From f90d0c7fddb81215b907808b8365f63f42344652 Mon Sep 17 00:00:00 2001
From: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
Date: Sun, 21 Feb 2021 01:44:01 +0300
Subject: Dynamically Selects OAuth Redirect URI

Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
---
 backend/discord.py               | 6 +++---
 backend/routes/auth/authorize.py | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/backend/discord.py b/backend/discord.py
index 9cdd2c4..8cb602c 100644
--- a/backend/discord.py
+++ b/backend/discord.py
@@ -2,18 +2,18 @@
 import httpx
 
 from backend.constants import (
-    OAUTH2_CLIENT_ID, OAUTH2_CLIENT_SECRET, OAUTH2_REDIRECT_URI
+    OAUTH2_CLIENT_ID, OAUTH2_CLIENT_SECRET
 )
 
 API_BASE_URL = "https://discord.com/api/v8"
 
 
-async def fetch_bearer_token(code: str, *, refresh: bool) -> dict:
+async def fetch_bearer_token(code: str, redirect: str, *, refresh: bool) -> dict:
     async with httpx.AsyncClient() as client:
         data = {
             "client_id": OAUTH2_CLIENT_ID,
             "client_secret": OAUTH2_CLIENT_SECRET,
-            "redirect_uri": OAUTH2_REDIRECT_URI
+            "redirect_uri": f"{redirect}/callback"
         }
 
         if refresh:
diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py
index c6cd86c..65709ab 100644
--- a/backend/routes/auth/authorize.py
+++ b/backend/routes/auth/authorize.py
@@ -87,7 +87,8 @@ class AuthorizeRoute(Route):
         """Generate an authorization token."""
         data = await request.json()
         try:
-            bearer_token = await fetch_bearer_token(data["token"], refresh=False)
+            url = request.headers.get("origin")
+            bearer_token = await fetch_bearer_token(data["token"], url, refresh=False)
         except httpx.HTTPStatusError:
             return AUTH_FAILURE
 
@@ -111,7 +112,8 @@ class TokenRefreshRoute(Route):
         """Refresh an authorization token."""
         try:
             token = request.user.decoded_token.get("refresh")
-            bearer_token = await fetch_bearer_token(token, refresh=True)
+            url = request.headers.get("origin")
+            bearer_token = await fetch_bearer_token(token, url, refresh=True)
         except httpx.HTTPStatusError:
             return AUTH_FAILURE
 
-- 
cgit v1.2.3