GoonAuth2 is a REST API service that can be used to authorize membership in the Something Is Awful internet forum.
The service is powered by Python 3 (v3.4.3) and Redis (v2.8.4). Python dependencies include Falcon, redis-py, requests, and gunicorn. You can install all of these dependencies via the included requirements.txt:
virtualenv .
pip install -r requirements.txt
There are a couple of values you'll need to update before the server will work. First, update REDIS_HOST, REDIS_PORT, and REDIS_DB_NUM to point to whatever Redis server you want to use. The only things stored in the database are short-lived key:value pairs that automatically expire in HASH_LIFESPAN_MINS * 60 seconds.
You'll also want to set values for the following strings: COOKIE_SESSIONID, COOKIE_SESSIONHASH, COOKIE_BBUSERID, and COOKIE_BBPASSWORD. I opted to create an accompanying local_settings.py file and define them within that, but feel free to specify them as you wish.
These four values need to be taken from an existing logged-in user's cookies:
Once everything is in place, you can start the server using gunicorn:
gunicorn server:app
POST to /v1/generate_hash/ with a JSON-encoded payload containing a username value equal to the user's username.
The returned payload will contain a hash key with a random 32-character alphanumeric value:
{
"hash": "hMPAtkx6xIEtVfqqP0X9bvEG8lU4Yypb"
}
The hash will expire after 5 minutes but can easily be re-generated after expiration by re-submitting the above request.
Direct the user to save the above hash to a publicly-viewable section of their profile:
Wherever they save it, it needs to be visible when they navigate to http://forums.somethingisawful.com/member.php?action=getinfo&username=<USERNAME_HERE>.
Once the hash is in-place, POST a request to /v1/validate_user/ with a JSON-encoded payload containing a username value equal to the user's username.
The returned payload will contain a validated key with a boolean value of whether or not the hash was detected :
{
"validated": true
}