Upgrade server dependencies

Author: maxbbraun

server/aicon.py

@@ -1,6 +1,8 @@
 import base64
 import binascii
 from google import auth
+from google.auth.exceptions import RefreshError
+from google.auth.transport.requests import Request as GoogleAuthRequest
 from io import BytesIO
 from os import environ
 from PIL import Image
@@ -48,8 +50,8 @@ def _access_token(self):
         # Refresh the credentials, if needed.
         if not self._credentials.valid:
             try:
-                self._credentials.refresh(auth.transport.requests.Request())
-            except auth.exceptions.RefreshError as e:
+                self._credentials.refresh(GoogleAuthRequest())
+            except RefreshError as e:
                 raise ContentError(f'Failed to refresh credentials: {e}')
 
         # Return the access token.
@@ -112,8 +114,9 @@ def calculate_crop_ratio(ratio_tuple):
                 scale = max(width / image.width, height / image.height)
                 scaled_width = int(image.width * scale)
                 scaled_height = int(image.height * scale)
-                with image.resize((scaled_width, scaled_height),
-                                  resample=Image.LANCZOS) as scaled_image:
+                with image.resize(
+                        (scaled_width, scaled_height),
+                        resample=Image.Resampling.LANCZOS) as scaled_image:
 
                     # Center crop.
                     left = (scaled_width - width) // 2

server/artwork.py

@@ -33,5 +33,7 @@ def image(self, user, width, height, variant):
             with image.crop((x, y, x + width, y + height)) as cropped_image:
 
                 # The source artwork is already quantized (no dithering).
-                return cropped_image.convert('P', dither=None,
-                                             palette=Image.ADAPTIVE)
+                return cropped_image.convert(
+                    'P',
+                    dither=Image.Dither.NONE,
+                    palette=Image.Palette.ADAPTIVE)

server/auth.py

@@ -1,21 +1,24 @@
 from flask import request
 from flask import url_for
 from functools import wraps
-from googleapiclient.http import build_http
+from google_auth_oauthlib.flow import Flow
 from logging import error
-from oauth2client.client import HttpAccessTokenRefreshError
-from oauth2client.client import OAuth2WebServerFlow
 from re import compile as re_compile
 
 from firestore import Firestore
+from firestore import GOOGLE_CALENDAR_SCOPE
+from firestore import GOOGLE_TOKEN_URI
 from firestore import GoogleCalendarStorage
 from response import display_metadata
 from response import forbidden_response
 from response import settings_response
 from response import text_response
 
-# The scope to request for the Google Calendar API.
-GOOGLE_CALENDAR_SCOPE = 'https://www.googleapis.com/auth/calendar.readonly'
+# The Google OAuth authorization endpoint.
+GOOGLE_AUTH_URI = 'https://accounts.google.com/o/oauth2/v2/auth'
+
+# The OAuth client type expected by google-auth-oauthlib.
+OAUTH_CLIENT_TYPE = 'web'
 
 # The URL where Google Calendar access can be revoked.
 ACCOUNT_ACCESS_URL = 'https://myaccount.google.com/permissions'
@@ -107,40 +110,49 @@ def _google_calendar_flow(key):
     """Creates the OAuth flow."""
 
     secrets = Firestore().google_calendar_secrets()
-    return OAuth2WebServerFlow(client_id=secrets['client_id'],
-                               client_secret=secrets['client_secret'],
-                               scope=GOOGLE_CALENDAR_SCOPE,
-                               state=key,
-                               redirect_uri=_oauth_url())
+    client_config = {
+        OAUTH_CLIENT_TYPE: {
+            'client_id': secrets['client_id'],
+            'client_secret': secrets['client_secret'],
+            'auth_uri': GOOGLE_AUTH_URI,
+            'token_uri': GOOGLE_TOKEN_URI}}
+
+    return Flow.from_client_config(client_config,
+                                   scopes=[GOOGLE_CALENDAR_SCOPE],
+                                   state=key,
+                                   redirect_uri=_oauth_url())
 
 
 def google_calendar_step1(key):
     """Creates the URL for the first OAuth step."""
 
     # The user key is passed through the flow as state.
     flow = _google_calendar_flow(key)
-    return flow.step1_get_authorize_url(state=key)
+    authorization_url, _ = flow.authorization_url(
+        access_type='offline',
+        include_granted_scopes='true',
+        prompt='consent',
+        state=key)
+
+    return authorization_url
 
 
 def _google_calendar_step2(key, code):
-    """Creates the URL for the second OAuth step."""
+    """Exchanges an authorization code for credentials."""
 
     flow = _google_calendar_flow(key)
-    return flow.step2_exchange(code=code)
+    flow.fetch_token(code=code)
+
+    return flow.credentials
 
 
 def oauth_step2(key, scope, code):
     """Exchanges and saves the OAuth credentials."""
 
