Skip to content

Commit

Permalink
add count on redirects to mitigate very unlikely DOS (microsoft#58)
Browse files Browse the repository at this point in the history
  • Loading branch information
@steveluc
steveluc authored Jul 25, 2023
1 parent 795fe54 commit 54e3473
Showing 1 changed file with 82 additions and 74 deletions.
156 changes: 82 additions & 74 deletions examples/music/src/authz.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,92 +12,100 @@ type AuthzHandler = AuthzHandlerFn | undefined;
type AuthzServer = Server | undefined;

const scope = [
"user-read-private",
"playlist-read-collaborative",
"playlist-modify-private",
"playlist-read-private",
"playlist-modify-public",
"streaming",
"user-library-read",
"user-top-read",
"user-read-playback-state",
"user-modify-playback-state",
"user-read-recently-played",
"user-read-currently-playing",
"user-library-modify",
"ugc-image-upload",
"user-read-private",
"playlist-read-collaborative",
"playlist-modify-private",
"playlist-read-private",
"playlist-modify-public",
"streaming",
"user-library-read",
"user-top-read",
"user-read-playback-state",
"user-modify-playback-state",
"user-read-recently-played",
"user-read-currently-playing",
"user-library-modify",
"ugc-image-upload",
].join("%20");

const baseClientId = process.env.SPOTIFY_APP_CLI;
const defaultPort = process.env.SPOTIFY_APP_PORT;
export class Authzor {
url: string;
app: express.Express;
handler: AuthzHandler;
server: AuthzServer;
url: string;
app: express.Express;
handler: AuthzHandler;
server: AuthzServer;
private redirectCount = 0;

constructor(
public port = defaultPort,
public showDialog = false,
public clientId = baseClientId
) {
const redirectUri = "http://localhost:" + port + "/callback";
constructor(
public port = defaultPort,
public showDialog = false,
public clientId = baseClientId
) {
const redirectUri = "http://localhost:" + port + "/callback";

this.url =
"https://accounts.spotify.com/authorize" +
"?client_id=" +
clientId +
"&response_type=token" +
"&scope=" +
scope +
"&show_dialog=" +
showDialog +
"&redirect_uri=" +
redirectUri;
this.url =
"https://accounts.spotify.com/authorize" +
"?client_id=" +
clientId +
"&response_type=token" +
"&scope=" +
scope +
"&show_dialog=" +
showDialog +
"&redirect_uri=" +
redirectUri;

this.app = express();
this.app = express();

this.app.get("/callback", (req, res) => {
res.sendFile(__dirname + "/callback.html");
if (req.query.error) {
console.log(
chalk.red("Something went wrong. Error: "),
req.query.error
);
}
});
this.app.get("/callback", (req, res) => {
if (req.query.error) {
console.log(
chalk.red("Something went wrong. Error: "),
req.query.error
);
} else {
// update this when implementing re-auth on token expire
if (this.redirectCount === 0) {
res.sendFile(__dirname + "/callback.html");
this.redirectCount++;
}
}
});

this.app.get("/token", (req, res) => {
res.sendStatus(200);
const token = req.query.access_token as string;
if (token) {
if (this.handler) {
this.handler(token);
}
}
this.close();
});
}
this.app.get("/token", (req, res) => {
res.sendStatus(200);
const token = req.query.access_token as string;
if (token) {
if (this.handler) {
this.handler(token);
}
}
this.close();
});
}

authorize(connect: boolean, handler: AuthzHandlerFn) {
if (baseClientId && connect) {
this.handler = handler;
this.server = this.app.listen(this.port, () => {
if (this.showDialog) {
console.log(
chalk.blue("Opening the Spotify Login Dialog in your browser...")
);
authorize(connect: boolean, handler: AuthzHandlerFn) {
if (baseClientId && connect) {
this.handler = handler;
this.server = this.app.listen(this.port, () => {
if (this.showDialog) {
console.log(
chalk.blue(
"Opening the Spotify Login Dialog in your browser..."
)
);
}
open(this.url, { wait: false });
});
} else {
handler(undefined);
}
open(this.url, { wait: false });
});
} else {
handler(undefined);
}
}

close() {
if (this.server) {
this.server.close();

close() {
if (this.server) {
this.server.close();
}
}
}
}

0 comments on commit 54e3473

Please sign in to comment.