masto.go (view raw)
1package main
2
3import (
4 "database/sql"
5 "fmt"
6 "log"
7 "net/http"
8 "time"
9
10 "humungus.tedunangst.com/r/webs/junk"
11 "humungus.tedunangst.com/r/webs/login"
12)
13
14type MastoApp struct {
15 Name string `db:"clientname"`
16 RedirectURI string `db:"redirecturis"`
17 ClientID string `db:"clientid"`
18 ClientSecret string `db:"clientsecret"`
19 VapidKey string `db:"vapidkey"`
20 AuthToken string `db:"authtoken"`
21 Scopes string `db:"scopes"`
22}
23
24func showoauthlogin(rw http.ResponseWriter, r *http.Request) {
25 templinfo := make(map[string]interface{})
26 templinfo = getInfo(r)
27 templinfo["ClientID"] = r.URL.Query().Get("client_id")
28 templinfo["RedirectURI"] = r.URL.Query().Get("redirect_uri")
29
30 if err := readviews.Execute(rw, "oauthlogin.html", templinfo); err != nil {
31 elog.Println(err)
32 }
33}
34
35// https://docs.joinmastodon.org/methods/apps/#create
36func apiapps(rw http.ResponseWriter, r *http.Request) {
37 if err := r.ParseForm(); err != nil {
38 http.Error(rw, "invalid input", http.StatusUnprocessableEntity)
39 elog.Println(err)
40 return
41 }
42 clientName := r.Form.Get("client_name")
43 redirectURI := r.Form.Get("redirect_uris")
44 scopes := r.Form.Get("scopes")
45 website := r.Form.Get("website")
46 clientID := tokengen()
47 clientSecret := tokengen()
48 vapidKey := tokengen()
49
50 _, err := stmtSaveMastoApp.Exec(clientName, redirectURI, scopes, clientID, clientSecret, vapidKey, "")
51 if err != nil {
52 elog.Printf("error saving masto app: %v", err)
53 http.Error(rw, "error saving masto app", http.StatusUnprocessableEntity)
54 return
55 }
56
57 j := junk.New()
58 j["id"] = "19"
59 j["website"] = website
60 j["name"] = clientName
61 j["redirect_uri"] = redirectURI
62 j["client_id"] = clientID
63 j["client_secret"] = clientSecret
64 j["vapid_key"] = vapidKey
65
66 fmt.Println(j.ToString())
67 goodjunk(rw, j)
68}
69
70// https://docs.joinmastodon.org/methods/oauth/#authorize
71func oauthorize(rw http.ResponseWriter, r *http.Request) {
72 clientID := r.FormValue("client_id")
73 redirectURI := r.FormValue("redirect_uri")
74
75 if !checkClientID(clientID) {
76 elog.Println("oauth: no such client:", clientID)
77 rw.WriteHeader(http.StatusUnauthorized)
78 return
79 }
80
81 var nrw NotResponseWriter
82 login.LoginFunc(&nrw, r)
83
84 _, err := stmtSaveMastoAppToken.Exec(nrw.auth)
85 if err != nil {
86 elog.Println("oauth: failed to save masto app token", err)
87 rw.WriteHeader(http.StatusInternalServerError)
88 return
89 }
90
91 uri := fmt.Sprintf("%s?code=%s", redirectURI, nrw.auth)
92
93 log.Println("redirecting to", uri)
94 rw.Header().Set("Content-Type", "")
95 rw.Header().Set("Location", uri)
96 rw.WriteHeader(302)
97}
98
99// https://docs.joinmastodon.org/methods/oauth/#token
100func oauthtoken(rw http.ResponseWriter, r *http.Request) {
101 grantType := r.FormValue("grant_type")
102 code := r.FormValue("code")
103 clientID := r.FormValue("client_id")
104 clientSecret := r.FormValue("client_secret")
105 redirectURI := r.FormValue("redirect_uri")
106 gotScopes := r.FormValue("scopes")
107
108 if !checkClient(clientID, clientSecret) {
109 elog.Println("oauth: no such client:", clientID)
110 rw.WriteHeader(http.StatusBadRequest)
111 return
112 }
113
114 app := MastoApp{}
115 row := stmtGetMastoApp.QueryRowx(clientID)
116 err := row.StructScan(&app)
117 if err == sql.ErrNoRows {
118 elog.Printf("oauth: invalid client: %s\n", clientID)
119 rw.WriteHeader(http.StatusBadRequest)
120 return
121 }
122
123 if app.Scopes != gotScopes {
124 elog.Println("oauth: bad scopes")
125 rw.WriteHeader(http.StatusBadRequest)
126 }
127
128 if app.RedirectURI != redirectURI {
129 elog.Println("oauth: incorrect redirect URI")
130 rw.WriteHeader(http.StatusBadRequest)
131 }
132
133 if grantType == "authorization_code" {
134 // idk if this is ok? should code be reset?