     # Use scope-specific token exchange and storage steps.
-    if scope == GOOGLE_CALENDAR_SCOPE:
+    if GOOGLE_CALENDAR_SCOPE in (scope or '').split():
         credentials = _google_calendar_step2(key, code)
         storage = GoogleCalendarStorage(key)
-        credentials.set_store(storage)
-        try:
-            credentials.refresh(build_http())
-        except HttpAccessTokenRefreshError as e:
-            storage.delete()
-            error('Token refresh error: %s' % e)
+        storage.put(credentials)
     else:
         error('Unknown OAuth scope: %s' % scope)

server/city.py

@@ -1037,4 +1037,6 @@ def image(self, user, width, height, variant):
                 raise ContentError(e)
 
             # The city image is already quantized (no dithering).
-            return image.convert('P', dither=None, palette=Image.ADAPTIVE)
+            return image.convert('P',
+                                 dither=Image.Dither.NONE,
+                                 palette=Image.Palette.ADAPTIVE)

server/commute.py

@@ -77,4 +77,6 @@ def image(self, user, width, height, variant):
                   image=image)
 
         # The map looks better without dithering.
-        return image.convert('P', dither=None, palette=Image.ADAPTIVE)
+        return image.convert('P',
+                             dither=Image.Dither.NONE,
+                             palette=Image.Palette.ADAPTIVE)

server/dithering_extension/pyproject.toml

@@ -1,9 +1,9 @@
 [build-system]
-requires = ['setuptools==70.0.0', 'wheel==0.43.0', 'numpy==1.26.4']
+requires = ['setuptools==82.0.1', 'wheel==0.47.0', 'numpy==2.4.4']
 build-backend = 'setuptools.build_meta'
 
 [project]
 name = 'dithering'
 version = '1.0.0'
 description = 'Floyd-Steinberg dithering written in C'
-dependencies = ['numpy==1.26.4']
+dependencies = ['numpy==2.4.4']

server/epd.py

@@ -72,8 +72,9 @@ def color_indices(image, variant):
         # Quantize the image using the palette.
         with Image.new('P', (1, 1)) as palette_image:
             palette_image.putpalette(palette_data)
-            with rgb_image.quantize(palette=palette_image,
-                                    dither=Image.NONE) as quantized_image:
+            with rgb_image.quantize(
+                    palette=palette_image,
+                    dither=Image.Dither.NONE) as quantized_image:
                 return np.array(quantized_image)
 
 

server/everyone.py

@@ -1,4 +1,3 @@
-from astral import AstralError
 from cachetools import cached
 from cachetools import TTLCache
 from content import ContentError
@@ -41,7 +40,7 @@ def _markers(self):
 
                 markers += '|%f,%f' % (anonymized.latitude,
                                        anonymized.longitude)
-            except (KeyError, AstralError):
+            except (KeyError, DataError):
                 # Skip users with address errors.
                 pass
 
@@ -56,6 +55,8 @@ def image(self, user, width, height, variant):
                                                 marker_icon=MARKER_ICON_URL)
 
             # The map looks better without dithering.
-            return image.convert('P', dither=None, palette=Image.ADAPTIVE)
+            return image.convert('P',
+                                 dither=Image.Dither.NONE,
+                                 palette=Image.Palette.ADAPTIVE)
         except DataError as e:
             raise ContentError(e)

server/firestore.py

@@ -1,25 +1,36 @@
-from firebase_admin import _apps as firebase_apps
+from datetime import datetime
 from firebase_admin import initialize_app
+from firebase_admin import get_app
 from firebase_admin.credentials import ApplicationDefault
 from firebase_admin.firestore import client as firestore_client
-from googleapiclient.http import build_http
+from google.auth.exceptions import RefreshError
+from google.auth.transport.requests import Request as GoogleAuthRequest
 from google.cloud.firestore import DELETE_FIELD
+from google.oauth2.credentials import Credentials
+from json import loads
 from logging import error
 from logging import info
 from logging import warning
-from oauth2client.client import HttpAccessTokenRefreshError
-from oauth2client.client import OAuth2Credentials
-from oauth2client.client import Storage
 from os import environ
-from threading import Lock
+
+# The scope to request for the Google Calendar API.
+GOOGLE_CALENDAR_SCOPE = 'https://www.googleapis.com/auth/calendar.readonly'
+
+# The token endpoint for Google OAuth.
+GOOGLE_TOKEN_URI = 'https://oauth2.googleapis.com/token'
+
+# The timestamp format used by oauth2client credential JSON.
+OAUTH2CLIENT_EXPIRY_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
 
 
 class Firestore(object):
     """A wrapper around the Cloud Firestore database."""
 
