yawaflua/Flask-Discord
1
0
Fork 0
mirror of https://github.com/yawaflua/Flask-Discord.git synced 2025-12-10 04:19:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make client secret and bot tokens protected attributes so that someone doesn't spills their secrets accidentally

Browse Source
This commit is contained in:
thec0sm0s
2020-07-24 23:43:29 +05:30
parent 5e99ed9af9
commit d703937da5
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flask_discord/_http.py
View File

@@ -45,9 +45,9 @@ class DiscordOAuth2HttpClient(abc.ABC):
def __init__(self, app, client_id=None, client_secret=None, redirect_uri=None, bot_token=None, users_cache=None): def __init__(self, app, client_id=None, client_secret=None, redirect_uri=None, bot_token=None, users_cache=None):
self.client_id = client_id or app.config["DISCORD_CLIENT_ID"] self.client_id = client_id or app.config["DISCORD_CLIENT_ID"]
self.client_secret = client_secret or app.config["DISCORD_CLIENT_SECRET"] self.__client_secret = client_secret or app.config["DISCORD_CLIENT_SECRET"]
self.redirect_uri = redirect_uri or app.config["DISCORD_REDIRECT_URI"] self.redirect_uri = redirect_uri or app.config["DISCORD_REDIRECT_URI"]
self.bot_token = bot_token or app.config.get("DISCORD_BOT_TOKEN", str()) self.__bot_token = bot_token or app.config.get("DISCORD_BOT_TOKEN", str())
self.users_cache = cachetools.LFUCache( self.users_cache = cachetools.LFUCache(
app.config.get("DISCORD_USERS_CACHE_MAX_LIMIT", configs.DISCORD_USERS_CACHE_DEFAULT_MAX_LIMIT) app.config.get("DISCORD_USERS_CACHE_MAX_LIMIT", configs.DISCORD_USERS_CACHE_DEFAULT_MAX_LIMIT)
) if users_cache is None else users_cache ) if users_cache is None else users_cache
@@ -102,7 +102,7 @@ class DiscordOAuth2HttpClient(abc.ABC):
redirect_uri=self.redirect_uri, redirect_uri=self.redirect_uri,
auto_refresh_kwargs={ auto_refresh_kwargs={
'client_id': self.client_id, 'client_id': self.client_id,
'client_secret': self.client_secret, 'client_secret': self.__client_secret,
}, },
auto_refresh_url=configs.DISCORD_TOKEN_URL, auto_refresh_url=configs.DISCORD_TOKEN_URL,
token_updater=self._token_updater) token_updater=self._token_updater)
@@ -177,5 +177,5 @@ class DiscordOAuth2HttpClient(abc.ABC):
Raises an instance of :py:class:`flask_discord.RateLimited` if application is being rate limited by Discord. Raises an instance of :py:class:`flask_discord.RateLimited` if application is being rate limited by Discord.
""" """
headers = {"Authorization": f"Bot {self.bot_token}"} headers = {"Authorization": f"Bot {self.__bot_token}"}
return self.request(route, method=method, oauth=False, headers=headers, **kwargs) return self.request(route, method=method, oauth=False, headers=headers, **kwargs)

2
flask_discord/client.py
View File

@@ -83,7 +83,7 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
discord = self._make_session(state=session.get("DISCORD_OAUTH2_STATE")) discord = self._make_session(state=session.get("DISCORD_OAUTH2_STATE"))
token = discord.fetch_token( token = discord.fetch_token(
configs.DISCORD_TOKEN_URL, configs.DISCORD_TOKEN_URL,
client_secret=self.client_secret, client_secret=self.__client_secret,
authorization_response=request.url authorization_response=request.url
) )
self._token_updater(token) self._token_updater(token)