masto.go (view raw)
1package main
2
3import (
4 "database/sql"
5 "fmt"
6 "log"
7 "net/http"
8 "time"
9
10 "humungus.tedunangst.com/r/webs/junk"
11 "humungus.tedunangst.com/r/webs/login"
12)
13
14type MastoApp struct {
15 Name string `db:"clientname"`
16 RedirectURI string `db:"redirecturis"`
17 ClientID string `db:"clientid"`
18 ClientSecret string `db:"clientsecret"`
19 VapidKey string `db:"vapidkey"`
20 AuthToken string `db:"authtoken"`
21 Scopes string `db:"scopes"`
22}
23
24func showoauthlogin(rw http.ResponseWriter, r *http.Request) {
25 templinfo := make(map[string]interface{})
26 templinfo = getInfo(r)
27 templinfo["ClientID"] = r.URL.Query().Get("client_id")
28 templinfo["RedirectURI"] = r.URL.Query().Get("redirect_uri")
29
30 if err := readviews.Execute(rw, "oauthlogin.html", templinfo); err != nil {
31 elog.Println(err)
32 }
33}
34
35// https://docs.joinmastodon.org/methods/apps/#create
36func apiapps(rw http.ResponseWriter, r *http.Request) {
37 if err := r.ParseForm(); err != nil {
38 http.Error(rw, "invalid input", http.StatusUnprocessableEntity)
39 elog.Println(err)
40 return
41 }
42 clientName := r.Form.Get("client_name")
43 redirectURI := r.Form.Get("redirect_uris")
44 scopes := r.Form.Get("scopes")
45 website := r.Form.Get("website")
46 clientID := tokengen()
47 clientSecret := tokengen()
48 vapidKey := tokengen()
49
50 _, err := stmtSaveMastoApp.Exec(clientName, redirectURI, scopes, clientID, clientSecret, vapidKey, "")
51 if err != nil {
52 elog.Printf("error saving masto app: %v", err)
53 http.Error(rw, "error saving masto app", http.StatusUnprocessableEntity)
54 return
55 }
56
57 j := junk.New()
58 j["id"] = "19"
59 j["website"] = website
60 j["name"] = clientName
61 j["redirect_uri"] = redirectURI
62 j["client_id"] = clientID
63 j["client_secret"] = clientSecret
64 j["vapid_key"] = vapidKey
65
66 fmt.Println(j.ToString())
67 goodjunk(rw, j)
68}
69
70// https://docs.joinmastodon.org/methods/oauth/#authorize
71func oauthorize(rw http.ResponseWriter, r *http.Request) {
72 clientID := r.FormValue("client_id")
73 redirectURI := r.FormValue("redirect_uri")
74
75 if !checkClientID(clientID) {
76 elog.Println("oauth: no such client:", clientID)
77 rw.WriteHeader(http.StatusUnauthorized)
78 return
79 }
80
81 var nrw NotResponseWriter
82 login.LoginFunc(&nrw, r)
83
84 _, err := stmtSaveMastoAppToken.Exec(nrw.auth)
85 if err != nil {
86 elog.Println("oauth: failed to save masto app token", err)
87 rw.WriteHeader(http.StatusInternalServerError)
88 return
89 }
90
91 uri := fmt.Sprintf("%s?code=%s", redirectURI, nrw.auth)
92
93 log.Println("redirecting to", uri)
94 rw.Header().Set("Content-Type", "")
95 rw.Header().Set("Location", uri)
96 rw.WriteHeader(302)
97}
98
99// https://docs.joinmastodon.org/methods/oauth/#token
100func oauthtoken(rw http.ResponseWriter, r *http.Request) {
101 grantType := r.FormValue("grant_type")
102 code := r.FormValue("code")
103 clientID := r.FormValue("client_id")
104 clientSecret := r.FormValue("client_secret")
105 redirectURI := r.FormValue("redirect_uri")
106 gotScopes := r.FormValue("scopes")
107
108 if !checkClient(clientID, clientSecret) {
109 elog.Println("oauth: no such client:", clientID)
110 rw.WriteHeader(http.StatusBadRequest)
111 return
112 }
113
114 app := MastoApp{}
115 row := stmtGetMastoApp.QueryRowx(clientID)
116 err := row.StructScan(&app)
117 if err == sql.ErrNoRows {
118 elog.Printf("oauth: invalid client: %s\n", clientID)
119 rw.WriteHeader(http.StatusBadRequest)
120 return
121 }
122
123 if app.Scopes != gotScopes {
124 elog.Printf("oauth: bad scopes: got %s; want %s", gotScopes, app.Scopes)
125 rw.WriteHeader(http.StatusBadRequest)
126 return
127 }
128
129 if app.RedirectURI != redirectURI {
130 elog.Println("oauth: incorrect redirect URI")
131 rw.WriteHeader(http.StatusBadRequest)
132 return
133 }
134
135 if grantType == "authorization_code" {
136 // idk if this is ok? should code be reset?
