diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2025-03-03 16:03:36 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-03-03 15:03:36 +0000 |
| commit | 1b37944f8b8eccc2afcfb0f603786209a3b7402d (patch) | |
| tree | 2bc0be27cf0405e16ac3e14efc3b6973eb096b8b /internal/gtsmodel | |
| parent | bumps go-ffmpreg to v0.6.6 (#3866) (diff) | |
| download | gotosocial-1b37944f8b8eccc2afcfb0f603786209a3b7402d.tar.xz | |
[feature] Refactor tokens, allow multiple app redirect_uris (#3849)
* [feature] Refactor tokens, allow multiple app redirect_uris
* move + tweak handlers a bit
* return error for unset oauth2.ClientStore funcs
* wrap UpdateToken with cache
* panic handling
* cheeky little time optimization
* unlock on error
Diffstat (limited to 'internal/gtsmodel')
| -rw-r--r-- | internal/gtsmodel/application.go | 45 | ||||
| -rw-r--r-- | internal/gtsmodel/client.go | 30 | ||||
| -rw-r--r-- | internal/gtsmodel/token.go | 35 |
3 files changed, 50 insertions, 60 deletions
diff --git a/internal/gtsmodel/application.go b/internal/gtsmodel/application.go index 5f2d4f4b1..e8ef3bcf7 100644 --- a/internal/gtsmodel/application.go +++ b/internal/gtsmodel/application.go @@ -17,18 +17,39 @@ package gtsmodel -import "time" +import "strings" -// Application represents an application that can perform actions on behalf of a user. -// It is used to authorize tokens etc, and is associated with an oauth client id in the database. +// Application represents an application that +// can perform actions on behalf of a user. +// +// It is equivalent to an OAuth client. type Application struct { - ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database - CreatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item created - UpdatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated - Name string `bun:",notnull"` // name of the application given when it was created (eg., 'tusky') - Website string `bun:",nullzero"` // website for the application given when it was created (eg., 'https://tusky.app') - RedirectURI string `bun:",nullzero,notnull"` // redirect uri requested by the application for oauth2 flow - ClientID string `bun:"type:CHAR(26),nullzero,notnull"` // id of the associated oauth client entity in the db - ClientSecret string `bun:",nullzero,notnull"` // secret of the associated oauth client entity in the db - Scopes string `bun:",notnull"` // scopes requested when this app was created + ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database + Name string `bun:",notnull"` // name of the application given when it was created (eg., 'tusky') + Website string `bun:",nullzero"` // website for the application given when it was created (eg., 'https://tusky.app') + RedirectURIs []string `bun:"redirect_uris,array"` // redirect uris requested by the application for oauth2 flow + ClientID string `bun:"type:CHAR(26),nullzero,notnull"` // id of the associated oauth client entity in the db + ClientSecret string `bun:",nullzero,notnull"` // secret of the associated oauth client entity in the db + Scopes string `bun:",notnull"` // scopes requested when this app was created + ManagedByUserID string `bun:"type:CHAR(26),nullzero"` // id of the user that manages this application, if it was created through the settings panel +} + +// Implements oauth2.ClientInfo. +func (a *Application) GetID() string { + return a.ClientID +} + +// Implements oauth2.ClientInfo. +func (a *Application) GetSecret() string { + return a.ClientSecret +} + +// Implements oauth2.ClientInfo. +func (a *Application) GetDomain() string { + return strings.Join(a.RedirectURIs, "\n") +} + +// Implements oauth2.ClientInfo. +func (a *Application) GetUserID() string { + return a.ManagedByUserID } diff --git a/internal/gtsmodel/client.go b/internal/gtsmodel/client.go deleted file mode 100644 index 35a85fdbe..000000000 --- a/internal/gtsmodel/client.go +++ /dev/null @@ -1,30 +0,0 @@ -// GoToSocial -// Copyright (C) GoToSocial Authors admin@gotosocial.org -// SPDX-License-Identifier: AGPL-3.0-or-later -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Affero General Public License for more details. -// -// You should have received a copy of the GNU Affero General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -package gtsmodel - -import "time" - -// Client is a wrapper for OAuth client details. -type Client struct { - ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database - CreatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item created - UpdatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated - Secret string `bun:",nullzero,notnull"` // secret generated when client was created - Domain string `bun:",nullzero,notnull"` // domain requested for client - UserID string `bun:"type:CHAR(26),nullzero"` // id of the user that this client acts on behalf of -} diff --git a/internal/gtsmodel/token.go b/internal/gtsmodel/token.go index 0586ae68a..6fe944290 100644 --- a/internal/gtsmodel/token.go +++ b/internal/gtsmodel/token.go @@ -22,22 +22,21 @@ import "time" // Token is a translation of the gotosocial token // with the ExpiresIn fields replaced with ExpiresAt. type Token struct { - ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database - CreatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item created - UpdatedAt time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated - ClientID string `bun:"type:CHAR(26),nullzero,notnull"` // ID of the client who owns this token - UserID string `bun:"type:CHAR(26),nullzero"` // ID of the user who owns this token - RedirectURI string `bun:",nullzero,notnull"` // Oauth redirect URI for this token - Scope string `bun:",notnull"` // Oauth scope - Code string `bun:",pk,nullzero,notnull,default:''"` // Code, if present - CodeChallenge string `bun:",nullzero"` // Code challenge, if code present - CodeChallengeMethod string `bun:",nullzero"` // Code challenge method, if code present - CodeCreateAt time.Time `bun:"type:timestamptz,nullzero"` // Code created time, if code present - CodeExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // Code expires at -- null means the code never expires - Access string `bun:",pk,nullzero,notnull,default:''"` // User level access token, if present - AccessCreateAt time.Time `bun:"type:timestamptz,nullzero"` // User level access token created time, if access present - AccessExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // User level access token expires at -- null means the token never expires - Refresh string `bun:",pk,nullzero,notnull,default:''"` // Refresh token, if present - RefreshCreateAt time.Time `bun:"type:timestamptz,nullzero"` // Refresh created at, if refresh present - RefreshExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // Refresh expires at -- null means the refresh token never expires + ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database + LastUsed time.Time `bun:"type:timestamptz,nullzero"` // approximate time when this token was last used + ClientID string `bun:"type:CHAR(26),nullzero,notnull"` // ID of the client who owns this token + UserID string `bun:"type:CHAR(26),nullzero"` // ID of the user who owns this token + RedirectURI string `bun:",nullzero,notnull"` // Oauth redirect URI for this token + Scope string `bun:",nullzero,notnull,default:'read'"` // Oauth scope // Oauth scope + Code string `bun:",pk,nullzero,notnull,default:''"` // Code, if present + CodeChallenge string `bun:",nullzero"` // Code challenge, if code present + CodeChallengeMethod string `bun:",nullzero"` // Code challenge method, if code present + CodeCreateAt time.Time `bun:"type:timestamptz,nullzero"` // Code created time, if code present + CodeExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // Code expires at -- null means the code never expires + Access string `bun:",pk,nullzero,notnull,default:''"` // User level access token, if present + AccessCreateAt time.Time `bun:"type:timestamptz,nullzero"` // User level access token created time, if access present + AccessExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // User level access token expires at -- null means the token never expires + Refresh string `bun:",pk,nullzero,notnull,default:''"` // Refresh token, if present + RefreshCreateAt time.Time `bun:"type:timestamptz,nullzero"` // Refresh created at, if refresh present + RefreshExpiresAt time.Time `bun:"type:timestamptz,nullzero"` // Refresh expires at -- null means the refresh token never expires } |