From d6ac988a9c1a2d38e4953133392db061845c8c5b Mon Sep 17 00:00:00 2001
From: Stefano Pigozzi <ste.pigozzi@gmail.com>
Date: Sat, 8 Jun 2019 01:33:34 +0200
Subject: [PATCH] tglogin progress

---
 royalnet/royalgamesweb.py                     |  4 +--
 royalnet/web/blueprints/__init__.py           |  3 +-
 royalnet/web/blueprints/helloworld.py         | 11 ------
 royalnet/web/blueprints/testing.py            | 13 -------
 royalnet/web/blueprints/tglogin/__init__.py   | 35 +++++++++++++++++++
 .../tglogin/templates/tglogin_index.html      | 18 ++++++++++
 6 files changed, 57 insertions(+), 27 deletions(-)
 delete mode 100644 royalnet/web/blueprints/helloworld.py
 delete mode 100644 royalnet/web/blueprints/testing.py
 create mode 100644 royalnet/web/blueprints/tglogin/__init__.py
 create mode 100644 royalnet/web/blueprints/tglogin/templates/tglogin_index.html

diff --git a/royalnet/royalgamesweb.py b/royalnet/royalgamesweb.py
index dc64109a..4990e75d 100644
--- a/royalnet/royalgamesweb.py
+++ b/royalnet/royalgamesweb.py
@@ -1,13 +1,13 @@
 import os
 from .web import create_app
-from .web.blueprints import home, wikiview
+from .web.blueprints import home, wikiview, tglogin
 
 
 class TestConfig:
     DB_PATH = os.environ["DB_PATH"]
 
 
-app = create_app(TestConfig, [home, wikiview])
+app = create_app(TestConfig, [home, wikiview, tglogin])
 
 
 if __name__ == "__main__":
diff --git a/royalnet/web/blueprints/__init__.py b/royalnet/web/blueprints/__init__.py
index 14e60b52..2097b48f 100644
--- a/royalnet/web/blueprints/__init__.py
+++ b/royalnet/web/blueprints/__init__.py
@@ -2,5 +2,6 @@ from .helloworld import bp as helloworld
 from .testing import bp as testing
 from .home import bp as home
 from .wikiview import bp as wikiview
+from .tglogin import bp as tglogin
 
-__all__ = ["helloworld", "testing", "home", "wikiview"]
+__all__ = ["helloworld", "testing", "home", "wikiview", "tglogin"]
diff --git a/royalnet/web/blueprints/helloworld.py b/royalnet/web/blueprints/helloworld.py
deleted file mode 100644
index cd8e77aa..00000000
--- a/royalnet/web/blueprints/helloworld.py
+++ /dev/null
@@ -1,11 +0,0 @@
-import flask as f
-from .. import Royalprint
-
-
-bp = Royalprint("helloworld", __name__, url_prefix="/helloworld")
-
-
-@bp.route("/")
-def helloworld():
-    return "Hello world!"
-
diff --git a/royalnet/web/blueprints/testing.py b/royalnet/web/blueprints/testing.py
deleted file mode 100644
index 989b95af..00000000
--- a/royalnet/web/blueprints/testing.py
+++ /dev/null
@@ -1,13 +0,0 @@
-import flask as f
-from .. import Royalprint
-from ...database.tables import Royal
-
-
-bp = Royalprint("testing", __name__, url_prefix="/testing", required_tables={Royal})
-
-
-@bp.route("/listroyals")
-def listroyals():
-    from ..alchemyhandler import alchemy, alchemy_session
-    royals = alchemy_session.query(alchemy.Royal).all()
-    return f'<body><script type="text/plain" style="display: block;">{repr(royals)}</script></body>'
diff --git a/royalnet/web/blueprints/tglogin/__init__.py b/royalnet/web/blueprints/tglogin/__init__.py
new file mode 100644
index 00000000..c7aa280d
--- /dev/null
+++ b/royalnet/web/blueprints/tglogin/__init__.py
@@ -0,0 +1,35 @@
+import flask as f
+import hashlib
+import hmac
+from ... import Royalprint
+from ....database.tables import Royal, Telegram
+
+
+bp = Royalprint("tglogin", __name__, url_prefix="/login/telegram", required_tables={Royal, Telegram},
+                template_folder="templates")
+
+
+@bp.route("/")
+def tglogin_index():
+    return f.render_template("tglogin_index.html")
+
+
+@bp.route("/done")
+def tglogin_done():
+    from ...alchemyhandler import alchemy, alchemy_session
+    data_check_string = ""
+    for field in f.request.args:
+        if field == "hash":
+            continue
+        data_check_string += f"{field}={f.request.args['field']}\n"
+    data_check_string.rstrip("\n")
+    secret_key = hashlib.sha256(f.current_app.config["TG_AK"])
+    hex_data = hmac.new(key=secret_key, msg=data_check_string, digestmod="sha256").hexdigest()
+    if hex_data != f.request.args["hash"]:
+        return "Invalid authentication", 403
+    tg_user = alchemy_session.query(alchemy.Telegram).filter(alchemy.Telegram.tg_id == f.request.args["id"]).one_or_none()
+    if tg_user is None:
+        return "No such telegram", 404
+    royal_user = tg_user.royal
+    f.session["royal_id"] = royal_user.id
+    return f.redirect(f.url_for("/"))
diff --git a/royalnet/web/blueprints/tglogin/templates/tglogin_index.html b/royalnet/web/blueprints/tglogin/templates/tglogin_index.html
new file mode 100644
index 00000000..36da9948
--- /dev/null
+++ b/royalnet/web/blueprints/tglogin/templates/tglogin_index.html
@@ -0,0 +1,18 @@
+{% extends "base.html" %}
+
+{% block title %}
+    Login with Telegram
+{% endblock %}
+
+{% block content %}
+    <div class="doublebox">
+        <div class="top">
+            <span class="left">
+                Telegram login
+            </span>
+        </div>
+        <div class="bot">
+            <script async src="https://telegram.org/js/telegram-widget.js?6" data-telegram-login="royalgamesbot" data-size="large" data-auth-url="{{ url_for("tglogin.tglogin_done") }}" data-request-access="write"></script>
+        </div>
+    </div>
+{% endblock %}