masto.go (view raw)
1package main
2
3import (
4 "database/sql"
5 "fmt"
6 "log"
7 "net/http"
8 "time"
9
10 "humungus.tedunangst.com/r/webs/junk"
11 "humungus.tedunangst.com/r/webs/login"
12)
13
14type MastoApp struct {
15 Name string `db:"clientname"`
16 RedirectURI string `db:"redirecturis"`
17 ClientID string `db:"clientid"`
18 ClientSecret string `db:"clientsecret"`
19 VapidKey string `db:"vapidkey"`
20 AuthToken string `db:"authtoken"`
21 Scopes string `db:"scopes"`
22}
23
24func showoauthlogin(rw http.ResponseWriter, r *http.Request) {
25 templinfo := make(map[string]interface{})
26 templinfo = getInfo(r)
27 templinfo["ClientID"] = r.URL.Query().Get("client_id")
28 templinfo["RedirectURI"] = r.URL.Query().Get("redirect_uri")
29
30 if err := readviews.Execute(rw, "oauthlogin.html", templinfo); err != nil {
31 elog.Println(err)
32 }
33}
34
35// https://docs.joinmastodon.org/methods/apps/#create
36func apiapps(rw http.ResponseWriter, r *http.Request) {
37 if err := r.ParseForm(); err != nil {
38 http.Error(rw, "invalid input", http.StatusUnprocessableEntity)
39 elog.Println(err)
40 return
41 }
42 clientName := r.Form.Get("client_name")
43 redirectURI := r.Form.Get("redirect_uris")
44 scopes := r.Form.Get("scopes")
45 website := r.Form.Get("website")
46 clientID := tokengen()
47 clientSecret := tokengen()
48 vapidKey := tokengen()
49
50 _, err := stmtSaveMastoApp.Exec(clientName, redirectURI, scopes, clientID, clientSecret, vapidKey, "")
51 if err != nil {
52 elog.Printf("error saving masto app: %v", err)
53 http.Error(rw, "error saving masto app", http.StatusUnprocessableEntity)
54 return
55 }
56
57 j := junk.New()
58 j["id"] = "19"
59 j["website"] = website
60 j["name"] = clientName
61 j["redirect_uri"] = redirectURI
62 j["client_id"] = clientID
63 j["client_secret"] = clientSecret
64 j["vapid_key"] = vapidKey
65
66 fmt.Println(j.ToString())
67 goodjunk(rw, j)
68}
69
70// https://docs.joinmastodon.org/methods/oauth/#authorize
71func oauthorize(rw http.ResponseWriter, r *http.Request) {
72 clientID := r.FormValue("client_id")
73 redirectURI := r.FormValue("redirect_uri")
74
75 if !checkClientID(clientID) {
76 elog.Println("oauth: no such client:", clientID)
77 rw.WriteHeader(http.StatusUnauthorized)
78 return
79 }
80
81 var nrw NotResponseWriter
82 login.LoginFunc(&nrw, r)
83
84 _, err := stmtSaveMastoAppToken.Exec(nrw.auth)
85 if err != nil {
86 elog.Println("oauth: failed to save masto app token", err)
87 rw.WriteHeader(http.StatusInternalServerError)
88 return
89 }
90
91 uri := fmt.Sprintf("%s?code=%s", redirectURI, nrw.auth)
92
93 log.Println("redirecting to", uri)
94 rw.Header().Set("Content-Type", "")
95 rw.Header().Set("Location", uri)
96 rw.WriteHeader(302)
97}
98
99// https://docs.joinmastodon.org/methods/oauth/#token
100func oauthtoken(rw http.ResponseWriter, r *http.Request) {
101 grantType := r.FormValue("grant_type")
102 code := r.FormValue("code")
103 clientID := r.FormValue("client_id")
104 clientSecret := r.FormValue("client_secret")
105 redirectURI := r.FormValue("redirect_uri")
106 gotScopes := r.FormValue("scopes")
107
108 if !checkClient(clientID, clientSecret) {
109 elog.Println("oauth: no such client:", clientID)
110 rw.WriteHeader(http.StatusBadRequest)
111 return
112 }
113
114 app := MastoApp{}
115 row := stmtGetMastoApp.QueryRowx(clientID)
116 err := row.StructScan(&app)
117 if err == sql.ErrNoRows {
118 elog.Printf("oauth: invalid client: %s\n", clientID)
119 rw.WriteHeader(http.StatusBadRequest)
120 return
121 }
122 log.Printf("%#v", app)
123
124 if app.Scopes != gotScopes {
125 elog.Printf("oauth: bad scopes: got %s; want %s", gotScopes, app.Scopes)
126 rw.WriteHeader(http.StatusBadRequest)
127 return
128 }
129
130 if app.RedirectURI != redirectURI {
131 elog.Println("oauth: incorrect redirect URI")
132 rw.WriteHeader(http.StatusBadRequest)
133 return
134 }
135
136 if grantType == "authorization_code" {
137 // idk if this is ok? should code be reset?
