From 4d71ed0c1bef0222d26a96be4c87783a3ca7f083 Mon Sep 17 00:00:00 2001
From: Danil Nikolaev <lischenkodev@gmail.com>
Date: Tue, 31 Aug 2021 02:49:27 +0300
Subject: [PATCH] Retrieving sensitive data from local.properties

---
 app/build.gradle.kts                          | 11 +++
 .../main/kotlin/com/meloda/fast/UserConfig.kt |  2 +-
 .../main/kotlin/com/meloda/fast/api/VKAuth.kt | 85 ++++++++-----------
 .../kotlin/com/meloda/fast/api/VKConstants.kt | 21 -----
 4 files changed, 49 insertions(+), 70 deletions(-)

diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 39bb676c..862669f4 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -1,3 +1,7 @@
+import com.android.build.gradle.internal.cxx.configure.gradleLocalProperties
+
+val vkSecret: String = gradleLocalProperties(rootDir).getProperty("vk.app.secret")
+
 plugins {
     id("com.android.application")
     id("kotlin-android")
@@ -26,8 +30,15 @@ android {
     }
 
     buildTypes {
+        getByName("debug") {
+            buildConfigField("String", "vkSecret", vkSecret)
+        }
+
         getByName("release") {
+            buildConfigField("String", "vkSecret", vkSecret)
+
             isMinifyEnabled = false
+
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
                 "proguard-rules.pro"
diff --git a/app/src/main/kotlin/com/meloda/fast/UserConfig.kt b/app/src/main/kotlin/com/meloda/fast/UserConfig.kt
index bfdab4a1..2a566452 100644
--- a/app/src/main/kotlin/com/meloda/fast/UserConfig.kt
+++ b/app/src/main/kotlin/com/meloda/fast/UserConfig.kt
@@ -8,7 +8,7 @@ object UserConfig {
     private const val TOKEN = "token"
     private const val USER_ID = "user_id"
 
-    const val API_ID = "6964679"
+    const val FAST_APP_ID = "6964679"
 
     var userId: Int = -1
         get() = AppGlobal.preferences.getInt(USER_ID, -1)
diff --git a/app/src/main/kotlin/com/meloda/fast/api/VKAuth.kt b/app/src/main/kotlin/com/meloda/fast/api/VKAuth.kt
index 89ddb98a..d40fc427 100644
--- a/app/src/main/kotlin/com/meloda/fast/api/VKAuth.kt
+++ b/app/src/main/kotlin/com/meloda/fast/api/VKAuth.kt
@@ -2,6 +2,7 @@ package com.meloda.fast.api
 
 import android.util.Log
 import com.meloda.fast.BuildConfig
+import com.meloda.fast.UserConfig
 import com.meloda.fast.api.util.VKUtil
 import java.net.URLEncoder
 
@@ -9,62 +10,50 @@ object VKAuth {
 
     private const val TAG = "VKM.VKAuth"
 
-    const val settings =
-        "notify," +
-                "friends," +
-                "photos," +
-                "audio," +
-                "video," +
-                "docs," +
-                "status," +
-                "notes," +
-                "pages," +
-                "wall," +
-                "groups," +
-                "messages," +
-                "offline," +
-                "notifications"
+    private const val settings = "notify," +
+            "friends," +
+            "photos," +
+            "audio," +
+            "video," +
+            "docs," +
+            "status," +
+            "notes," +
+            "pages," +
+            "wall," +
+            "groups," +
+            "messages," +
+            "offline," +
+            "notifications"
 
-    const val redirectUrl = "https://oauth.vk.com/blank.html"
+    private const val redirectUrl = "https://oauth.vk.com/blank.html"
 
