Refactor YouTube authentication flow and update settings for security enhancements

2025-06-14 17:37:37 +02:00 · 2025-06-14 17:37:37 +02:00 · fc1ec45ab4
commit fc1ec45ab4
parent a0d6fb81cd
2 changed files with 23 additions and 18 deletions
--- a/game/views.py
+++ b/game/views.py
@ -305,22 +305,6 @@ class GameDetailView(LoginRequiredMixin, DetailView):
        )


-class YoutubeLoginView(LoginRequiredMixin, View):
-    def get(self, request):
-        flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
-            settings.YOUTUBE_OAUTH_SECRETS,
-            ["https://www.googleapis.com/auth/youtube.force-ssl"],
-        )
-        flow.redirect_uri = "https://localhost/youtube_callback/"
-        auth_url, state = flow.authorization_url(
-            access_type="offline",
-            include_granted_scopes="true",
-            prompt="consent",
-        )
-        self.request.session["state"] = state
-        return redirect(auth_url)
-
-
 class YoutubeCallbackView(LoginRequiredMixin, View):
    def get(self, request):
        if err := request.GET.get("error"):
@ -335,7 +319,7 @@ class YoutubeCallbackView(LoginRequiredMixin, View):
            ["https://www.googleapis.com/auth/youtube.force-ssl"],
            state=state,
        )
-        flow.redirect_uri = "https://localhost/youtube_callback/"
+        flow.redirect_uri = request.build_absolute_uri("/youtube_callback/")

        flow.fetch_token(code=request.GET.get("code"))

@ -358,6 +342,22 @@ class YoutubeCallbackView(LoginRequiredMixin, View):
        return redirect("/")


+class YoutubeLoginView(LoginRequiredMixin, View):
+    def get(self, request):
+        flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
+            settings.YOUTUBE_OAUTH_SECRETS,
+            ["https://www.googleapis.com/auth/youtube.force-ssl"],
+        )
+        flow.redirect_uri = request.build_absolute_uri("/youtube_callback/")
+        auth_url, state = flow.authorization_url(
+            access_type="offline",
+            include_granted_scopes="true",
+            prompt="consent",
+        )
+        self.request.session["state"] = state
+        return redirect(auth_url)
+
+
 class GroupClearBlacklistView(OwnerFilterMixin, SingleObjectMixin, View):
    model = models.Group