From 03952f66f9bdc58dc00701b41f8d1af5f7400b85 Mon Sep 17 00:00:00 2001 From: thecosmos Date: Tue, 14 Apr 2020 08:46:55 +0530 Subject: [PATCH] Prefix all configs with DISCORD_ to prevent un intended user override --- flask_discord/_http.py | 10 +++++----- flask_discord/client.py | 6 +++--- flask_discord/configs.py | 23 ++++++++++------------- flask_discord/models/guild.py | 2 +- flask_discord/models/user.py | 6 ++++-- 5 files changed, 23 insertions(+), 24 deletions(-) diff --git a/flask_discord/_http.py b/flask_discord/_http.py index 0b3a24f..4560cfe 100644 --- a/flask_discord/_http.py +++ b/flask_discord/_http.py @@ -69,7 +69,7 @@ class DiscordOAuth2HttpClient(abc.ABC): 'client_id': self.client_id, 'client_secret': self.client_secret, }, - auto_refresh_url=configs.TOKEN_URL, + auto_refresh_url=configs.DISCORD_TOKEN_URL, token_updater=self._token_updater) def get(self, route: str) -> dict: @@ -95,7 +95,7 @@ class DiscordOAuth2HttpClient(abc.ABC): Raises :py:class:`flask_discord.Unauthorized` if current user is not authorized. """ - response = self._make_session().get(configs.API_BASE_URL + route) + response = self._make_session().get(configs.DISCORD_API_BASE_URL + route) if response.status_code == 401: raise exceptions.Unauthorized @@ -104,7 +104,7 @@ class DiscordOAuth2HttpClient(abc.ABC): def get_json(self): discord_session = self._make_session(token=session.get("DISCORD_OAUTH2_TOKEN")) - user = discord_session.get(configs.API_BASE_URL + '/users/@me').json() - guilds = discord_session.get(configs.API_BASE_URL + '/users/@me/guilds').json() - connections = discord_session.get(configs.API_BASE_URL + '/users/@me/connections').json() + user = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me').json() + guilds = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me/guilds').json() + connections = discord_session.get(configs.DISCORD_API_BASE_URL + '/users/@me/connections').json() return jsonify(user=user, guilds=guilds, connections=connections) diff --git a/flask_discord/client.py b/flask_discord/client.py index 873c8f5..9174efd 100644 --- a/flask_discord/client.py +++ b/flask_discord/client.py @@ -32,9 +32,9 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient): Flask redirect to discord authorization servers to complete authorization code grant process. """ - scope = scope or request.args.get("scope", str()).split() or configs.DEFAULT_SCOPES + scope = scope or request.args.get("scope", str()).split() or configs.DISCORD_OAUTH_DEFAULT_SCOPES discord_session = self._make_session(scope=scope) - authorization_url, state = discord_session.authorization_url(configs.AUTHORIZATION_BASE_URL) + authorization_url, state = discord_session.authorization_url(configs.DISCORD_AUTHORIZATION_BASE_URL) session["DISCORD_OAUTH2_STATE"] = state return redirect(authorization_url) @@ -49,7 +49,7 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient): return request.values["error"] discord = self._make_session(state=session.get("DISCORD_OAUTH2_STATE")) token = discord.fetch_token( - configs.TOKEN_URL, + configs.DISCORD_TOKEN_URL, client_secret=self.client_secret, authorization_response=request.url ) diff --git a/flask_discord/configs.py b/flask_discord/configs.py index a9f245c..63736cf 100644 --- a/flask_discord/configs.py +++ b/flask_discord/configs.py @@ -1,24 +1,21 @@ -API_BASE_URL = "https://discordapp.com/api" +DISCORD_API_BASE_URL = "https://discordapp.com/api" -AUTHORIZATION_BASE_URL = API_BASE_URL + "/oauth2/authorize" -TOKEN_URL = API_BASE_URL + "/oauth2/token" +DISCORD_AUTHORIZATION_BASE_URL = DISCORD_API_BASE_URL + "/oauth2/authorize" +DISCORD_TOKEN_URL = DISCORD_API_BASE_URL + "/oauth2/token" -ALL_SCOPES = [ +DISCORD_OAUTH_ALL_SCOPES = [ "bot", "connections", "email", "identify", "guilds", "guilds.join", "gdm.join", "messages.read", "rpc", "rpc.api", "rpc.notifications.read", "webhook.incoming", ] -DEFAULT_SCOPES = [ +DISCORD_OAUTH_DEFAULT_SCOPES = [ "identify", "email", "guilds", "guilds.join" ] -IMAGE_BASE_URL = "https://cdn.discordapp.com/" -IMAGE_FORMAT = "png" -ANIMATED_IMAGE_FORMAT = "gif" -USER_AVATAR_BASE_URL = IMAGE_BASE_URL + "avatars/{user_id}/{avatar_hash}.{format}" -GUILD_ICON_BASE_URL = IMAGE_BASE_URL + "icons/{guild_id}/{icon_hash}.png" - - -# TODO: Prefix configs with DISCORD_ to avoid users overriding it with their own configs. +DISCORD_IMAGE_BASE_URL = "https://cdn.discordapp.com/" +DISCORD_IMAGE_FORMAT = "png" +DISCORD_ANIMATED_IMAGE_FORMAT = "gif" +DISCORD_USER_AVATAR_BASE_URL = DISCORD_IMAGE_BASE_URL + "avatars/{user_id}/{avatar_hash}.{format}" +DISCORD_GUILD_ICON_BASE_URL = DISCORD_IMAGE_BASE_URL + "icons/{guild_id}/{icon_hash}.png" diff --git a/flask_discord/models/guild.py b/flask_discord/models/guild.py index f1b995e..f8dc6f3 100644 --- a/flask_discord/models/guild.py +++ b/flask_discord/models/guild.py @@ -37,4 +37,4 @@ class Guild(DiscordModelsBase): """A property returning direct URL to the guild's icon. Returns None if guild has no icon set.""" if not self.icon_hash: return - return configs.GUILD_ICON_BASE_URL.format(guild_id=self.id, icon_hash=self.icon_hash) + return configs.DISCORD_GUILD_ICON_BASE_URL.format(guild_id=self.id, icon_hash=self.icon_hash) diff --git a/flask_discord/models/user.py b/flask_discord/models/user.py index 46e63cc..0d567e6 100644 --- a/flask_discord/models/user.py +++ b/flask_discord/models/user.py @@ -60,8 +60,10 @@ class User(DiscordModelsBase): @property def avatar_url(self): """A property returning direct URL to user's avatar.""" - image_format = configs.ANIMATED_IMAGE_FORMAT if self.is_avatar_animated else configs.IMAGE_FORMAT - return configs.USER_AVATAR_BASE_URL.format(user_id=self.id, avatar_hash=self.avatar_hash, format=image_format) + image_format = configs.DISCORD_ANIMATED_IMAGE_FORMAT \ + if self.is_avatar_animated else configs.DISCORD_IMAGE_FORMAT + return configs.DISCORD_USER_AVATAR_BASE_URL.format( + user_id=self.id, avatar_hash=self.avatar_hash, format=image_format) @property def is_avatar_animated(self):