// Exporting Monzo transactions to my YouNeedABudget.com (i.e. YNAB) // account. YNAB unfortunately doesn't currently offer an Monzo integration. As // a workaround and a practical excuse to learn Go, I decided to write one // myself. // // This job is going to run N times per 24 hours. Monzo offers webhooks for // reacting to certain types of events. I don't expect I'll need realtime data // for my YNAB integration. That may change, however, so it's worth noting. package main import ( "bytes" "encoding/json" "fmt" "io/ioutil" "log" "net/http" "net/http/httputil" "net/url" "strings" "os" "os/exec" ) //////////////////////////////////////////////////////////////////////////////// // Constants //////////////////////////////////////////////////////////////////////////////// var ( accountId = os.Getenv("monzo_account_id") clientId = os.Getenv("monzo_client_id") clientSecret = os.Getenv("monzo_client_secret") ) const ( redirectURI = "http://localhost:8080/authorization-code" // TODO(wpcarro): Consider generating a random string for the state when the // application starts instead of hardcoding it here. state = "xyz123" ) //////////////////////////////////////////////////////////////////////////////// // Business Logic //////////////////////////////////////////////////////////////////////////////// // This is the response returned from Monzo when we exchange our authorization // code for an access token. While Monzo returns additional fields, I'm only // interested in AccessToken and RefreshToken. type accessTokenResponse struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int `json:"expires_in"` } type setTokensRequest struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int `json:"expires_in"` } type Tokens struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int `json:"expires_in"` } // TODO(wpcarro): Replace http.PostForm and other similar calls with // client.postForm. The default http.Get and other methods doesn't timeout, so // it's better to create a configured client with a value for the timeout. // Returns the access token and refresh tokens for the Monzo API. func getTokens(code string) *Tokens { res, err := http.PostForm("https://api.monzo.com/oauth2/token", url.Values{ "grant_type": {"authorization_code"}, "client_id": {clientId}, "client_secret": {clientSecret}, "redirect_uri": {redirectURI}, "code": {code}, }) if err != nil { log.Fatal(err) } defer res.Body.Close() payload := &accessTokenResponse{} json.NewDecoder(res.Body).Decode(payload) return &Tokens{payload.AccessToken, payload.RefreshToken, payload.ExpiresIn} } // TODO(wpcarro): Prefer using an environment variable for the web browser // instead of assuming it will be google-chrome. // Open a web browser to allow the user to authorize this application. Return // the authorization code sent from Monzo. func getAuthCode() string { url := fmt.Sprintf("https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s", clientId, redirectURI, state) exec.Command("google-chrome", url).Start() authCode := make(chan string) go func() { log.Fatal(http.ListenAndServe(":8080", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { // 1. Get authorization code from Monzo. if req.URL.Path == "/authorization-code" { params := req.URL.Query() reqState := params["state"][0] code := params["code"][0] if reqState != state { log.Fatalf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state) } authCode <- code fmt.Fprintf(w, "Authorized!") } else { log.Printf("Unhandled request: %v\n", *req) } }))) }() result := <-authCode return result } // TODO(wpcarro): Move this logic out of here and into the tokens server. func authorize() { authCode := getAuthCode() tokens := getTokens(authCode) client := &http.Client{} payload, _ := json.Marshal(setTokensRequest{ tokens.AccessToken, tokens.RefreshToken, tokens.ExpiresIn}) log.Printf("Access token: %s\n", tokens.AccessToken) log.Printf("Refresh token: %s\n", tokens.RefreshToken) log.Printf("Expires: %s\n", tokens.ExpiresIn) req, _ := http.NewRequest("POST", "http://localhost:4242/set-tokens", bytes.NewBuffer(payload)) req.Header.Set("Content-Type", "application/json") _, err := client.Do(req) if err != nil { log.Fatal(err) } } // Retrieves the access token from the tokens server. func getAccessToken() string { return simpleGet("http://localhost:4242/token") } func main() { accessToken := getAccessToken() // authHeaders := map[string]string{ // "Authorization": fmt.Sprintf("Bearer %s", accessToken), // } client := &http.Client{} form := url.Values{"account_id": {accountId}} req, _ := http.NewRequest("GET", "https://api.monzo.com/transactions", strings.NewReader(form.Encode())) req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken)) req.Header.Add("Content-Type", "application/x-www-form-urlencoded") bytes, _ := httputil.DumpRequest(req, true) fmt.Println(string(bytes)) res, _ := client.Do(req) bytes, _ = httputil.DumpResponse(res, true) fmt.Println(string(bytes)) // res := simpleGet("https://api.monzo.com/accounts", authHeaders, true) // fmt.Println(res) os.Exit(0) }