diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-06-11 10:39:39 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-06-11 10:39:39 +0200 |
| commit | 694a49058951de31cca4ea061e2c08d44e712612 (patch) | |
| tree | 8509cb95f41faaf15d4352707617bff17300978d /internal/oauth/server.go | |
| parent | [bugfix] Make accounts media_only query also work with pg (#643) (diff) | |
| download | gotosocial-694a49058951de31cca4ea061e2c08d44e712612.tar.xz | |
[feature] Add `created_at` and `error_description` to `/oauth/token` endpoint (#645)
* start fiddling about with oauth server
* start returning more helpful errors from oauth
* test helpful(ish) token errors
* add missing license header
Diffstat (limited to 'internal/oauth/server.go')
| -rw-r--r-- | internal/oauth/server.go | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/internal/oauth/server.go b/internal/oauth/server.go index bfe615832..4dcc41ceb 100644 --- a/internal/oauth/server.go +++ b/internal/oauth/server.go @@ -25,6 +25,7 @@ import ( "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/oauth2/v4" "github.com/superseriousbusiness/oauth2/v4/errors" "github.com/superseriousbusiness/oauth2/v4/manage" @@ -52,7 +53,7 @@ const ( // Server wraps some oauth2 server functions in an interface, exposing only what is needed type Server interface { - HandleTokenRequest(w http.ResponseWriter, r *http.Request) error + HandleTokenRequest(r *http.Request) (map[string]interface{}, gtserror.WithCode) HandleAuthorizeRequest(w http.ResponseWriter, r *http.Request) error ValidationBearerToken(r *http.Request) (oauth2.TokenInfo, error) GenerateUserAccessToken(ctx context.Context, ti oauth2.TokenInfo, clientSecret string, userID string) (accessToken oauth2.TokenInfo, err error) @@ -116,8 +117,25 @@ func New(ctx context.Context, database db.Basic) Server { } // HandleTokenRequest wraps the oauth2 library's HandleTokenRequest function -func (s *s) HandleTokenRequest(w http.ResponseWriter, r *http.Request) error { - return s.server.HandleTokenRequest(w, r) +func (s *s) HandleTokenRequest(r *http.Request) (map[string]interface{}, gtserror.WithCode) { + ctx := r.Context() + + gt, tgr, err := s.server.ValidationTokenRequest(r) + if err != nil { + help := fmt.Sprintf("could not validate token request: %s", err) + return nil, gtserror.NewErrorBadRequest(err, help) + } + + ti, err := s.server.GetAccessToken(ctx, gt, tgr) + if err != nil { + help := fmt.Sprintf("could not get access token: %s", err) + return nil, gtserror.NewErrorBadRequest(err, help) + } + + data := s.server.GetTokenData(ti) + data["created_at"] = ti.GetAccessCreateAt().Unix() + + return data, nil } // HandleAuthorizeRequest wraps the oauth2 library's HandleAuthorizeRequest function |