Startsida Utforska Hjälp
Registrera dig Logga in
shenzhen
/
tjdify
Bevaka 2
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 6c28e1e69a
Grenar Taggar
tjdify
/
api
/
libs
/
oauth.py

oauth.py 4.5 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. import json
    2. 

  2. import urllib.parse
    3. 

  3. from dataclasses import dataclass
    4. 

  4. 

  5. import requests
    6. 

  6. from extensions.ext_database import db
    7. 

  7. from flask_login import current_user
    8. 

  8. from models.source import DataSourceBinding
    9. 

  9. 

  10. 

  11. @dataclass
    12. 

  12. class OAuthUserInfo:
    13. 

  13.     id: str
    14. 

  14.     name: str
    15. 

  15.     email: str
    16. 

  16. 

  17. 

  18. class OAuth:
    19. 

  19.     def __init__(self, client_id: str, client_secret: str, redirect_uri: str):
    20. 

  20.         self.client_id = client_id
    21. 

  21.         self.client_secret = client_secret
    22. 

  22.         self.redirect_uri = redirect_uri
    23. 

  23. 

  24.     def get_authorization_url(self):
    25. 

  25.         raise NotImplementedError()
    26. 

  26. 

  27.     def get_access_token(self, code: str):
    28. 

  28.         raise NotImplementedError()
    29. 

  29. 

  30.     def get_raw_user_info(self, token: str):
    31. 

  31.         raise NotImplementedError()
    32. 

  32. 

  33.     def get_user_info(self, token: str) -> OAuthUserInfo:
    34. 

  34.         raw_info = self.get_raw_user_info(token)
    35. 

  35.         return self._transform_user_info(raw_info)
    36. 

  36. 

  37.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    38. 

  38.         raise NotImplementedError()
    39. 

  39. 

  40. 

  41. class GitHubOAuth(OAuth):
    42. 

  42.     _AUTH_URL = 'https://github.com/login/oauth/authorize'
    43. 

  43.     _TOKEN_URL = 'https://github.com/login/oauth/access_token'
    44. 

  44.     _USER_INFO_URL = 'https://api.github.com/user'
    45. 

  45.     _EMAIL_INFO_URL = 'https://api.github.com/user/emails'
    46. 

  46. 

  47.     def get_authorization_url(self):
    48. 

  48.         params = {
    49. 

  49.             'client_id': self.client_id,
    50. 

  50.             'redirect_uri': self.redirect_uri,
    51. 

  51.             'scope': 'user:email'  # Request only basic user information
    52. 

  52.         }
    53. 

  53.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    54. 

  54. 

  55.     def get_access_token(self, code: str):
    56. 

  56.         data = {
    57. 

  57.             'client_id': self.client_id,
    58. 

  58.             'client_secret': self.client_secret,
    59. 

  59.             'code': code,
    60. 

  60.             'redirect_uri': self.redirect_uri
    61. 

  61.         }
    62. 

  62.         headers = {'Accept': 'application/json'}
    63. 

  63.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    64. 

  64. 

  65.         response_json = response.json()
    66. 

  66.         access_token = response_json.get('access_token')
    67. 

  67. 

  68.         if not access_token:
    69. 

  69.             raise ValueError(f"Error in GitHub OAuth: {response_json}")
    70. 

  70. 

  71.         return access_token
    72. 

  72. 

  73.     def get_raw_user_info(self, token: str):
    74. 

  74.         headers = {'Authorization': f"token {token}"}
    75. 

  75.         response = requests.get(self._USER_INFO_URL, headers=headers)
    76. 

  76.         response.raise_for_status()
    77. 

  77.         user_info = response.json()
    78. 

  78. 

  79.         email_response = requests.get(self._EMAIL_INFO_URL, headers=headers)
    80. 

  80.         email_info = email_response.json()
    81. 

  81.         primary_email = next((email for email in email_info if email['primary'] == True), None)
    82. 

  82. 

  83.         return {**user_info, 'email': primary_email['email']}
    84. 

  84. 

  85.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    86. 

  86.         email = raw_info.get('email')
    87. 

  87.         if not email:
    88. 

  88.             email = f"{raw_info['id']}+{raw_info['login']}@users.noreply.github.com"
    89. 

  89.         return OAuthUserInfo(
    90. 

  90.             id=str(raw_info['id']),
    91. 

  91.             name=raw_info['name'],
    92. 

  92.             email=email
    93. 

  93.         )
    94. 

  94. 

  95. 

  96. class GoogleOAuth(OAuth):
    97. 

  97.     _AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
    98. 

  98.     _TOKEN_URL = 'https://oauth2.googleapis.com/token'
    99. 

  99.     _USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
    100. 

  100. 

  101.     def get_authorization_url(self):
    102. 

  102.         params = {
    103. 

  103.             'client_id': self.client_id,
    104. 

  104.             'response_type': 'code',
    105. 

  105.             'redirect_uri': self.redirect_uri,
    106. 

  106.             'scope': 'openid email'
    107. 

  107.         }
    108. 

  108.         return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
    109. 

  109. 

  110.     def get_access_token(self, code: str):
    111. 

  111.         data = {
    112. 

  112.             'client_id': self.client_id,
    113. 

  113.             'client_secret': self.client_secret,
    114. 

  114.             'code': code,
    115. 

  115.             'grant_type': 'authorization_code',
    116. 

  116.             'redirect_uri': self.redirect_uri
    117. 

  117.         }
    118. 

  118.         headers = {'Accept': 'application/json'}
    119. 

  119.         response = requests.post(self._TOKEN_URL, data=data, headers=headers)
    120. 

  120. 

  121.         response_json = response.json()
    122. 

  122.         access_token = response_json.get('access_token')
    123. 

  123. 

  124.         if not access_token:
    125. 

  125.             raise ValueError(f"Error in Google OAuth: {response_json}")
    126. 

  126. 

  127.         return access_token
    128. 

  128. 

  129.     def get_raw_user_info(self, token: str):
    130. 

  130.         headers = {'Authorization': f"Bearer {token}"}
    131. 

  131.         response = requests.get(self._USER_INFO_URL, headers=headers)
    132. 

  132.         response.raise_for_status()
    133. 

  133.         return response.json()
    134. 

  134. 

  135.     def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
    136. 

  136.         return OAuthUserInfo(
    137. 

  137.             id=str(raw_info['sub']),
    138. 

  138.             name=None,
    139. 

  139.             email=raw_info['email']
    140. 

  140.         )
    141. 

  141. 

  142. 

  143.