__version__ = "dev-0.4.7" __all__ = ["Discordbot-chatai-webpanel (Discord)"] __author__ = "SimolZimol" from flask import Flask, render_template, redirect, url_for, request, session, jsonify, flash from requests_oauthlib import OAuth2Session import os import subprocess import mysql.connector from datetime import datetime app = Flask(__name__) app.secret_key = os.getenv("FLASK_SECRET_KEY") LOG_FILE_PATH = os.path.join("logs", f"{datetime.now().strftime('%Y-%m-%d')}.log") # Datenbankverbindung DB_HOST = os.getenv("DB_HOST") DB_PORT = os.getenv("DB_PORT") DB_USER = os.getenv("DB_USER") DB_PASS = os.getenv("DB_PASSWORD") DB_NAME = os.getenv("DB_DATABASE") # Discord OAuth2-Konfiguration DISCORD_CLIENT_ID = os.getenv("DISCORD_CLIENT_ID") DISCORD_CLIENT_SECRET = os.getenv("DISCORD_CLIENT_SECRET") DISCORD_REDIRECT_URI = os.getenv("DISCORD_REDIRECT_URI") DISCORD_OAUTH2_URL = "https://discord.com/api/oauth2/authorize" DISCORD_TOKEN_URL = "https://discord.com/api/oauth2/token" DISCORD_API_URL = "https://discord.com/api/users/@me" DISCORD_GUILDS_URL = "https://discord.com/api/users/@me/guilds" os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' # nur für Entwicklungszwecke # Bot-Status bot_process = None def get_db_connection(): """Stellt eine Verbindung zur MySQL-Datenbank her.""" return mysql.connector.connect( host=DB_HOST, port=DB_PORT, user=DB_USER, password=DB_PASS, database=DB_NAME ) def make_discord_session(token=None, state=None): """Erstellt eine Discord OAuth2-Session.""" return OAuth2Session( DISCORD_CLIENT_ID, token=token, state=state, redirect_uri=DISCORD_REDIRECT_URI, scope=["identify", "guilds"] ) def fetch_discord_guilds(discord_session): """Lädt die Gilden des Benutzers von der Discord-API.""" try: return discord_session.get(DISCORD_GUILDS_URL).json() except Exception as e: print(f"Fehler beim Abrufen der Gilden: {e}") return None def is_bot_admin(): """Überprüft, ob der Benutzer globale Admin-Rechte hat.""" if "discord_user" in session: user_info = session["discord_user"] user_id = user_info["id"] connection = get_db_connection() cursor = connection.cursor(dictionary=True) cursor.execute("SELECT global_permission FROM bot_data WHERE user_id = %s", (user_id,)) user_data = cursor.fetchone() cursor.close() connection.close() return user_data and user_data["global_permission"] >= 8 return False def is_server_admin(guild_id): """Überprüft, ob der Benutzer Admin-Rechte auf einem bestimmten Server (Guild) hat.""" if "discord_user" in session: user_info = session["discord_user"] user_id = user_info["id"] connection = get_db_connection() cursor = connection.cursor(dictionary=True) cursor.execute("SELECT permission FROM user_data WHERE user_id = %s AND guild_id = %s", (user_id, guild_id)) user_data = cursor.fetchone() cursor.close() connection.close() return user_data and user_data["permission"] >= 8 return False @app.route("/") def landing_page(): """Landing Page""" return render_template("landing.html") @app.route("/login") def login(): """Startet den Discord-OAuth2-Flow.""" discord = make_discord_session() authorization_url, state = discord.authorization_url(DISCORD_OAUTH2_URL) session['oauth_state'] = state return redirect(authorization_url) @app.route("/callback") def callback(): """Verarbeitet den OAuth2-Rückruf von Discord.""" discord = make_discord_session(state=session.get("oauth_state")) token = discord.fetch_token( DISCORD_TOKEN_URL, client_secret=DISCORD_CLIENT_SECRET, authorization_response=request.url, ) session['oauth_token'] = token session['discord_user'] = discord.get(DISCORD_API_URL).json() # Gilden (Server) nur einmal laden und in der Session speichern session['discord_guilds'] = fetch_discord_guilds(discord) return redirect(url_for("server_selection")) @app.route("/server_selection") def server_selection(): """Zeigt dem Benutzer eine Liste aller Server an, auf denen er sich befindet.""" if "discord_user" in session: guilds = session.get('discord_guilds', []) if not guilds: flash("Es wurden keine Server gefunden.", "danger") return redirect(url_for("landing_page")) if len(guilds) == 1: return redirect(url_for("user_dashboard", guild_id=guilds[0]['id'])) else: return render_template("server_selection.html", guilds=guilds) return redirect(url_for("login")) @app.route("/user_dashboard/") def user_dashboard(guild_id): """Zeigt das User-Dashboard für den ausgewählten Server an.""" if "discord_user" in session: user_info = session["discord_user"] user_id = user_info["id"] connection = get_db_connection() cursor = connection.cursor(dictionary=True) cursor.execute("SELECT * FROM user_data WHERE user_id = %s AND guild_id = %s", (user_id, guild_id)) user_data = cursor.fetchone() cursor.close() connection.close() if user_data: return render_template("user_dashboard.html", user_info=user_info, user_data=user_data, guild_id=guild_id) else: flash("Keine Daten für diesen Server gefunden.", "danger") return redirect(url_for("server_selection")) return redirect(url_for("login")) @app.route("/logout") def logout(): """Meldet den Benutzer ab.""" session.clear() return redirect(url_for("landing_page")) # Verbesserte Fehlerbehandlung: Automatisches Logout bei ungültigem Token @app.before_request def check_oauth_token(): if "oauth_token" in session: discord = make_discord_session(token=session["oauth_token"]) try: discord.get(DISCORD_API_URL) # Test-API-Aufruf, um Token zu validieren except Exception: session.clear() flash("Deine Sitzung ist abgelaufen. Bitte erneut einloggen.", "warning") return redirect(url_for("login")) if __name__ == "__main__": app.run(host="0.0.0.0", port=5000, debug=True)