nathanvogel/AuthorizeIFTTT.jsx

## AuthorizeIFTTT.jsx
// A React-Redux component to confirm which user is authorizing IFTTT
// It is react-routed at http://localhost:3000/authorize_ifttt

import React, { Component } from "react";
import { Redirect } from "react-router-dom";

// ...

class AuthorizeIFTTT extends Component {
  signOut = _event => {
    this.props.signOut();
  };

  authorize = _event => {
    // TODO: Save to RTDB that access is okay or something like that.
    // OR : get a token and authentify the redirect with this token and check
    // the token server side.

    // Redirect the user
    // Sample current URL:
    // http://localhost:3000/authorize_ifttt?state=[REDACTED]&redirect_uri=https%3A%2F%2Fifttt.com%2Fchannels%2Fmltest%2Fauthorize
    const params = new URLSearchParams(this.props.location.search);
    const iftttState = params.get("state");
    const redirect_uri = params.get("redirect_uri");
    const get_code_uri = FIREBASE_FUNCTION_URL + "/oauth/authorize_user";
    window.location =
      get_code_uri +
      "?uid=" +
      this.props.auth.user.uid +
      "&state=" +
      iftttState +
      "&redirect_uri=" +
      redirect_uri;
  };

  render() {
    return (
      <div className="AuthorizeIFTTT">
        <div>
          Signed in as {this.props.auth.user.email},{" "}
          {this.props.auth.user.displayName}
        </div>
        <button onClick={this.authorize}>Authorize IFTTT</button>
        <button onClick={this.signOut}>Change user</button>
      </div>
    );
  }
}

export default connect(
  mapStateToProps,
  mapDispatchToProps
)(AuthorizeIFTTT);

## index.js
// This gist is based on thie example from IFTTT
// https://github.com/IFTTT/connect_with_ifttt_auth_sample
// which was originally made for the mobile SDKs, but I adapted
// it to run it in a Firebase Cloud Function using UIDs.

const functions = require("firebase-functions");
var express = require("express");
var int_encoder = require("int-encoder");
var crypto = require("crypto");
var bodyParser = require("body-parser");
// The Firebase Admin SDK to access the Firebase Realtime Database.
const admin = require("firebase-admin");
admin.initializeApp();

const APP_URL = "http://localhost:3000";
const ENCRYPTION_KEY = "xyz123";

int_encoder.alphabet();

function encrypt_string(string) {
  var cipher = crypto.createCipher("aes-256-cbc", ENCRYPTION_KEY);
  var crypted = cipher.update(string, "utf8", "hex");
  crypted += cipher.final("hex");
  return int_encoder.encode(crypted, 16);
}

function decrypt_string(string) {
  key = int_encoder.decode(string, 16);
  var decipher = crypto.createDecipher("aes-256-cbc", ENCRYPTION_KEY);
  var dec = decipher.update(key, "hex", "utf8");
  dec += decipher.final("utf8");
  return dec;
}

function random(max) {
  return Math.floor(Math.random() * max + 1);
}

function getTokenWithUid(uid) {
  const token = uid + ":" + random(100);
  // console.log("Generated token:" + token);
  const encrypted_token = encrypt_string(token);
  // console.log("uid:" + uid + "  ->  Token:" + encrypted_token);
  return encrypted_token;
}

function getUidFromToken(token) {
  const user_random = decrypt_string(token);
  // console.log("user_random_t: " + user_random);
  const uid = user_random.split(":")[0];
  // console.log("Token:" + token + "  ->  uid:" + uid);
  return uid;
}

function getAuthCodeWithUid(uid) {
  const authcode = uid + "." + random(100);
  // console.log("Generated authocode:" + authcode);
  const encrypted_authcode = encrypt_string(authcode);
  // console.log("uid:" + uid + "  ->  Code:" + encrypted_authcode);
  return encrypted_authcode;
}

function getUidFromAuthCode(authcode) {
  const user_random = decrypt_string(authcode);
  // console.log("user_random_c: " + user_random);
  const uid = user_random.split(".")[0];
  // console.log("Code:" + authcode + "  ->  uid:" + uid);
  return uid;
}

var app = express();

// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }));

// parse application/json
app.use(bodyParser.json());

// ****************** START OAUTH SERVER ******************
// Since I'm not using the Connect with IFTTT SDK, I'm not calling
// /generate_oauth_code from the client, but rather redirecting the user
// to the app, which will then redirect to /oauth/authorize_user with the UID.
// PS: I'm not sure if it's a good clean idea.
app.get("/oauth/authorize", (req, res) => {
  console.log(req.url);
  // Redirect my user to my app (in the auth popup opened by IFTTT)
  // and indicate to my app where to redirect the user if the user authorizes
  // IFTTT to access his account.
  // The actual code generation is done in /oauth/authorize_user, to which my
  // app redirects my user once they've authorized IFTTT access.
  // redirect_uri and state are carried over from
  res.redirect(
    APP_URL +
      "/authorize_ifttt?state=" +
      req.query.state +
      "&redirect_uri=" +
      encodeURIComponent(req.query.redirect_uri)
  );
});

