Spaces:
Paused
Paused
add unique string / token to prevent discord_id injection
Browse files
app.py
CHANGED
|
@@ -4,34 +4,53 @@ import threading
|
|
| 4 |
from urllib.parse import urlparse, parse_qs
|
| 5 |
import discord
|
| 6 |
from discord.ext import commands
|
|
|
|
| 7 |
|
| 8 |
-
#
|
| 9 |
intents = discord.Intents.all()
|
| 10 |
bot = commands.Bot(command_prefix="!", intents=intents)
|
| 11 |
GRADIO_APP_URL = "https://huggingface.co/spaces/lunarflu/gradio-oauth2"
|
| 12 |
DISCORD_TOKEN = os.environ.get("DISCORD_TOKEN", None)
|
| 13 |
|
|
|
|
|
|
|
|
|
|
| 14 |
@bot.event
|
| 15 |
async def on_ready():
|
| 16 |
print(f'Logged in as {bot.user}')
|
| 17 |
|
|
|
|
|
|
|
|
|
|
| 18 |
@bot.command()
|
| 19 |
async def sendlink(ctx, user: discord.User):
|
| 20 |
if ctx.author.id == 811235357663297546:
|
| 21 |
-
|
|
|
|
|
|
|
| 22 |
await user.send(f"Click the link to sign in with Hugging Face: {unique_link}")
|
| 23 |
|
| 24 |
def run_bot():
|
| 25 |
bot.run(DISCORD_TOKEN)
|
|
|
|
| 26 |
threading.Thread(target=run_bot).start()
|
| 27 |
|
| 28 |
-
#
|
| 29 |
def hello(profile: gr.OAuthProfile | None, request: gr.Request) -> str:
|
| 30 |
url_str = str(request.url)
|
| 31 |
query_params = parse_qs(urlparse(url_str).query)
|
| 32 |
user_id = query_params.get('user_id', [None])[0]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
if profile is None:
|
| 34 |
return f"❌ Not logged in. User ID: {user_id}"
|
|
|
|
| 35 |
return f"✅ Successfully logged in as {profile.username}. User ID: {user_id}"
|
| 36 |
|
| 37 |
with gr.Blocks() as demo:
|
|
|
|
| 4 |
from urllib.parse import urlparse, parse_qs
|
| 5 |
import discord
|
| 6 |
from discord.ext import commands
|
| 7 |
+
import secrets
|
| 8 |
|
| 9 |
+
# Discord bot -----------------------------------------------------------------------------------------------
|
| 10 |
intents = discord.Intents.all()
|
| 11 |
bot = commands.Bot(command_prefix="!", intents=intents)
|
| 12 |
GRADIO_APP_URL = "https://huggingface.co/spaces/lunarflu/gradio-oauth2"
|
| 13 |
DISCORD_TOKEN = os.environ.get("DISCORD_TOKEN", None)
|
| 14 |
|
| 15 |
+
# Dictionary to store user IDs and their corresponding unique strings
|
| 16 |
+
user_tokens = {}
|
| 17 |
+
|
| 18 |
@bot.event
|
| 19 |
async def on_ready():
|
| 20 |
print(f'Logged in as {bot.user}')
|
| 21 |
|
| 22 |
+
def generate_unique_string(length=6):
|
| 23 |
+
return secrets.token_hex(length // 2)
|
| 24 |
+
|
| 25 |
@bot.command()
|
| 26 |
async def sendlink(ctx, user: discord.User):
|
| 27 |
if ctx.author.id == 811235357663297546:
|
| 28 |
+
unique_string = generate_unique_string()
|
| 29 |
+
user_tokens[user.id] = unique_string
|
| 30 |
+
unique_link = f"{GRADIO_APP_URL}?user_id={user.id}&token={unique_string}"
|
| 31 |
await user.send(f"Click the link to sign in with Hugging Face: {unique_link}")
|
| 32 |
|
| 33 |
def run_bot():
|
| 34 |
bot.run(DISCORD_TOKEN)
|
| 35 |
+
|
| 36 |
threading.Thread(target=run_bot).start()
|
| 37 |
|
| 38 |
+
# Gradio ------------------------------------------------------------------------------------------------------------
|
| 39 |
def hello(profile: gr.OAuthProfile | None, request: gr.Request) -> str:
|
| 40 |
url_str = str(request.url)
|
| 41 |
query_params = parse_qs(urlparse(url_str).query)
|
| 42 |
user_id = query_params.get('user_id', [None])[0]
|
| 43 |
+
token = query_params.get('token', [None])[0]
|
| 44 |
+
|
| 45 |
+
if user_id is None or token is None:
|
| 46 |
+
return "❌ Invalid link. Missing user_id or token."
|
| 47 |
+
|
| 48 |
+
if int(user_id) not in user_tokens or user_tokens[int(user_id)] != token:
|
| 49 |
+
return "❌ Invalid or expired token."
|
| 50 |
+
|
| 51 |
if profile is None:
|
| 52 |
return f"❌ Not logged in. User ID: {user_id}"
|
| 53 |
+
|
| 54 |
return f"✅ Successfully logged in as {profile.username}. User ID: {user_id}"
|
| 55 |
|
| 56 |
with gr.Blocks() as demo:
|