masto.go (view raw)
1package main
2
3import (
4 "database/sql"
5 "fmt"
6 "log"
7 "net/http"
8 "time"
9
10 "github.com/sassoftware/relic/lib/dlog"
11 "humungus.tedunangst.com/r/webs/junk"
12 "humungus.tedunangst.com/r/webs/login"
13)
14
15type MastoApp struct {
16 Name string `db:"clientname"`
17 RedirectURI string `db:"redirecturis"`
18 ClientID string `db:"clientid"`
19 ClientSecret string `db:"clientsecret"`
20 VapidKey string `db:"vapidkey"`
21 AuthToken string `db:"authtoken"`
22 Scopes string `db:"scopes"`
23}
24
25func showoauthlogin(rw http.ResponseWriter, r *http.Request) {
26 templinfo := make(map[string]interface{})
27 templinfo = getInfo(r)
28 templinfo["ClientID"] = r.URL.Query().Get("client_id")
29 templinfo["RedirectURI"] = r.URL.Query().Get("redirect_uri")
30
31 if err := readviews.Execute(rw, "oauthlogin.html", templinfo); err != nil {
32 elog.Println(err)
33 }
34}
35
36// https://docs.joinmastodon.org/methods/apps/#create
37func apiapps(rw http.ResponseWriter, r *http.Request) {
38 if err := r.ParseForm(); err != nil {
39 http.Error(rw, "invalid input", http.StatusUnprocessableEntity)
40 elog.Println(err)
41 return
42 }
43 clientName := r.Form.Get("client_name")
44 redirectURI := r.Form.Get("redirect_uris")
45 scopes := r.Form.Get("scopes")
46 website := r.Form.Get("website")
47 clientID := tokengen()
48 clientSecret := tokengen()
49 vapidKey := tokengen()
50
51 _, err := stmtSaveMastoApp.Exec(clientName, redirectURI, scopes, clientID, clientSecret, vapidKey, "")
52 if err != nil {
53 elog.Printf("error saving masto app: %v", err)
54 http.Error(rw, "error saving masto app", http.StatusUnprocessableEntity)
55 return
56 }
57
58 j := junk.New()
59 j["id"] = "19"
60 j["website"] = website
61 j["name"] = clientName
62 j["redirect_uri"] = redirectURI
63 j["client_id"] = clientID
64 j["client_secret"] = clientSecret
65 j["vapid_key"] = vapidKey
66
67 fmt.Println(j.ToString())
68 goodjunk(rw, j)
69}
70
71// https://docs.joinmastodon.org/methods/oauth/#authorize
72func oauthorize(rw http.ResponseWriter, r *http.Request) {
73 clientID := r.FormValue("client_id")
74 redirectURI := r.FormValue("redirect_uri")
75
76 if !checkClientID(clientID) {
77 elog.Println("oauth: no such client:", clientID)
78 rw.WriteHeader(http.StatusUnauthorized)
79 return
80 }
81
82 var nrw NotResponseWriter
83 login.LoginFunc(&nrw, r)
84
85 _, err := stmtSaveMastoAppToken.Exec(nrw.auth)
86 if err != nil {
87 elog.Println("oauth: failed to save masto app token", err)
88 rw.WriteHeader(http.StatusInternalServerError)
89 return
90 }
91
92 uri := fmt.Sprintf("%s?code=%s", redirectURI, nrw.auth)
93
94 log.Println("redirecting to", uri)
95 rw.Header().Set("Content-Type", "")
96 rw.Header().Set("Location", uri)
97 rw.WriteHeader(302)
98}
99
100// https://docs.joinmastodon.org/methods/oauth/#token
101func oauthtoken(rw http.ResponseWriter, r *http.Request) {
102 grantType := r.FormValue("grant_type")
103 code := r.FormValue("code")
104 clientID := r.FormValue("client_id")
105 clientSecret := r.FormValue("client_secret")
106 redirectURI := r.FormValue("redirect_uri")
107 gotScopes := r.FormValue("scopes")
108
109 if !checkClient(clientID, clientSecret) {
110 elog.Println("oauth: no such client:", clientID)
111 rw.WriteHeader(http.StatusBadRequest)
112 return
113 }
114
115 app := MastoApp{}
116 row := stmtGetMastoApp.QueryRowx(clientID)
117 err := row.StructScan(&app)
118 if err == sql.ErrNoRows {
119 elog.Printf("oauth: invalid client: %s\n", clientID)
120 rw.WriteHeader(http.StatusBadRequest)
121 return
122 }
123 dlog.Printf("%#v", app)
124
125 if app.Scopes != gotScopes {
126 elog.Printf("oauth: bad scopes: got %s; want %s", gotScopes, app.Scopes)
127 rw.WriteHeader(http.StatusBadRequest)
128 return
129 }
130
131 if app.RedirectURI != redirectURI {
132 elog.Println("oauth: incorrect redirect URI")
133 rw.WriteHeader(http.StatusBadRequest)
134 return
135 }
136
137 if grantType == "authorization_code" {
138 // idk if this is ok? should code be reset?