135 if app.AuthToken == code {
136 accessToken := tokengen()
137 _, err := stmtSaveMastoAccessToken.Exec(app.ClientID, accessToken)
138 if err != nil {
139 elog.Println("oauth: failed to save masto access token", err)
140 rw.WriteHeader(http.StatusInternalServerError)
141 return
142 }
143 j := junk.New()
144 j["access_token"] = accessToken
145 j["token_type"] = "Bearer"
146 j["scope"] = app.Scopes
147 j["created_at"] = time.Now().UTC().Unix()
148 goodjunk(rw, j)
149 }
150 } else {
151 // gaslight the client
152 elog.Println("oauth: bad grant_type: must be authorization_code")
153 rw.WriteHeader(http.StatusBadRequest)
154 }
155}
156
157// https://docs.joinmastodon.org/methods/instance/#v2
158func instance(rw http.ResponseWriter, r *http.Request) {
159 j := junk.New()
160
161 var servername string
162 if err := getconfig("servername", &servername); err != nil {
163 http.Error(rw, "getting servername", http.StatusInternalServerError)
164 return
165 }
166
167 j["uri"] = servername
168 j["title"] = "honk"
169 j["description"] = "federated honk conveyance"
170 j["version"] = "develop"
171
172 thumbnail := junk.New()
173 thumbnail["url"] = fmt.Sprintf("https://%s/icon.png", servername)
174 j["thumbnail"] = thumbnail
175 j["languages"] = []string{"en"}
176
177 config := junk.New()
178
179 a := junk.New()
180 a["max_featured_tags"] = 10
181 config["accounts"] = a
182
183 s := junk.New()
184 s["max_characters"] = 5000
185 s["max_media_attachments"] = 1
186 s["characters_reserved_per_url"] = 23
187 config["statuses"] = s
188
189 m := junk.New()
190 m["supported_mime_types"] = []string{
191 "image/jpeg",
192 "image/png",
193 "image/gif",
194 "image/heic",
195 "image/heif",
196 "image/webp",
197 "image/avif",
198 "video/webm",
199 "video/mp4",
200 "video/quicktime",
201 "video/ogg",
202 "audio/wave",
203 "audio/wav",
204 "audio/x-wav",
205 "audio/x-pn-wave",
206 "audio/vnd.wave",
207 "audio/ogg",
208 "audio/vorbis",
209 "audio/mpeg",
210 "audio/mp3",
211 "audio/webm",
212 "audio/flac",
213 "audio/aac",
214 "audio/m4a",
215 "audio/x-m4a",
216 "audio/mp4",
217 "audio/3gpp",
218 "video/x-ms-asf",
219 }
220
221 m["image_size_limit"] = 10485760
222 m["image_matrix_limit"] = 16777216
223 m["video_size_limit"] = 41943040
224 m["video_frame_rate_limit"] = 60
225 m["video_matrix_limit"] = 2304000
226 j["media_attachments"] = m
227
228 goodjunk(rw, j)
229
230 return
231}