138 if app.AuthToken == code {
139 accessToken := tokengen()
140 _, err := stmtSaveMastoAccessToken.Exec(app.ClientID, accessToken)
141 if err != nil {
142 elog.Println("oauth: failed to save masto access token", err)
143 rw.WriteHeader(http.StatusInternalServerError)
144 return
145 }
146 j := junk.New()
147 j["access_token"] = accessToken
148 j["token_type"] = "Bearer"
149 j["scope"] = app.Scopes
150 j["created_at"] = time.Now().UTC().Unix()
151 goodjunk(rw, j)
152 }
153 } else {
154 // gaslight the client
155 elog.Println("oauth: bad grant_type: must be authorization_code")
156 rw.WriteHeader(http.StatusBadRequest)
157 return
158 }
159}
160
161// https://docs.joinmastodon.org/methods/instance/#v2
162func instance(rw http.ResponseWriter, r *http.Request) {
163 j := junk.New()
164
165 var servername string
166 if err := getconfig("servername", &servername); err != nil {
167 http.Error(rw, "getting servername", http.StatusInternalServerError)
168 return
169 }
170
171 j["uri"] = servername
172 j["title"] = "honk"
173 j["description"] = "federated honk conveyance"
174 j["version"] = "develop"
175
176 thumbnail := junk.New()
177 thumbnail["url"] = fmt.Sprintf("https://%s/icon.png", servername)
178 j["thumbnail"] = thumbnail
179 j["languages"] = []string{"en"}
180
181 config := junk.New()
182
183 a := junk.New()
184 a["max_featured_tags"] = 10
185 config["accounts"] = a
186
187 s := junk.New()
188 s["max_characters"] = 5000
189 s["max_media_attachments"] = 1
190 s["characters_reserved_per_url"] = 23
191 config["statuses"] = s
192
193 m := junk.New()
194 m["supported_mime_types"] = []string{
195 "image/jpeg",
196 "image/png",
197 "image/gif",
198 "image/heic",
199 "image/heif",
200 "image/webp",
201 "image/avif",
202 "video/webm",
203 "video/mp4",
204 "video/quicktime",
205 "video/ogg",
206 "audio/wave",
207 "audio/wav",
208 "audio/x-wav",
209 "audio/x-pn-wave",
210 "audio/vnd.wave",
211 "audio/ogg",
212 "audio/vorbis",
213 "audio/mpeg",
214 "audio/mp3",
215 "audio/webm",
216 "audio/flac",
217 "audio/aac",
218 "audio/m4a",
219 "audio/x-m4a",
220 "audio/mp4",
221 "audio/3gpp",
222 "video/x-ms-asf",
223 }
224
225 m["image_size_limit"] = 10485760
226 m["image_matrix_limit"] = 16777216
227 m["video_size_limit"] = 41943040
228 m["video_frame_rate_limit"] = 60
229 m["video_matrix_limit"] = 2304000
230 j["media_attachments"] = m
231
232 goodjunk(rw, j)
233
234 return
235}