Prefix all configs with DISCORD_ to prevent un intended user override

2025-12-10 04:19:31 +02:00 · 2020-04-14 08:46:55 +05:30
parent dd2df8ac0b
commit 03952f66f9
5 changed files with 23 additions and 24 deletions
--- a/flask_discord/_http.py
+++ b/flask_discord/_http.py
@@ -69,7 +69,7 @@ class DiscordOAuth2HttpClient(abc.ABC):
                'client_id': self.client_id,
                'client_secret': self.client_secret,
            },
-            auto_refresh_url=configs.TOKEN_URL,
+            auto_refresh_url=configs.DISCORD_TOKEN_URL,
            token_updater=self._token_updater)

    def get(self, route: str) -> dict:
@@ -95,7 +95,7 @@ class DiscordOAuth2HttpClient(abc.ABC):
            Raises :py:class:`flask_discord.Unauthorized` if current user is not authorized.

        """
-        response = self._make_session().get(configs.API_BASE_URL + route)
+        response = self._make_session().get(configs.DISCORD_API_BASE_URL + route)

        if response.status_code == 401:
            raise exceptions.Unauthorized
@@ -104,7 +104,7 @@ class DiscordOAuth2HttpClient(abc.ABC):

    def get_json(self):
        discord_session = self._make_session(token=session.get("DISCORD_OAUTH2_TOKEN"))
-        user = discord_session.get(configs.API_BASE_URL + '/users/@me').json()
-        guilds = discord_session.get(configs.API_BASE_URL + '/users/@me/guilds').json()
-        connections = discord_session.get(configs.API_BASE_URL + '/users/@me/connections').json()
+        user = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me').json()
+        guilds = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me/guilds').json()
+        connections = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me/connections').json()
        return jsonify(user=user, guilds=guilds, connections=connections)
--- a/flask_discord/client.py
+++ b/flask_discord/client.py
@@ -32,9 +32,9 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
            Flask redirect to discord authorization servers to complete authorization code grant process.

        """
-        scope = scope or request.args.get("scope", str()).split() or configs.DEFAULT_SCOPES
+        scope = scope or request.args.get("scope", str()).split() or configs.DISCORD_OAUTH_DEFAULT_SCOPES
        discord_session = self._make_session(scope=scope)
-        authorization_url, state = discord_session.authorization_url(configs.AUTHORIZATION_BASE_URL)
+        authorization_url, state = discord_session.authorization_url(configs.DISCORD_AUTHORIZATION_BASE_URL)
        session["DISCORD_OAUTH2_STATE"] = state
        return redirect(authorization_url)

@@ -49,7 +49,7 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
            return request.values["error"]
        discord = self._make_session(state=session.get("DISCORD_OAUTH2_STATE"))
        token = discord.fetch_token(
-            configs.TOKEN_URL,
+            configs.DISCORD_TOKEN_URL,
            client_secret=self.client_secret,
            authorization_response=request.url
        )
--- a/flask_discord/configs.py
+++ b/flask_discord/configs.py
@@ -1,24 +1,21 @@
-API_BASE_URL = "https://discordapp.com/api"
+DISCORD_API_BASE_URL = "https://discordapp.com/api"

-AUTHORIZATION_BASE_URL = API_BASE_URL + "/oauth2/authorize"
-TOKEN_URL = API_BASE_URL + "/oauth2/token"
+DISCORD_AUTHORIZATION_BASE_URL = DISCORD_API_BASE_URL + "/oauth2/authorize"
+DISCORD_TOKEN_URL = DISCORD_API_BASE_URL + "/oauth2/token"


-ALL_SCOPES = [
+DISCORD_OAUTH_ALL_SCOPES = [
    "bot", "connections", "email", "identify", "guilds", "guilds.join",
    "gdm.join", "messages.read", "rpc", "rpc.api", "rpc.notifications.read", "webhook.incoming",
 ]

-DEFAULT_SCOPES = [
+DISCORD_OAUTH_DEFAULT_SCOPES = [
    "identify", "email", "guilds", "guilds.join"
 ]


-IMAGE_BASE_URL = "https://cdn.discordapp.com/"
-IMAGE_FORMAT = "png"
-ANIMATED_IMAGE_FORMAT = "gif"
-USER_AVATAR_BASE_URL = IMAGE_BASE_URL + "avatars/{user_id}/{avatar_hash}.{format}"
-GUILD_ICON_BASE_URL = IMAGE_BASE_URL + "icons/{guild_id}/{icon_hash}.png"
-
-
-# TODO: Prefix configs with DISCORD_ to avoid users overriding it with their own configs.
+DISCORD_IMAGE_BASE_URL = "https://cdn.discordapp.com/"
+DISCORD_IMAGE_FORMAT = "png"
+DISCORD_ANIMATED_IMAGE_FORMAT = "gif"
+DISCORD_USER_AVATAR_BASE_URL = DISCORD_IMAGE_BASE_URL + "avatars/{user_id}/{avatar_hash}.{format}"
+DISCORD_GUILD_ICON_BASE_URL = DISCORD_IMAGE_BASE_URL + "icons/{guild_id}/{icon_hash}.png"
--- a/flask_discord/models/guild.py
+++ b/flask_discord/models/guild.py
@@ -37,4 +37,4 @@ class Guild(DiscordModelsBase):
        """A property returning direct URL to the guild's icon. Returns None if guild has no icon set."""
        if not self.icon_hash:
            return
-        return configs.GUILD_ICON_BASE_URL.format(guild_id=self.id, icon_hash=self.icon_hash)
+        return configs.DISCORD_GUILD_ICON_BASE_URL.format(guild_id=self.id, icon_hash=self.icon_hash)
--- a/flask_discord/models/user.py
+++ b/flask_discord/models/user.py
@@ -60,8 +60,10 @@ class User(DiscordModelsBase):
    @property
    def avatar_url(self):
        """A property returning direct URL to user's avatar."""
-        image_format = configs.ANIMATED_IMAGE_FORMAT if self.is_avatar_animated else configs.IMAGE_FORMAT
-        return configs.USER_AVATAR_BASE_URL.format(user_id=self.id, avatar_hash=self.avatar_hash, format=image_format)
+        image_format = configs.DISCORD_ANIMATED_IMAGE_FORMAT \
+            if self.is_avatar_animated else configs.DISCORD_IMAGE_FORMAT
+        return configs.DISCORD_USER_AVATAR_BASE_URL.format(
+            user_id=self.id, avatar_hash=self.avatar_hash, format=image_format)

    @property
    def is_avatar_animated(self):