From c9541d32b169b08fb9c2d188606688dcd835a888 Mon Sep 17 00:00:00 2001 From: Arianna Reischer Date: Wed, 17 Apr 2024 02:25:17 -0400 Subject: [PATCH] code prevents invalid session id --- receiptifyv1/app.js | 51 ++++++++++++++++++++++++++---------------- receiptifyv1/users.csv | 6 ++--- 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/receiptifyv1/app.js b/receiptifyv1/app.js index 2fd6075..17e2490 100644 --- a/receiptifyv1/app.js +++ b/receiptifyv1/app.js @@ -27,8 +27,8 @@ const cors = require('cors'); require('dotenv').config(); -const client_id = '035844db2ccb4d0698ab8e14bb12f27a'; -const client_secret = '8bfd5a9fa7a44aedbf8bf8f513236b4f'; +const client_id = '792207d6524f4255a1730e478d8b66f6'; +const client_secret = 'fd5c90696d984ca7a65a54853f340c70'; //const privateKey = fs.readFileSync('AuthKey_A8FKGGUQP3.p8').toString(); const teamId = process.env.teamId; const keyId = process.env.keyId; @@ -146,28 +146,40 @@ app.get('/join', function (req, res){ res.sendFile(__dirname + '/public/join.html') }); -app.get('/submit', function (req, res){ +app.get('/submit', async function (req, res){ console.log('/submit'); + let sessionUsers; var state = generateRandomString(16); res.cookie(stateKey, state); sessionIDString = 'sessionID' res.cookie(sessionIDString, req.query.sessionID); - // your application requests authorization - // user-read-private & user-read-email used to get current user info - // user-top-read used to get top track info - var scope = - 'user-read-private user-read-email user-top-read playlist-modify-public'; - res.set('sessionID', req.query.sessionID); - res.redirect( - 'https://accounts.spotify.com/authorize?' + - querystring.stringify({ - response_type: 'code', - client_id: client_id, - scope: scope, - redirect_uri: redirect_uri, - state: state, - }) - ); + sessionUsers = await processFile('users.csv', req.query.sessionID, 1); + console.log(`Session users length: ${sessionUsers.length}`); + + if (sessionUsers.length === 0) + { + // TODO: add message or pop up asking user to resubmit (right now code just stops) + } + else + { + // your application requests authorization + // user-read-private & user-read-email used to get current user info + // user-top-read used to get top track info + var scope = + 'user-read-private user-read-email user-top-read playlist-modify-public'; + res.set('sessionID', req.query.sessionID); + res.redirect( + 'https://accounts.spotify.com/authorize?' + + querystring.stringify({ + response_type: 'code', + client_id: client_id, + scope: scope, + redirect_uri: redirect_uri, + state: state, + }) + ); + } + }) /*app.get('/applemusic', function (req, res) { @@ -215,6 +227,7 @@ async function fetchProfile(token) { return await result.json(); } + app.get('/getUsers', async (req, res) =>{ console.log('/getUsers'); const sessionID = req.query.sessionID; diff --git a/receiptifyv1/users.csv b/receiptifyv1/users.csv index 13e134d..4802544 100644 --- a/receiptifyv1/users.csv +++ b/receiptifyv1/users.csv @@ -1,3 +1,3 @@ -display_name, access_token, sessionID -✧ jizzica ✧,BQChAka6mlOzw7MQ9TRXVMCt-TMXc9ygokAOtVMJcLA_Wf7VEX_9NXEJajpVc_Eji3CefksLbHDAnX9fvpLtx7NgcFt7DbS_WwffqnUBOR539JxEVgsqMkmfg97UL_y4zLW4u7GEoHtDymtBxMxnvD7LaaoXL9P63M2UxLRwyxyLH0hI2QIOwyvLEQ0yW53UnQk9XEhdLuyK-tMJtfp3HCldxjtKCSGYFC0PoLY,219722,2024-4-16 17:40:40, -Martin Duong,BQCRfDHLTb6f6sX806cJalJSajBhq6-TB3veC6GRXb3AZ8uHMO6HEOvloqLeLc7xlTx-ZhgOfs22ONj2VWQz5n__xdk7C546UUy7In5MHgg7gYGix7457c0r7gXakCZcaee-brL3qqE3WC1N0U_5KEomJSOBKp39Lr389po2OMTGsnJ8uyOUmnWt2H5EbtvBH9xm1F9T9yOv6n0e9aAfKGfY_-K05xQ4j0-Hvyk,219722,2024-4-16 17:40:56, \ No newline at end of file + +Ari,BQA8fwaaWA87EUZvia5emYjOq0IyC0_9rePt7Dsnvs6shbeWFRssWwAfsHYvJAbtnYxDO9vi1YRYs7WUXsd6yzX1UgQE9wMgAJ_VksmJThckhV5qVbQG-Z4zG64YVEHNodfeQoTPWvgCEgC4Rjnb5aWphBYHKcBpseuMAERYqeWxxvWerddgmS22u4D0lpiyqTpKaKzbeiRaY-IuhhzrZfFv8hCSJM1dfPVpUXmTIJ2GkC2_GphugfE6,763656,1713334863450, +Ari,BQBP9W-1YdtEPiN84p4PnEXDc658wfuhYs2LsCMNm9mR3c2HGjVGTMmQHG5fSxYJVRhPE995RPlGXrx8tZlbux2YDC1LvBCmoh3ntfgiqKkkOmGoIPAUoV8V0ygebaQDRKD3V_uDuCuhbpSb8NIqwV4KbP8ezBQ3zGmU_vtAtULeNjPTbc-QGXK38tOj9M8bBUPQOBqGJkG_HbQqOcd0POBQmNk3OeDdhDOzYcqnZtF5b6y-LMjFJXOm,763656,1713334879131,