// After having authorized IFTTT access, the client makes this request.
// Now that we have the UID, we can generate an auth code for IFTTT and
// redirect with the state that IFTTT gave us at the beginning.
// We should probably check that he did set the permissions,
// in the RTDB for example.
app.get("/oauth/authorize_user", (req, res) => {
  console.log(req.url);
  var code = getAuthCodeWithUid(req.query.uid);
  var redirect_uri = "https://ifttt.com/channels/mltest/authorize";

  res.redirect(
    redirect_uri +
      "?code=" +
      encodeURIComponent(code) +
      "&state=" +
      req.query.state
  );
});

// Our standard OAuth token exchange endpoint.
// We'll take a code that was generated previously in the
// /generate_oauth_code or /oauth/authorize_user endpoint
app.post("/oauth/token", (req, res) => {
  console.log(req.url);
  console.log("Body code: " + req.body.code);
  try {
    // Decrypt the uid from the code
    var uid = getUidFromAuthCode(req.body.code);
  } catch (e) {
    res.json(401, { error: "Invalid auth code" });
    return;
  }

  // Re-encrypt our uid as the app OAuth access token
  res.json({
    token_type: "bearer",
    access_token: getTokenWithUid(uid)
  });
});
// ****************** END OAUTH SERVER ******************

// ****************** START IFTTT API ******************
app.get("/ifttt/v1/user/info", (req, res) => {
  var bearer_token = req.header("Authorization").split(" ")[1];

  try {
    // Decrypt the uid from the code
    var decrypted = getUidFromToken(bearer_token);
  } catch (e) {
    res.json(401, { error: "Invalid access token" });
  }

  var uid = decrypted;
  console.log("Asking user info for " + uid);

  admin
    .auth()
    .getUser(uid)
    .then(userRecord => {
      return res.json({
        data: {
          name: userRecord.displayName,
          url: APP_URL,
          id: userRecord.uid
        }
      });
    })
    .catch(e => {
      return res.status(400).json({
        errors: [
          {
            message: "Error: couldn't retrieve user " + uid + ". " + e.message
          }
        ]
      });
    });
});


// ****************** END IFTTT API ******************

exports.iftttapi = functions.https.onRequest(app);
	// A React-Redux component to confirm which user is authorizing IFTTT
	// It is react-routed at http://localhost:3000/authorize_ifttt

	import React, { Component } from "react";
	import { Redirect } from "react-router-dom";

	// ...

	class AuthorizeIFTTT extends Component {
	signOut = _event => {
	this.props.signOut();
	};

	authorize = _event => {
	// TODO: Save to RTDB that access is okay or something like that.
	// OR : get a token and authentify the redirect with this token and check
	// the token server side.

	// Redirect the user
	// Sample current URL:
	// http://localhost:3000/authorize_ifttt?state=[REDACTED]&redirect_uri=https%3A%2F%2Fifttt.com%2Fchannels%2Fmltest%2Fauthorize
	const params = new URLSearchParams(this.props.location.search);
	const iftttState = params.get("state");
	const redirect_uri = params.get("redirect_uri");
	const get_code_uri = FIREBASE_FUNCTION_URL + "/oauth/authorize_user";
	window.location =
	get_code_uri +
	"?uid=" +
	this.props.auth.user.uid +
	"&state=" +
	iftttState +
	"&redirect_uri=" +
	redirect_uri;
	};

	render() {
	return (
	<div className="AuthorizeIFTTT">
	<div>
	Signed in as {this.props.auth.user.email},{" "}
	{this.props.auth.user.displayName}
	</div>
	<button onClick={this.authorize}>Authorize IFTTT</button>
	<button onClick={this.signOut}>Change user</button>
	</div>
	);
	}
	}

	export default connect(
	mapStateToProps,
	mapDispatchToProps
	)(AuthorizeIFTTT);
	// This gist is based on thie example from IFTTT
	// https://github.com/IFTTT/connect_with_ifttt_auth_sample
	// which was originally made for the mobile SDKs, but I adapted
	// it to run it in a Firebase Cloud Function using UIDs.

