Created
June 5, 2024 21:15
-
-
Save MrStonedOne/5e3700ffc5867e43a61939755522d390 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('OAUTH2_CLIENT_ID', ''); | |
| define('OAUTH2_CLIENT_SECRET', ''); | |
| $authorizeURL = 'https://tgstation13.org/phpBB/app.php/tgapi/oauth/auth'; | |
| $tokenURL = 'https://tgstation13.org/phpBB/app.php/tgapi/oauth/token'; | |
| $apiURLBase = 'https://tgstation13.org/phpBB/app.php/tgapi/user/me'; | |
| session_name('TG_OAUTH_PSESSIONID'); | |
| session_start(); | |
| function apisend($url, $method = 'GET', $content = NULL, $auth_token = NULL) { | |
| if (is_array($content)) | |
| $content = json_encode($content); | |
| $scontext = array('http' => array( | |
| 'method' => $method, | |
| 'header' => | |
| "Content-type: application/json\r\n". | |
| "Accept: application/json", | |
| 'ignore_errors' => true, | |
| 'user_agent' => 'tgstation13.org-tgstation-Automation-Tools' | |
| )); | |
| if ($content) | |
| $scontext['http']['content'] = $content; | |
| if($auth_token) | |
| $scontext['http']['header'] .= "\r\n".'Authorization: Bearer ' . $auth_token; | |
| return file_get_contents($url, false, stream_context_create($scontext)); | |
| } | |
| function generate_token() { | |
| $secure = FALSE; | |
| $r_bytes = openssl_random_pseudo_bytes(5120, $secure); | |
| if (!$secure) { | |
| for ($i = 1; $i > 1024; $i++) | |
| $r_bytes .= openssl_random_pseudo_bytes(5120); | |
| } | |
| return hash('sha3-224', $r_bytes); | |
| } | |
| // Start the login process by sending the user to tgstation's authorization page | |
| if(isset($_GET['action']) && $_GET['action'] == 'login') { | |
| // Generate a random hash and store in the session for security | |
| $_SESSION['state'] = generate_token(); | |
| unset($_SESSION['access_token']); | |
| $params = array( | |
| 'response_type' => 'code', | |
| 'client_id' => OAUTH2_CLIENT_ID, | |
| 'redirect_uri' => 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'], | |
| 'state' => $_SESSION['state'], | |
| 'scope' => 'user.linked_accounts user.details user.groups.private', | |
| ); | |
| // Redirect the user to tgstation's authorization page | |
| header('Location: ' . $authorizeURL . '?' . http_build_query($params)); | |
| die(); | |
| } | |
| // When tgstation redirects the user back here, there will be a "code" and "state" parameter in the query string | |
| if(!empty($_GET['code'])) { | |
| // Verify the state matches our stored state | |
| if (empty($_GET['state'])) | |
| die('No state.'); | |
| if (empty($_SESSION['state'])) | |
| die("I don't know who you are or why you are here."); | |
| if ($_SESSION['state'] != $_GET['state']) | |
| die('Invalid state.'); | |
| // Exchange the auth code for a token | |
| $tg_token_json = apisend($tokenURL, 'POST', array( | |
| 'client_id' => OAUTH2_CLIENT_ID, | |
| 'grant_type' => 'authorization_code', | |
| 'client_secret' => OAUTH2_CLIENT_SECRET, | |
| 'redirect_uri' => 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'], | |
| 'state' => $_SESSION['state'], | |
| 'code' => $_GET['code'] | |
| )); | |
| $tg_token = json_decode($tg_token_json, TRUE); | |
| //die(json_encode($tg_token)); | |
| $tg_access_token = $tg_token['access_token']; | |
| if (!$tg_access_token) | |
| die('Could not get auth token from tgstation:<br>Error: '.json_encode($token['error']).'<br>Error_description: '.json_encode($token['error_description']).''); | |
| $_SESSION['access_token'] = $tg_access_token; | |
| unset($_SESSION['state']); | |
| $user_json = apisend($apiURLBase, 'GET', null, $tg_access_token); | |
| $user = json_decode($user_json, TRUE); | |
| header('Location: https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']); | |
| exit(); | |
| } | |
| $tg_access_token = null; | |
| if (isset($_SESSION['access_token'])) | |
| $tg_access_token = $_SESSION['access_token']; | |
| $tg_user = null; | |
| if ($tg_access_token) { | |
| $tg_user_json = apisend($apiURLBase, 'GET', null, $tg_access_token); | |
| $tg_user = json_decode($tg_user_json, TRUE); | |
| } else { | |
| echo '<p>You are not logged in.</p><p><a href="?action=login">Login with your /tg/Station13 account.</a></p>'; | |
| die(); | |
| } | |
| if (empty($tg_user)) { | |
| echo '<p>Your login session is no longer valid.</p><p><a href="?action=login">Login with your /tg/Station13 account.</a></p>'; | |
| die(); | |
| } | |
| $do_allow = FALSE; | |
| foreach ($tg_user['groups'] as $group) { | |
| if ($group['group_id'] == 45) { | |
| $do_allow = TRUE; | |
| break; | |
| } | |
| } | |
| if (!$do_allow) { | |
| echo '<p>This account is not authorized to access this page.</p><p><a href="?action=login">Login with another /tg/Station13 account.</a></p>'; | |
| die(); | |
| } | |
| header('Content-type: application/json'); | |
| print(json_encode($tg_user, JSON_PRETTY_PRINT)."\n"); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment