rsstootalizer/RSSTootalizer/Website/Callback.pm

#!/usr/bin/perl -w

use strict;
use HTML::Template;
use RSSTootalizer::Website;
use RSSTootalizer::App;
use RSSTootalizer::Token;

package RSSTootalizer::Website::Callback;
@RSSTootalizer::Website::Callback::ISA = qw(RSSTootalizer::Website);
use Data::Dumper;
use UUID::Tiny;
use Digest::SHA qw(sha256_base64);
use JSON;
use RSSTootalizer::DB;

sub requires_authentication {
	return 0;
}

sub fill_content {
	return 1;
}

sub prerender {
	my $self = shift;
	$self->{"template"} = "Callback";
	$self->{"content_type"} = "html";
	$self->{"params"}->{"currentmode"} = "Callback";

	my $instance = $main::FORM{instance};
	my $app = RSSTootalizer::App->get_or_create_by_instance($instance);

	open(DATA, "./process_code.bash '$app->{data}->{instance_client_id}' '$app->{data}->{instance_client_secret}' '$main::FORM{code}' '$main::config->{app}->{redirect_uris}' '$instance'|");
	my $reply;
	{
		local $/ = undef;
		$reply = <DATA>;
	}
	close DATA;
	$reply = decode_json($reply);
	if (!defined($$reply{access_token})){
		main::Error("Login error", "There was an error logging you in!");
		return 0;
	}

	my $token = $$reply{access_token};
	open(DATA, "./verify_credentials.bash '$token' '$instance'|");
	{
		local $/ = undef;
		$reply = <DATA>
	}
	close DATA;
	$reply = decode_json($reply);
	if (!defined($$reply{acct})){
		main::Error("Login error", "There was an error logging you in!");
		return 0;
	}

	my $session_id = UUID::Tiny::create_UUID_as_string(UUID_V5, time().$$reply{acct});

	RSSTootalizer::DB->doINSERT("INSERT INTO users (username, username_sha256, instance, instance_sha256, access_token, session_id) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE access_token=?, session_id=?", $$reply{acct}, sha256_base64($$reply{acct}), $instance, sha256_base64($instance), $token, $session_id, $token, $session_id);

	$self->{"set_cookie"} = ("session_id=".$session_id."; SameSite=strict");
}

1;
initial commit 2017-04-21 14:56:24 +00:00			`#!/usr/bin/perl -w`

			`use strict;`
			`use HTML::Template;`
rename Tweetodon to RSSTootalizer 2017-04-23 18:51:48 +00:00			`use RSSTootalizer::Website;`
			`use RSSTootalizer::App;`
			`use RSSTootalizer::Token;`
initial commit 2017-04-21 14:56:24 +00:00
rename Tweetodon to RSSTootalizer 2017-04-23 18:51:48 +00:00			`package RSSTootalizer::Website::Callback;`
			`@RSSTootalizer::Website::Callback::ISA = qw(RSSTootalizer::Website);`
initial commit 2017-04-21 14:56:24 +00:00			`use Data::Dumper;`
implement login/logout with session_id 2017-04-22 20:22:55 +00:00			`use UUID::Tiny;`
			`use Digest::SHA qw(sha256_base64);`
initial commit 2017-04-21 14:56:24 +00:00			`use JSON;`
rename Tweetodon to RSSTootalizer 2017-04-23 18:51:48 +00:00			`use RSSTootalizer::DB;`
initial commit 2017-04-21 14:56:24 +00:00
			`sub requires_authentication {`
			`return 0;`
			`}`

			`sub fill_content {`
			`return 1;`
			`}`

			`sub prerender {`
			`my $self = shift;`
			`$self->{"template"} = "Callback";`
			`$self->{"content_type"} = "html";`
			`$self->{"params"}->{"currentmode"} = "Callback";`

progress 2017-04-21 19:45:58 +00:00			`my $instance = $main::FORM{instance};`
rename Tweetodon to RSSTootalizer 2017-04-23 18:51:48 +00:00			`my $app = RSSTootalizer::App->get_or_create_by_instance($instance);`
initial commit 2017-04-21 14:56:24 +00:00
			`open(DATA, "./process_code.bash '$app->{data}->{instance_client_id}' '$app->{data}->{instance_client_secret}' '$main::FORM{code}' '$main::config->{app}->{redirect_uris}' '$instance'\|");`
			`my $reply;`
			`{`
make local vars local 2017-04-23 19:24:03 +00:00			`local $/ = undef;`
initial commit 2017-04-21 14:56:24 +00:00			`$reply = <DATA>;`
			`}`
			`close DATA;`
			`$reply = decode_json($reply);`
implement login/logout with session_id 2017-04-22 20:22:55 +00:00			`if (!defined($$reply{access_token})){`
			`main::Error("Login error", "There was an error logging you in!");`
			`return 0;`
			`}`

			`my $token = $$reply{access_token};`
			`open(DATA, "./verify_credentials.bash '$token' '$instance'\|");`
			`{`
make local vars local 2017-04-23 19:24:03 +00:00			`local $/ = undef;`
implement login/logout with session_id 2017-04-22 20:22:55 +00:00			`$reply = <DATA>`
			`}`
			`close DATA;`
			`$reply = decode_json($reply);`
			`if (!defined($$reply{acct})){`
			`main::Error("Login error", "There was an error logging you in!");`
			`return 0;`
			`}`

			`my $session_id = UUID::Tiny::create_UUID_as_string(UUID_V5, time().$$reply{acct});`

rename Tweetodon to RSSTootalizer 2017-04-23 18:51:48 +00:00			`RSSTootalizer::DB->doINSERT("INSERT INTO users (username, username_sha256, instance, instance_sha256, access_token, session_id) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE access_token=?, session_id=?", $$reply{acct}, sha256_base64($$reply{acct}), $instance, sha256_base64($instance), $token, $session_id, $token, $session_id);`
initial commit 2017-04-21 14:56:24 +00:00
try to prevent CSRF for session_id 2017-04-26 06:45:20 +00:00			`$self->{"set_cookie"} = ("session_id=".$session_id."; SameSite=strict");`
initial commit 2017-04-21 14:56:24 +00:00			`}`

			`1;`