calendarwatch_frontend/website.py

from google.oauth2 import id_token
from google.auth.transport import requests

from http.server import HTTPServer, SimpleHTTPRequestHandler, BaseHTTPRequestHandler
import socketserver
import logging
import json

Handler = SimpleHTTPRequestHandler

class S(BaseHTTPRequestHandler):
    def _set_headers(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()

    def do_GET(self):
        self._set_headers()
        f = open("index.html", "r")
        self.wfile.write(f.read().encode('utf-8'))

    def do_HEAD(self):
        self._set_headers()

    def do_POST(self):
        self._set_headers()
        print("in post method")
        self.data_string = self.rfile.read(int(self.headers['Content-Length']))
        print('checking client id')
        checkClientId(self.data_string)
        self.send_response(200)
        self.end_headers()
        self.wfile.write("Hello".encode('utf-8'))
        return

def run(server_class=HTTPServer, handler_class=S, port=1234):
    logging.basicConfig(level=logging.INFO)
    server_address = ('', port)
    with socketserver.TCPServer(("", port), handler_class) as httpd:
        print("serving at port", port)
        httpd.serve_forever()


# (Receive token by HTTPS POST) 
def checkClientId(token):
    try:

        with open('client_secret.json', 'r') as json_file:
            clientSecret = json.load(json_file)
            CLIENT_ID = clientSecret["web"]["client_id"]
        # Specify the CLIENT_ID of the app that accesses the backend:
        idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID)

        # Or, if multiple clients access the backend server:
        # idinfo = id_token.verify_oauth2_token(token, requests.Request())
        # if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
        #     raise ValueError('Could not verify audience.')

        if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
            raise ValueError('Wrong issuer.')

        # If auth request is from a G Suite domain:
        # if idinfo['hd'] != GSUITE_DOMAIN_NAME:
        #     raise ValueError('Wrong hosted domain.')

        # ID token is valid. Get the user's Google Account ID from the decoded token.
        userid = idinfo['sub']
        print(f"valid user id: {userid}")
    except ValueError:
        # ID token is invalid
        print('invalid token')
        pass

if __name__ == '__main__':
    from sys import argv

    if len(argv) == 2:
        run(port=int(argv[1]))
    else:
        run()