ManagerBotServer/app.py at master · SJTU-Plus/ManagerBotServer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import logging
import os
import re

from flask import Flask, redirect, render_template, request, session, url_for, jsonify

from attestation import Blake2Attestation
from authlib.integrations.flask_client import OAuth
from authlib.jose import jwt
from authlib.oidc.core import CodeIDToken

logging.basicConfig(filename='app.log', level=logging.INFO)

app = Flask(__name__)
app.config.from_json('config.json')
app.config['SECRET_KEY'] = os.urandom(16)
app.config.update(dict(
  PREFERRED_URL_SCHEME = 'https'
))
oauth = OAuth(app)
oauth.register('jaccount')

attestation = Blake2Attestation(secret=bytes.fromhex(
    app.config.get('ATTESTATION_SECRET')))

qq_pattern = re.compile(r'^[1-9]\d{4,}')


def check_qq(qq: str) -> bool:
    return True if qq_pattern.fullmatch(qq) else False


@app.before_request
def login_required():
    if request.path not in [url_for('cover_page'), url_for('generate')]:
        return None

    if 'user' not in session:
        if request.path == url_for('generate'):
            return 'Please login first', 401
        else:
            return redirect(url_for('login'))


@app.route('/')
def cover_page():
    return render_template('index.html')


@app.route('/login')
def login():
    redirect_uri = url_for('authorize', _external=True)
    return oauth.jaccount.authorize_redirect(redirect_uri)


@app.route('/authorize')
def authorize():
    token = oauth.jaccount.authorize_access_token()

    # resp = oauth.jaccount.get('/v1/me/profile', token=token)
    # print(json.dumps(resp.json(), ensure_ascii=False, indent=True))

    claims = jwt.decode(token.get('id_token'),
                        oauth.jaccount.client_secret,
                        claims_cls=CodeIDToken)
    claims.validate()
    session['user'] = claims

    return redirect(url_for('cover_page'))


@app.route('/generate', methods=['POST'])
def generate():
    qq = request.form.get('qq_number', type=str, default='')
    if check_qq(qq):
        try:
            return attestation.generate(qq)
        except Exception as e:
            return str(e), 500
    else:
        return '填写错误，请输入正确的QQ号', 400


@app.route('/verify', methods=['POST'])
def verify():
    qq = request.json.get('qq_number')
    token = request.json.get('token')

    if qq == None or token == None:
        return jsonify({
            "success": False,
            "message": "Compulsory parameters lost"
        }), 400

    if not check_qq(qq):
        return jsonify({
            "success": False,
            "message": "Invalid QQ number"
        }), 400

    try:
        timestamp = attestation.verify(qq, token)
        if timestamp == None:
            return jsonify({
                "success": False,
                "message": "Verification Failed"
            })
        else:
            return jsonify({
                "success": True,
                "message": timestamp.isoformat()
            })
    except (UnicodeEncodeError, ValueError) as e:
        return jsonify({
            "success": False,
            "message": "Invalid token"
        }), 400


if __name__ == '__main__':
    app.run()