     def __init__(self):
         # Only initialize Firebase once.
-        if not len(firebase_apps):
+        try:
+            get_app()
+        except ValueError:
             initialize_app(ApplicationDefault(), {
                 'projectId': environ['GOOGLE_CLOUD_PROJECT']
             })
@@ -54,6 +65,37 @@ def google_calendar_secrets(self):
 
         return secrets.to_dict()
 
+    def _google_calendar_credentials_from_json(self, credentials_json):
+        """Loads Google Calendar credentials from current or legacy JSON."""
+
+        info = loads(credentials_json)
+        if info.get('invalid'):
+            return None
+
+        scopes = info.get('scopes') or [GOOGLE_CALENDAR_SCOPE]
+
+        # Migrate JSON written by the deprecated oauth2client package.
+        if 'access_token' in info:
+            return Credentials(
+                token=info.get('access_token'),
+                refresh_token=info.get('refresh_token'),
+                token_uri=info.get('token_uri') or GOOGLE_TOKEN_URI,
+                client_id=info.get('client_id'),
+                client_secret=info.get('client_secret'),
+                scopes=scopes,
+                expiry=self._parse_oauth2client_expiry(
+                    info.get('token_expiry')))
+
+        return Credentials.from_authorized_user_info(info, scopes=scopes)
+
+    def _parse_oauth2client_expiry(self, expiry):
+        """Parses oauth2client's naive UTC expiry timestamp."""
+
+        if not expiry:
+            return None
+
+        return datetime.strptime(expiry, OAUTH2CLIENT_EXPIRY_FORMAT)
+
     def google_calendar_credentials(self, key):
         """Loads and refreshes Google Calendar API credentials."""
 
@@ -64,23 +106,31 @@ def google_calendar_credentials(self, key):
 
         # Load the credentials from storage.
         try:
-            json = user.get('google_calendar_credentials')
+            credentials_json = user.get('google_calendar_credentials')
         except KeyError:
             warning('Failed to load Google Calendar credentials.')
             return None
 
         # Use the valid credentials.
-        credentials = OAuth2Credentials.from_json(json)
-        if credentials and not credentials.invalid:
+        try:
+            credentials = self._google_calendar_credentials_from_json(
+                credentials_json)
+        except (TypeError, ValueError) as e:
+            warning('Failed to parse Google Calendar credentials: %s' % e)
+            self.delete_google_calendar_credentials(key)
+            return None
+
+        if credentials and credentials.valid:
             return credentials
 
         # Handle invalidation and expiration.
-        if credentials and credentials.access_token_expired:
+        if credentials and credentials.refresh_token:
             try:
                 info('Refreshing Google Calendar credentials.')
-                credentials.refresh(build_http())
+                credentials.refresh(GoogleAuthRequest())
+                self.update_google_calendar_credentials(key, credentials)
                 return credentials
-            except HttpAccessTokenRefreshError as e:
+            except RefreshError as e:
                 warning('Google Calendar refresh failed: %s' % e)
 
         # Credentials are missing or refresh failed.
@@ -136,30 +186,31 @@ def update_user(self, key, fields):
         user.update(fields)
 
 
-class GoogleCalendarStorage(Storage):
+class GoogleCalendarStorage(object):
     """Credentials storage for the Google Calendar API using Firestore."""
 
     def __init__(self, key):
-        super(GoogleCalendarStorage, self).__init__(lock=Lock())
         self._firestore = Firestore()
         self._key = key
 
-    def locked_get(self):
-        """Loads credentials from Firestore and attaches this storage."""
+    def get(self):
+        """Loads credentials from Firestore."""
 
-        credentials = self._firestore.google_calendar_credentials(self._key)
-        if not credentials:
-            return None
-        credentials.set_store(self)
-        return credentials
+        return self._firestore.google_calendar_credentials(self._key)
 
-    def locked_put(self, credentials):
+    def put(self, credentials):
         """Saves credentials to Firestore."""
 
         self._firestore.update_google_calendar_credentials(self._key,
                                                            credentials)
 
-    def locked_delete(self):
+    def refresh(self, credentials):
+        """Refreshes credentials and saves the refreshed token."""
+
+        credentials.refresh(GoogleAuthRequest())
+        self.put(credentials)
+
+    def delete(self):
         """Deletes credentials from Firestore."""
 
         self._firestore.delete_google_calendar_credentials(self._key)