	const functions = require("firebase-functions");
	var express = require("express");
	var int_encoder = require("int-encoder");
	var crypto = require("crypto");
	var bodyParser = require("body-parser");
	// The Firebase Admin SDK to access the Firebase Realtime Database.
	const admin = require("firebase-admin");
	admin.initializeApp();

	const APP_URL = "http://localhost:3000";
	const ENCRYPTION_KEY = "xyz123";

	int_encoder.alphabet();

	function encrypt_string(string) {
	var cipher = crypto.createCipher("aes-256-cbc", ENCRYPTION_KEY);
	var crypted = cipher.update(string, "utf8", "hex");
	crypted += cipher.final("hex");
	return int_encoder.encode(crypted, 16);
	}

	function decrypt_string(string) {
	key = int_encoder.decode(string, 16);
	var decipher = crypto.createDecipher("aes-256-cbc", ENCRYPTION_KEY);
	var dec = decipher.update(key, "hex", "utf8");
	dec += decipher.final("utf8");
	return dec;
	}

	function random(max) {
	return Math.floor(Math.random() * max + 1);
	}

	function getTokenWithUid(uid) {
	const token = uid + ":" + random(100);
	// console.log("Generated token:" + token);
	const encrypted_token = encrypt_string(token);
	// console.log("uid:" + uid + " -> Token:" + encrypted_token);
	return encrypted_token;
	}

	function getUidFromToken(token) {
	const user_random = decrypt_string(token);
	// console.log("user_random_t: " + user_random);
	const uid = user_random.split(":")[0];
	// console.log("Token:" + token + " -> uid:" + uid);
	return uid;
	}

	function getAuthCodeWithUid(uid) {
	const authcode = uid + "." + random(100);
	// console.log("Generated authocode:" + authcode);
	const encrypted_authcode = encrypt_string(authcode);
	// console.log("uid:" + uid + " -> Code:" + encrypted_authcode);
	return encrypted_authcode;
	}

	function getUidFromAuthCode(authcode) {
	const user_random = decrypt_string(authcode);
	// console.log("user_random_c: " + user_random);
	const uid = user_random.split(".")[0];
	// console.log("Code:" + authcode + " -> uid:" + uid);
	return uid;
	}

	var app = express();

	// parse application/x-www-form-urlencoded
	app.use(bodyParser.urlencoded({ extended: false }));

	// parse application/json
	app.use(bodyParser.json());

	// **************** START OAUTH SERVER ****************
	// Since I'm not using the Connect with IFTTT SDK, I'm not calling
	// /generate_oauth_code from the client, but rather redirecting the user
	// to the app, which will then redirect to /oauth/authorize_user with the UID.
	// PS: I'm not sure if it's a good clean idea.
	app.get("/oauth/authorize", (req, res) => {
	console.log(req.url);
	// Redirect my user to my app (in the auth popup opened by IFTTT)
	// and indicate to my app where to redirect the user if the user authorizes
	// IFTTT to access his account.
	// The actual code generation is done in /oauth/authorize_user, to which my
	// app redirects my user once they've authorized IFTTT access.
	// redirect_uri and state are carried over from
	res.redirect(
	APP_URL +
	"/authorize_ifttt?state=" +
	req.query.state +
	"&redirect_uri=" +
	encodeURIComponent(req.query.redirect_uri)
	);
	});

	// After having authorized IFTTT access, the client makes this request.
	// Now that we have the UID, we can generate an auth code for IFTTT and
	// redirect with the state that IFTTT gave us at the beginning.
	// We should probably check that he did set the permissions,
	// in the RTDB for example.
	app.get("/oauth/authorize_user", (req, res) => {
	console.log(req.url);
	var code = getAuthCodeWithUid(req.query.uid);
	var redirect_uri = "https://ifttt.com/channels/mltest/authorize";

	res.redirect(
	redirect_uri +
	"?code=" +
	encodeURIComponent(code) +
	"&state=" +
	req.query.state
	);
	});

	// Our standard OAuth token exchange endpoint.
	// We'll take a code that was generated previously in the
	// /generate_oauth_code or /oauth/authorize_user endpoint
	app.post("/oauth/token", (req, res) => {
	console.log(req.url);
	console.log("Body code: " + req.body.code);
	try {
	// Decrypt the uid from the code
	var uid = getUidFromAuthCode(req.body.code);
	} catch (e) {
	res.json(401, { error: "Invalid auth code" });
	return;
	}

	// Re-encrypt our uid as the app OAuth access token
	res.json({
	token_type: "bearer",
	access_token: getTokenWithUid(uid)
	});
	});
	// **************** END OAUTH SERVER ****************

	// **************** START IFTTT API ****************
	app.get("/ifttt/v1/user/info", (req, res) => {
	var bearer_token = req.header("Authorization").split(" ")[1];

	try {
	// Decrypt the uid from the code
	var decrypted = getUidFromToken(bearer_token);
	} catch (e) {
	res.json(401, { error: "Invalid access token" });
	}

	var uid = decrypted;
	console.log("Asking user info for " + uid);

	admin
	.auth()
	.getUser(uid)
	.then(userRecord => {
	return res.json({
	data: {
	name: userRecord.displayName,
	url: APP_URL,
	id: userRecord.uid
	}
	});
	})
	.catch(e => {
	return res.status(400).json({
	errors: [
	{
	message: "Error: couldn't retrieve user " + uid + ". " + e.message
	}
	]
	});
	});
	});


	// **************** END IFTTT API ****************

	exports.iftttapi = functions.https.onRequest(app);