIRECT_URI = os.getenv("DISCORD_REDIRECT_URI") -DISCORD_API_BASE_URL = "https://discord.com/api" - -def get_db_connection(): - connection = mysql.connector.connect( - host=DB_HOST, - user=DB_USER, - password=DB_PASS, - database=DB_NAME - ) - return connection - -@app.route("/login") -def login(): - discord_authorize_url = f"https://discord.com/api/oauth2/authorize?client_id={DISCORD_CLIENT_ID}&redirect_uri={DISCORD_REDIRECT_URI}&response_type=code&scope=identify" - return redirect(discord_authorize_url) - -# Route for OAuth2 Callback -@app.route("/callback") -def callback(): - code = request.args.get("code") - if code is None: - return redirect(url_for("login")) - - # Step 1: Exchange the authorization code for an access token - data = { - "client_id": DISCORD_CLIENT_ID, - "client_secret": DISCORD_CLIENT_SECRET, - "grant_type": "authorization_code", - "code": code, - "redirect_uri": DISCORD_REDIRECT_URI - } - headers = {"Content-Type": "application/x-www-form-urlencoded"} - response = requests.post(f"{DISCORD_API_BASE_URL}/oauth2/token", data=data, headers=headers) - response_data = response.json() - - if response.status_code != 200: - return jsonify(response_data), 400 - - access_token = response_data.get("access_token") - - # Step 2: Use the access token to fetch the user's info from Discord - headers = { - "Authorization": f"Bearer {access_token}" - } - user_response = requests.get(f"{DISCORD_API_BASE_URL}/users/@me", headers=headers) - user_data = user_response.json() - - if user_response.status_code != 200: - return jsonify(user_data), 400 - - discord_user_id = user_data["id"] - discord_username = user_data["username"] - - # Step 3: Check user's permissions from the database - connection = get_db_connection() - cursor = connection.cursor(dictionary=True) - cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (discord_user_id,)) - result = cursor.fetchone() - - if result is None: - return "Access Denied: You are not registered in the database.", 403 - - user_permission = result["permission"] - - if user_permission < 8: # Check if user is Admin or higher - return "Access Denied: You do not have sufficient permissions.", 403 - - # Step 4: Log the user in - session["user_id"] = discord_user_id - session["username"] = discord_username - session["permission"] = user_permission - - return redirect(url_for("index")) - -# Route for Logout -@app.route("/logout") -def logout(): - session.clear() - return redirect(url_for("login")) - -# Route for Admin Dashboard (Protected) -@app.route("/admin") -def index(): - if "user_id" in session and session["permission"] >= 8: - return f"Hello, {session['username']}! Welcome to the Admin Panel." - return redirect(url_for("login")) - # Globale Variablen für die Intros INTRO_FILE = "introduction.txt" ASKNOTES_INTRO_FILE = "asknotesintro.txt"