[feature] Application creation + management via API + settings panel (#3906)

* [feature] Application creation + management via API + settings panel

* fix docs links

* add errnorows test

* use known application as shorter

* add comment about side effects

4 files changed, 328 insertions, 0 deletions

diff --git a/internal/processing/application/application.go b/internal/processing/application/application.go
new file mode 100644
index 000000000..4ad35749e
--- /dev/null
+++ b/internal/processing/application/application.go
@@ -0,0 +1,38 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/state"
+	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
+)
+
+type Processor struct {
+	state     *state.State
+	converter *typeutils.Converter
+}
+
+func New(
+	state *state.State,
+	converter *typeutils.Converter,
+) Processor {
+	return Processor{
+		state:     state,
+		converter: converter,
+	}
+}
diff --git a/internal/processing/application/create.go b/internal/processing/application/create.go
new file mode 100644
index 000000000..d1340a39f
--- /dev/null
+++ b/internal/processing/application/create.go
@@ -0,0 +1,116 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/google/uuid"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/id"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+func (p *Processor) Create(
+	ctx context.Context,
+	managedByUserID string,
+	form *apimodel.ApplicationCreateRequest,
+) (*apimodel.Application, gtserror.WithCode) {
+	// Set default 'read' for
+	// scopes if it's not set.
+	var scopes string
+	if form.Scopes == "" {
+		scopes = "read"
+	} else {
+		scopes = form.Scopes
+	}
+
+	// Normalize + parse requested redirect URIs.
+	form.RedirectURIs = strings.TrimSpace(form.RedirectURIs)
+	var redirectURIs []string
+	if form.RedirectURIs != "" {
+		// Redirect URIs can be just one value, or can be passed
+		// as a newline-separated list of strings. Ensure each URI
+		// is parseable + normalize it by reconstructing from *url.URL.
+		// Also ensure we don't add multiple copies of the same URI.
+		redirectStrs := strings.Split(form.RedirectURIs, "\n")
+		added := make(map[string]struct{}, len(redirectStrs))
+
+		for _, redirectStr := range redirectStrs {
+			redirectStr = strings.TrimSpace(redirectStr)
+			if redirectStr == "" {
+				continue
+			}
+
+			redirectURI, err := url.Parse(redirectStr)
+			if err != nil {
+				errText := fmt.Sprintf("error parsing redirect URI: %v", err)
+				return nil, gtserror.NewErrorBadRequest(err, errText)
+			}
+
+			redirectURIStr := redirectURI.String()
+			if _, alreadyAdded := added[redirectURIStr]; !alreadyAdded {
+				redirectURIs = append(redirectURIs, redirectURIStr)
+				added[redirectURIStr] = struct{}{}
+			}
+		}
+
+		if len(redirectURIs) == 0 {
+			errText := "no redirect URIs left after trimming space"
+			return nil, gtserror.NewErrorBadRequest(errors.New(errText), errText)
+		}
+	} else {
+		// No redirect URI(s) provided, just set default oob.
+		redirectURIs = append(redirectURIs, oauth.OOBURI)
+	}
+
+	// Generate random client ID.
+	clientID, err := id.NewRandomULID()
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	// Generate + store app
+	// to put in the database.
+	app := &gtsmodel.Application{
+		ID:              id.NewULID(),
+		Name:            form.ClientName,
+		Website:         form.Website,
+		RedirectURIs:    redirectURIs,
+		ClientID:        clientID,
+		ClientSecret:    uuid.NewString(),
+		Scopes:          scopes,
+		ManagedByUserID: managedByUserID,
+	}
+	if err := p.state.DB.PutApplication(ctx, app); err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return apiApp, nil
+}
diff --git a/internal/processing/application/delete.go b/internal/processing/application/delete.go
new file mode 100644
index 000000000..02f5e4bfa
--- /dev/null
+++ b/internal/processing/application/delete.go
@@ -0,0 +1,70 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"context"
+	"errors"
+
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+func (p *Processor) Delete(
+	ctx context.Context,
+	userID string,
+	appID string,
+) (*apimodel.Application, gtserror.WithCode) {
+	app, err := p.state.DB.GetApplicationByID(ctx, appID)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err := gtserror.Newf("db error getting app %s: %w", appID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if app == nil {
+		err := gtserror.Newf("app %s not found in the db", appID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	if app.ManagedByUserID != userID {
+		err := gtserror.Newf("app %s not managed by user %s", appID, userID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	// Convert app before deletion.
+	apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+	if err != nil {
+		err := gtserror.Newf("error converting app to api app: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	// Delete app itself.
+	if err := p.state.DB.DeleteApplicationByID(ctx, appID); err != nil {
+		err := gtserror.Newf("db error deleting app %s: %w", appID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	// Delete all tokens owned by app.
+	if err := p.state.DB.DeleteTokensByClientID(ctx, app.ClientID); err != nil {
+		err := gtserror.Newf("db error deleting tokens for app %s: %w", appID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return apiApp, nil
+}
diff --git a/internal/processing/application/get.go b/internal/processing/application/get.go
new file mode 100644
index 000000000..0a3eb8e04
--- /dev/null
+++ b/internal/processing/application/get.go
@@ -0,0 +1,104 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package application
+
+import (
+	"context"
+	"errors"
+
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/log"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
+)
+
+func (p *Processor) Get(
+	ctx context.Context,
+	userID string,
+	appID string,
+) (*apimodel.Application, gtserror.WithCode) {
+	app, err := p.state.DB.GetApplicationByID(ctx, appID)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err := gtserror.Newf("db error getting app %s: %w", appID, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if app == nil {
+		err := gtserror.Newf("app %s not found in the db", appID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	if app.ManagedByUserID != userID {
+		err := gtserror.Newf("app %s not managed by user %s", appID, userID)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+	if err != nil {
+		err := gtserror.Newf("error converting app to api app: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return apiApp, nil
+}
+
+func (p *Processor) GetPage(
+	ctx context.Context,
+	userID string,
+	page *paging.Page,
+) (*apimodel.PageableResponse, gtserror.WithCode) {
+	apps, err := p.state.DB.GetApplicationsManagedByUserID(ctx, userID, page)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err := gtserror.Newf("db error getting apps: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	count := len(apps)
+	if count == 0 {
+		return paging.EmptyResponse(), nil
+	}
+
+	var (
+		// Get the lowest and highest
+		// ID values, used for paging.
+		lo = apps[count-1].ID
+		hi = apps[0].ID
+
+		// Best-guess items length.
+		items = make([]interface{}, 0, count)
+	)
+
+	for _, app := range apps {
+		apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
+		if err != nil {
+			log.Errorf(ctx, "error converting app to api app: %v", err)
+			continue
+		}
+
+		// Append req to return items.
+		items = append(items, apiApp)
+	}
+
+	return paging.PackageResponse(paging.ResponseParams{
+		Items: items,
+		Path:  "/api/v1/apps",
+		Next:  page.Next(lo, hi),
+		Prev:  page.Prev(lo, hi),
+	}), nil
+}