matrix-puppeteer-line/mautrix_amp/web/provisioning_api.py

115 lines
4.4 KiB
Python

# mautrix-amp - A very hacky Matrix-SMS bridge based on using Android Messages for Web in Puppeteer
# Copyright (C) 2020 Tulir Asokan
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from typing import Awaitable, Dict
import logging
import json
from aiohttp import web
from mautrix.types import UserID
from mautrix.util.logging import TraceLogger
from .. import user as u
class ProvisioningAPI:
log: TraceLogger = logging.getLogger("mau.web.provisioning")
app: web.Application
def __init__(self, shared_secret: str) -> None:
self.app = web.Application()
self.shared_secret = shared_secret
self.app.router.add_get("/api/whoami", self.status)
self.app.router.add_options("/api/login", self.login_options)
self.app.router.add_post("/api/login", self.login)
self.app.router.add_post("/api/logout", self.logout)
@property
def _acao_headers(self) -> Dict[str, str]:
return {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "Authorization, Content-Type",
"Access-Control-Allow-Methods": "POST, OPTIONS",
}
@property
def _headers(self) -> Dict[str, str]:
return {
**self._acao_headers,
"Content-Type": "application/json",
}
async def login_options(self, _: web.Request) -> web.Response:
return web.Response(status=200, headers=self._headers)
def check_token(self, request: web.Request) -> Awaitable['u.User']:
try:
token = request.headers["Authorization"]
token = token[len("Bearer "):]
except KeyError:
raise web.HTTPBadRequest(body='{"error": "Missing Authorization header"}',
headers=self._headers)
except IndexError:
raise web.HTTPBadRequest(body='{"error": "Malformed Authorization header"}',
headers=self._headers)
if token != self.shared_secret:
raise web.HTTPForbidden(body='{"error": "Invalid token"}', headers=self._headers)
try:
user_id = request.query["user_id"]
except KeyError:
raise web.HTTPBadRequest(body='{"error": "Missing user_id query param"}',
headers=self._headers)
return u.User.get_by_mxid(UserID(user_id))
async def status(self, request: web.Request) -> web.Response:
user = await self.check_token(request)
data = {
"permissions": user.permission_level,
"mxid": user.mxid,
"twitter": None,
}
if await user.is_logged_in():
data["twitter"] = (await user.get_info()).serialize()
return web.json_response(data, headers=self._acao_headers)
async def login(self, request: web.Request) -> web.Response:
user = await self.check_token(request)
try:
data = await request.json()
except json.JSONDecodeError:
raise web.HTTPBadRequest(body='{"error": "Malformed JSON"}', headers=self._headers)
try:
auth_token = data["auth_token"]
csrf_token = data["csrf_token"]
except KeyError:
raise web.HTTPBadRequest(body='{"error": "Missing keys"}', headers=self._headers)
try:
await user.connect(auth_token=auth_token, csrf_token=csrf_token)
except Exception:
self.log.debug("Failed to log in", exc_info=True)
raise web.HTTPUnauthorized(body='{"error": "Twitter authorization failed"}',
headers=self._headers)
return web.Response(body='{}', status=200, headers=self._headers)
async def logout(self, request: web.Request) -> web.Response:
user = await self.check_token(request)
await user.logout()
return web.json_response({}, headers=self._acao_headers)