139 if app.AuthToken == code {
140 accessToken := tokengen()
141 _, err := stmtSaveMastoAccessToken.Exec(app.ClientID, accessToken)
142 if err != nil {
143 elog.Println("oauth: failed to save masto access token", err)
144 rw.WriteHeader(http.StatusInternalServerError)
145 return
146 }
147 j := junk.New()
148 j["access_token"] = accessToken
149 j["token_type"] = "Bearer"
150 j["scope"] = app.Scopes
151 j["created_at"] = time.Now().UTC().Unix()
152 goodjunk(rw, j)
153 }
154 } else {
155 // gaslight the client
156 elog.Println("oauth: bad grant_type: must be authorization_code")
157 rw.WriteHeader(http.StatusBadRequest)
158 return
159 }
160}
161
162// https://docs.joinmastodon.org/methods/instance/#v2
163func instance(rw http.ResponseWriter, r *http.Request) {
164 j := junk.New()
165
166 var servername string
167 if err := getconfig("servername", &servername); err != nil {
168 http.Error(rw, "getting servername", http.StatusInternalServerError)
169 return
170 }
171
172 j["uri"] = servername
173 j["title"] = "honk"
174 j["description"] = "federated honk conveyance"
175 j["version"] = "develop"
176
177 thumbnail := junk.New()
178 thumbnail["url"] = fmt.Sprintf("https://%s/icon.png", servername)
179 j["thumbnail"] = thumbnail
180 j["languages"] = []string{"en"}
181
182 config := junk.New()
183
184 a := junk.New()
185 a["max_featured_tags"] = 10
186 config["accounts"] = a
187
188 s := junk.New()
189 s["max_characters"] = 5000
190 s["max_media_attachments"] = 1
191 s["characters_reserved_per_url"] = 23
192 config["statuses"] = s
193
194 m := junk.New()
195 m["supported_mime_types"] = []string{
196 "image/jpeg",
197 "image/png",
198 "image/gif",
199 "image/heic",
200 "image/heif",
201 "image/webp",
202 "image/avif",
203 "video/webm",
204 "video/mp4",
205 "video/quicktime",
206 "video/ogg",
207 "audio/wave",
208 "audio/wav",
209 "audio/x-wav",
210 "audio/x-pn-wave",
211 "audio/vnd.wave",
212 "audio/ogg",
213 "audio/vorbis",
214 "audio/mpeg",
215 "audio/mp3",
216 "audio/webm",
217 "audio/flac",
218 "audio/aac",
219 "audio/m4a",
220 "audio/x-m4a",
221 "audio/mp4",
222 "audio/3gpp",
223 "video/x-ms-asf",
224 }
225
226 m["image_size_limit"] = 10485760
227 m["image_matrix_limit"] = 16777216
228 m["video_size_limit"] = 41943040
229 m["video_frame_rate_limit"] = 60
230 m["video_matrix_limit"] = 2304000
231 j["media_attachments"] = m
232
233 goodjunk(rw, j)
234
235 return
236}