     fun getDirectAuthUrl(
         login: String,
         password: String,
         captchaSid: String? = null,
         captchaKey: String? = null
-    ): String {
-        return "https://oauth.vk.com/token?grant_type=password&" +
-                "client_id=${VKConstants.VK_APP_ID}&" +
-                "scope=$settings&" +
-                "client_secret=${VKConstants.VK_APP_SECRET}&" +
-                "username=$login&" +
-                "password=$password" +
-                (if (captchaSid == null || captchaKey == null) "" else "&captcha_sid=$captchaSid&captcha_key=$captchaKey") +
-                "&v=${VKApi.API_VERSION}"
-//        return "https://oauth.vk.com/token?grant_type=password&" +
-//                "client_id=2274003&" +
-//                "scope=notify,friends,photos,audio,video,docs,notes,pages,status,offers,questions,wall,groups,messages,email,notifications,stats,ads,market,offline&" +
-//                "client_secret=hHbZxrka2uZ6jB1inYsH&" +
-//                "username=$login&" +
-//                "password=$password" +
-//                (if (captcha.isEmpty()) "" else "&$captcha") +
-//                "&v=${VKApi.API_VERSION}"
-    }
+    ) = "https://oauth.vk.com/token?grant_type=password&" +
+            "client_id=${VKConstants.VK_APP_ID}&" +
+            "scope=$settings&" +
+            "client_secret=${BuildConfig.vkSecret}&" +
+            "username=$login&" +
+            "password=$password" +
+            (if (captchaSid == null || captchaKey == null) "" else "&captcha_sid=$captchaSid&captcha_key=$captchaKey") +
+            "&v=${URLEncoder.encode(VKApi.API_VERSION, "utf-8")}"
 
-    fun getUrl(api_id: String, settings: String): String {
-        return "https://oauth.vk.com/authorize?" +
-                "client_id=$api_id&" +
-                "display=mobile&" +
-                "scope=$settings&" +
-                "redirect_uri=${
-                    URLEncoder.encode(
-                        redirectUrl,
-                        "utf-8"
-                    )
-                }&" +
-                "response_type=token&" +
-                "v=${URLEncoder.encode(VKApi.API_VERSION, "utf-8")}"
-    }
+
+    fun getOAuthUrl(settings: String) = "https://oauth.vk.com/authorize?" +
+            "client_id=${UserConfig.FAST_APP_ID}&" +
+            "display=mobile&" +
+            "scope=$settings&" +
+            "redirect_uri=${
+                URLEncoder.encode(
+                    redirectUrl,
+                    "utf-8"
+                )
+            }&" +
+            "response_type=token&" +
+            "v=${URLEncoder.encode(VKApi.API_VERSION, "utf-8")}"
 
     fun parseRedirectUrl(url: String): Pair<String, Int> {
         val accessToken = VKUtil.extractPattern(url, "access_token=(.*?)&") ?: ""
diff --git a/app/src/main/kotlin/com/meloda/fast/api/VKConstants.kt b/app/src/main/kotlin/com/meloda/fast/api/VKConstants.kt
index dd3bf81e..cf2b22e1 100644
--- a/app/src/main/kotlin/com/meloda/fast/api/VKConstants.kt
+++ b/app/src/main/kotlin/com/meloda/fast/api/VKConstants.kt
@@ -2,31 +2,10 @@ package com.meloda.fast.api
 
 object VKConstants {
 
-
     const val GROUP_FIELDS = "description,members_count,counters,status,verified"
 
     const val USER_FIELDS =
         "photo_50,photo_100,photo_200,status,screen_name,online,online_mobile,last_seen,verified,sex"
 
     const val VK_APP_ID = "2274003"
-    const val VK_APP_SECRET = "hHbZxrka2uZ6jB1inYsH"
-
-    const val VK_ME_ID = "6146827"
-    const val VK_ME_SECRET = "qVxWRF1CwHERuIrKBnqe"
-
-    /*
-
-    const val ACTION_CHAT_CREATE = "chat_create"
-        const val ACTION_PHOTO_UPDATE = "chat_photo_update"
-        const val ACTION_PHOTO_REMOVE = "chat_photo_remove"
-        const val ACTION_TITLE_UPDATE = "chat_title_update"
-        const val ACTION_PIN_MESSAGE = "chat_pin_message"
-        const val ACTION_UNPIN_MESSAGE = "chat_unpin_message"
-        const val ACTION_INVITE_USER = "chat_invite_user"
-        const val ACTION_INVITE_USER_BY_LINK = "chat_invite_user_by_link"
-        const val ACTION_KICK_USER = "chat_kick_user"
-        const val ACTION_SCREENSHOT = "chat_screenshot"
-        const val ACTION_INVITE_USER_BY_CALL = "chat_invite_user_by_call"
-        const val ACTION_INVITE_USER_BY_CALL_JOIN_LINK = "chat_invite_user_by_call_link"
-     */
 }
\ No newline at end of file