icy does git — honk: 02af8a8a2e1f8319ba5065f5a6f1db485071c7f5

Anirudh Oppiliappan x@icyphox.sh

Tue, 26 Sep 2023 23:04:58 +0300

commit

02af8a8a2e1f8319ba5065f5a6f1db485071c7f5

parent

20f013e24b4e284bd041abce25a01a0fa6b72179

4 files changed, 35 insertions(+), 11 deletions(-)

jump to

database.go

masto.go

schema.sql

views/oauthlogin.html

M database.go → database.go

@@ -1192,6 +1192,8 @@ var stmtGetUserCount *sql.Stmt
 var stmtGetActiveUserCount *sql.Stmt
 var stmtGetLocalHonkCount *sql.Stmt
 var stmtSaveMastoApp *sql.Stmt
+var stmtCheckClientId *sql.Stmt
+var stmtSaveMastoAppToken *sql.Stmt
 
 func preparetodie(db *sql.DB, s string) *sql.Stmt {
 	stmt, err := db.Prepare(s)
@@ -1284,5 +1286,7 @@ stmtGetUserCount = preparetodie(db, "select count(*) from users where userid > 0")
 	stmtGetActiveUserCount = preparetodie(db, "select count(distinct honker) from honks where whofore = 2 and dt > ?")
 	stmtGetLocalHonkCount = preparetodie(db, "select count(*) from honks where whofore = 2")
 
-	stmtSaveMastoApp = preparetodie(db, "insert into masto (clientname, redirecturis, scopes, clientid, clientsecret, vapidkey) values (?, ?, ?, ?, ?, ?)")
+	stmtSaveMastoApp = preparetodie(db, "insert into masto (clientname, redirecturis, scopes, clientid, clientsecret, vapidkey, authtoken) values (?, ?, ?, ?, ?, ?)")
+	stmtSaveMastoAppToken = preparetodie(db, "update masto set authtoken = ?")
+	stmtCheckClientId = preparetodie(db, "select clientid from masto where clientid = ?")
 }

M masto.go → masto.go

@@ -10,6 +10,8 @@ )
 
 func showoauthlogin(rw http.ResponseWriter, r *http.Request) {
 	templinfo := make(map[string]interface{})
+	templinfo["ClientID"] = r.Form.Get("client_id")
+	templinfo["RedirectURI"] = r.Form.Get("redirect_uri")
 	templinfo = getInfo(r)
 	if err := readviews.Execute(rw, "oauthlogin.html", templinfo); err != nil {
 		elog.Println(err)
@@ -24,14 +26,14 @@ elog.Println(err)
 		return
 	}
 	clientName := r.Form.Get("client_name")
-	redirectUri := r.Form.Get("redirect_uris")
+	redirectURI := r.Form.Get("redirect_uris")
 	scopes := r.Form.Get("scopes")
 	website := r.Form.Get("website")
 	clientID := tokengen()
 	clientSecret := tokengen()
 	vapidKey := tokengen()
 
-	_, err := stmtSaveMastoApp.Exec(clientName, redirectUri, scopes, clientID, clientSecret, vapidKey)
+	_, err := stmtSaveMastoApp.Exec(clientName, redirectURI, scopes, clientID, clientSecret, vapidKey, "")
 	if err != nil {
 		elog.Printf("error saving masto app: %v", err)
 		http.Error(rw, "error saving masto app", http.StatusUnprocessableEntity)
@@ -42,7 +44,7 @@ j := junk.New()
 	j["id"] = fmt.Sprintf("%d", snowflake())
 	j["website"] = website
 	j["name"] = clientName
-	j["redirect_uri"] = redirectUri
+	j["redirect_uri"] = redirectURI
 	j["client_id"] = clientID
 	j["client_secret"] = clientSecret
 	j["vapid_key"] = vapidKey
@@ -53,11 +55,27 @@ }
 
 // https://docs.joinmastodon.org/methods/oauth/#authorize
 func oauthorize(rw http.ResponseWriter, r *http.Request) {
+	clientID := r.Form.Get("client_id")
+	redirectURI := r.Form.Get("redirect_uri")
+
+	_, err := stmtCheckClientId.Exec(clientID)
+	if err != nil {
+		elog.Println("oauth: no such client:", clientID)
+		rw.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	var nrw NotResponseWriter
 	login.LoginFunc(&nrw, r)
-	dlog.Println("got code!", nrw.auth, len(nrw.auth))
-	rw.WriteHeader(http.StatusOK)
-	return
+
+	_, err = stmtSaveMastoAppToken.Exec(nrw.auth)
+	if err != nil {
+		elog.Println("oauth: failed to save masto app token", err)
+		rw.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	http.Redirect(rw, r, redirectURI+"?code="+nrw.auth, http.StatusFound)
 }
 
 // https://docs.joinmastodon.org/methods/instance/#v2

M schema.sql → schema.sql

@@ -10,7 +10,7 @@ create table onts (ontology text, honkid integer);
 create table honkmeta (honkid integer, genus text, json text);
 create table hfcs (hfcsid integer primary key, userid integer, json text);
 create table tracks (xid text, fetches text);
-create table masto (clientname text, redirecturis text, scopes text);
+create table masto (clientname text, redirecturis text, scopes text, clientid text, clientsecret text, vapidkey text, authtoken text);
 
 create index idx_honksxid on honks(xid);
 create index idx_honksconvoy on honks(convoy);

M views/oauthlogin.html → views/oauthlogin.html

@@ -3,10 +3,12 @@ <main>
 <div class="info">
 <h3>honk oauthorize</h3>
 <form action="/oauth/authorize" method="POST">
-	<p><input tabindex=1 type="text" name="username" autocomplete=off> - username
-	<p><input tabindex=1 type="password" name="password"> - password
+  <p><input tabindex=1 type="text" name="username" autocomplete=off> - username
+  <p><input tabindex=1 type="password" name="password"> - password
   <input type="hidden" name="gettoken" value="1" />
-	<p><button tabindex=1 name="login" value="login">login</button>
+  <input type="hidden" name="client_id" value="{{ .ClientID }}">
+  <input type="hidden" name="redirect_uri" value="{{ .RedirectURI }}">
+  <p><button tabindex=1 name="login" value="login">login</button>
 </form>
 </div>
 </main>

all repos — honk @ 02af8a8a2e1f8319ba5065f5a6f1db485071c7f5

my fork of honk