137 if app.AuthToken == code {
138 accessToken := tokengen()
139 _, err := stmtSaveMastoAccessToken.Exec(app.ClientID, accessToken)
140 if err != nil {
141 elog.Println("oauth: failed to save masto access token", err)
142 rw.WriteHeader(http.StatusInternalServerError)
143 return
144 }
145 j := junk.New()
146 j["access_token"] = accessToken
147 j["token_type"] = "Bearer"
148 j["scope"] = app.Scopes
149 j["created_at"] = time.Now().UTC().Unix()
150 goodjunk(rw, j)
151 }
152 } else {
153 // gaslight the client
154 elog.Println("oauth: bad grant_type: must be authorization_code")
155 rw.WriteHeader(http.StatusBadRequest)
156 return
157 }
158}
159
160// https://docs.joinmastodon.org/methods/instance/#v2
161func instance(rw http.ResponseWriter, r *http.Request) {
162 j := junk.New()
163
164 var servername string
165 if err := getconfig("servername", &servername); err != nil {
166 http.Error(rw, "getting servername", http.StatusInternalServerError)
167 return
168 }
169
170 j["uri"] = servername
171 j["title"] = "honk"
172 j["description"] = "federated honk conveyance"
173 j["version"] = "develop"
174
175 thumbnail := junk.New()
176 thumbnail["url"] = fmt.Sprintf("https://%s/icon.png", servername)
177 j["thumbnail"] = thumbnail
178 j["languages"] = []string{"en"}
179
180 config := junk.New()
181
182 a := junk.New()
183 a["max_featured_tags"] = 10
184 config["accounts"] = a
185
186 s := junk.New()
187 s["max_characters"] = 5000
188 s["max_media_attachments"] = 1
189 s["characters_reserved_per_url"] = 23
190 config["statuses"] = s
191
192 m := junk.New()
193 m["supported_mime_types"] = []string{
194 "image/jpeg",
195 "image/png",
196 "image/gif",
197 "image/heic",
198 "image/heif",
199 "image/webp",
200 "image/avif",
201 "video/webm",
202 "video/mp4",
203 "video/quicktime",
204 "video/ogg",
205 "audio/wave",
206 "audio/wav",
207 "audio/x-wav",
208 "audio/x-pn-wave",
209 "audio/vnd.wave",
210 "audio/ogg",
211 "audio/vorbis",
212 "audio/mpeg",
213 "audio/mp3",
214 "audio/webm",
215 "audio/flac",
216 "audio/aac",
217 "audio/m4a",
218 "audio/x-m4a",
219 "audio/mp4",
220 "audio/3gpp",
221 "video/x-ms-asf",
222 }
223
224 m["image_size_limit"] = 10485760
225 m["image_matrix_limit"] = 16777216
226 m["video_size_limit"] = 41943040
227 m["video_frame_rate_limit"] = 60
228 m["video_matrix_limit"] = 2304000
229 j["media_attachments"] = m
230
231 goodjunk(rw, j)
232
233 return
234}