From 79cfca002f031ac5d53ef86dd90bf30692d73210 Mon Sep 17 00:00:00 2001
From: zneix <zneix@zneix.eu>
Date: Sat, 24 Jul 2021 02:02:36 +0200
Subject: [PATCH] Add some basic handling for localhost redirect

---
 resources/auth.html                   | 63 +++++++++++++++++++++++++++
 resources/resources_autogenerated.qrc |  1 +
 src/widgets/dialogs/LoginDialog.cpp   | 47 +++++++++++++++-----
 3 files changed, 101 insertions(+), 10 deletions(-)
 create mode 100644 resources/auth.html

diff --git a/resources/auth.html b/resources/auth.html
new file mode 100644
index 000000000..916acf6ee
--- /dev/null
+++ b/resources/auth.html
@@ -0,0 +1,63 @@
+<html>
+    <head>
+        <title>Login - Chatterino</title>
+    </head>
+    <body onload="xd()">
+        <noscript>
+            <p>noscript stuffs here</p>
+        </noscript>
+
+        <p id="status">Loading...</p>
+        <script>
+            function xd() {
+                // Address of local Chatterino's http server
+                const address = "localhost";
+                const port = 52107;
+
+                // Retrieve hash with token and hide it immidiatelly
+                const fragment = location.hash.substring(1);
+                history.replaceState(null, null, " ");
+
+                // Find token in the hash
+                let token = "";
+                const fragmentElements = fragment.split("&");
+                for (element of fragmentElements) {
+                    const parts = element.split("=");
+                    if (parts[0] === "access_token" && parts[1].length !== 0) {
+                        token = parts[1];
+                    }
+                }
+
+                let status = document.getElementById("status");
+
+                // Return if no token was found
+                if (token.length === 0) {
+                    status.innerHTML = "Bad request";
+                    return;
+                }
+
+                // Call Chatterino's http server
+                status.innerHTML = "Sending your credentials to Chatterino...";
+
+                fetch(`http://${address}:${port}/token`, {
+                    method: "POST",
+                    headers: {
+                        "X-Access-Token": token
+                    }
+                }).then(resp => {
+                    // Failure
+                    if (resp.status !== 200) {
+                        status.innerHTML = `Chatterino refused your credentials, error ${resp.status}`;
+                        return;
+                    }
+                    // Success
+                    status.innerHTML = "Chatterino added your account successfully!<br>You can close this tab now.";
+                }).catch(err => {
+                    // Unexpected the unexpectable
+                    console.log(err);
+                    status.innerHTML = "Something went wrong, check console for details";
+                });
+            }
+        </script>
+    </body>
+</html>
diff --git a/resources/resources_autogenerated.qrc b/resources/resources_autogenerated.qrc
index e84cf6320..05ecacbf3 100644
--- a/resources/resources_autogenerated.qrc
+++ b/resources/resources_autogenerated.qrc
@@ -1,5 +1,6 @@
 <RCC>
   <qresource prefix="/">
+    <file>auth.html</file>
     <file>avatars/fourtf.png</file>
     <file>avatars/kararty.png</file>
     <file>avatars/matthewde.jpg</file>
diff --git a/src/widgets/dialogs/LoginDialog.cpp b/src/widgets/dialogs/LoginDialog.cpp
index 6fd68e834..45d1c9e41 100644
--- a/src/widgets/dialogs/LoginDialog.cpp
+++ b/src/widgets/dialogs/LoginDialog.cpp
@@ -15,9 +15,11 @@
 #include <QClipboard>
 #include <QDebug>
 #include <QDesktopServices>
+#include <QFile>
 #include <QMessageBox>
 #include <QUrl>
 #include <QtHttpServer/QHttpServer>
+#include <QtHttpServer/QHttpServerResponder>
 #include <pajlada/settings/setting.hpp>
 
 namespace chatterino {
@@ -90,16 +92,42 @@ BasicLoginWidget::BasicLoginWidget()
 
     qCDebug(chatterinoWidget) << "Initializing HTTP server's routes";
     this->httpServer_->route(
-        "/code", QHttpServerRequest::Method::GET,
-        [this](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
-            qDebug() << "got credentials!";
-            resp.write("KKona", "text/plain",
-                       QHttpServerResponder::StatusCode::Ok);
-            qDebug() << req.url().fragment();
-            qDebug() << req.url();
+        "/redirect", QHttpServerRequest::Method::GET,
+        [](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
+            QFile redirectHTML(":/auth.html");
+            redirectHTML.open(QIODevice::ReadOnly);
 
-            this->ui_.loginButton.setText("Logged in!");
-            this->ui_.loginButton.setEnabled(true);
+            resp.write(redirectHTML.readAll(),
+                       {{"Access-Control-Allow-Origin", "*"},
+                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Headers", "X-Access-Token"}},
+                       QHttpServerResponder::StatusCode::Ok);
+        });
+    this->httpServer_->route(
+        ".*", QHttpServerRequest::Method::OPTIONS,
+        [](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
+            qDebug() << "options called!";
+            resp.write({{"Access-Control-Allow-Origin", "*"},
+                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Headers", "X-Access-Token"}},
+                       QHttpServerResponder::StatusCode::Ok);
+        });
+    this->httpServer_->route(
+        "/token", QHttpServerRequest::Method::POST,
+        [](const QHttpServerRequest &req, QHttpServerResponder &&resp) {
+            if (!req.headers().contains("X-Access-Token"))
+            {
+                resp.write(QHttpServerResponder::StatusCode::BadRequest);
+                return;
+            }
+
+            // Handle token
+            auto token = req.headers()["X-Access-Token"];
+            qDebug() << token;
+            resp.write({{"Access-Control-Allow-Origin", "*"},
+                        {"Access-Control-Allow-Methods", "GET, POST"},
+                        {"Access-Control-Allow-Headers", "X-Access-Token"}},
+                       QHttpServerResponder::StatusCode::Ok);
         });
 
     const QString loginLink = "http://localhost:1234";
@@ -126,7 +154,6 @@ BasicLoginWidget::BasicLoginWidget()
 
     connect(&this->ui_.loginButton, &QPushButton::clicked, [this, loginLink]() {
         // Start listening for credentials
-        qDebug() << this->tcpServer_->isListening();
         if (!this->tcpServer_->listen(serverAddress, serverPort))
         {
             qCWarning(chatterinoWidget) << "Failed to start HTTP server";