[frontend] Restructure Frontend Sources (#634)

* 🐸restructure frontend stuff, include admin and future user panel in main repo, properly deduplicate bundles for css+js across uses

* rename bundled to dist, caught by gitignore

* re-include status.css for profile template

* default to localhost

* serve frontend panels

* add todo message for abstraction

* refactor oauth registration flow

* oauth restructure

* update footer template

* change panel routes

* remove superfluous css imports

* write bundle to disk from test server, use forked budo-express

* wrap all page content in container

for robustness with addons etc injection other elements in body

* update documentation, goreleaser, Dockerfile

* update template meta tags

* add AGPL-3.0+ license header everywhere

* only attach update listener on EventEmitter

* cleaner config for various frontend bundles

* fix bundler script paths

* Merge commit 'd191931932b9293ce1be44ed08a1e69b9fcc1e25'

* fix up dockerfile, goreleaser

* go mod tidy

* add uglifyify

* move status hide/show js to frontend bundle

* fix stylesheet color( func regressions

* update contributing docs for new build path

* update goreleaser + docker building

* resolve dependency paths properly

* update package name

* use api errorhandler

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>

1 files changed, 220 insertions, 0 deletions

diff --git a/web/source/lib/oauth.js b/web/source/lib/oauth.js
new file mode 100644
index 000000000..673d4ce83
--- /dev/null
+++ b/web/source/lib/oauth.js
@@ -0,0 +1,220 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+"use strict";
+
+const Promise = require("bluebird");
+
+function getCurrentUrl() {
+	return window.location.origin + window.location.pathname; // strips ?query=string and #hash
+}
+
+module.exports = function oauthClient(config, initState) {
+	/* config: 
+		instance: instance domain (https://testingtesting123.xyz)
+		client_name: "GoToSocial Admin Panel"
+		scope: []
+		website: 
+	*/
+
+	let state = initState;
+	if (initState == undefined) {
+		state = localStorage.getItem("oauth");
+		if (state == undefined) {
+			state = {
+				config
+			};
+			storeState();
+		} else {
+			state = JSON.parse(state);
+		}
+	}
+
+	function storeState() {
+		localStorage.setItem("oauth", JSON.stringify(state));
+	}
+
+	/* register app
+		/api/v1/apps
+	*/
+	function register() {
+		if (state.client_id != undefined) {
+			return true; // we already have a registration
+		}
+		let url = new URL(config.instance);
+		url.pathname = "/api/v1/apps";
+
+		return fetch(url.href, {
+			method: "POST",
+			headers: {
+				'Content-Type': 'application/json'
+			},
+			body: JSON.stringify({
+				client_name: config.client_name,
+				redirect_uris: getCurrentUrl(),
+				scopes: config.scope.join(" "),
+				website: getCurrentUrl()
+			})
+		}).then((res) => {
+			if (res.status != 200) {
+				throw res;
+			}
+			return res.json();
+		}).then((json) => {
+			state.client_id = json.client_id;
+			state.client_secret = json.client_secret;
+			storeState();
+		});
+	}
+	
+	/* authorize:
+		/oauth/authorize
+			?client_id=CLIENT_ID
+			&redirect_uri=window.location.href
+			&response_type=code
+			&scope=admin
+	*/
+	function authorize() {
+		let url = new URL(config.instance);
+		url.pathname = "/oauth/authorize";
+		url.searchParams.set("client_id", state.client_id);
+		url.searchParams.set("redirect_uri", getCurrentUrl());
+		url.searchParams.set("response_type", "code");
+		url.searchParams.set("scope", config.scope.join(" "));
+
+		window.location.assign(url.href);
+	}
+	
+	function callback() {
+		if (state.access_token != undefined) {
+			return; // we're already done :)
+		}
+		let params = (new URL(window.location)).searchParams;
+	
+		let token = params.get("code");
+		if (token != null) {
+			console.log("got token callback:", token);
+		}
+
+		return authorizeToken(token)
+			.catch((e) => {
+				console.log("Error processing oauth callback:", e);
+				logout(); // just to be sure
+			});
+	}
+
+	function authorizeToken(token) {
+		let url = new URL(config.instance);
+		url.pathname = "/oauth/token";
+		return fetch(url.href, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json"
+			},
+			body: JSON.stringify({
+				client_id: state.client_id,
+				client_secret: state.client_secret,
+				redirect_uri: getCurrentUrl(),
+				grant_type: "authorization_code",
+				code: token
+			})
+		}).then((res) => {
+			if (res.status != 200) {
+				throw res;
+			}
+			return res.json();
+		}).then((json) => {
+			state.access_token = json.access_token;
+			storeState();
+			window.location = getCurrentUrl(); // clear ?token=
+		});
+	}
+
+	function isAuthorized() {
+		return (state.access_token != undefined);
+	}
+
+	function apiRequest(path, method, data, type="json") {
+		if (!isAuthorized()) {
+			throw new Error("Not Authenticated");
+		}
+		let url = new URL(config.instance);
+		let [p, s] = path.split("?");
+		url.pathname = p;
+		if (s != undefined) {
+			url.search = s;
+		}
+		let headers = {
+			"Authorization": `Bearer ${state.access_token}`
+		};
+		let body = data;
+		if (type == "json" && body != undefined) {
+			headers["Content-Type"] = "application/json";
+			body = JSON.stringify(data);
+		}
+		return fetch(url.href, {
+			method,
+			headers,
+			body
+		}).then((res) => {
+			return Promise.all([res.json(), res]);
+		}).then(([json, res]) => {
+			if (res.status != 200) {
+				if (json.error) {
+					throw new Error(json.error);
+				} else {
+					throw new Error(`${res.status}: ${res.statusText}`);
+				}
+			} else {
+				return json;
+			}
+		});
+	}
+
+	function logout() {
+		let url = new URL(config.instance);
+		url.pathname = "/oauth/revoke";
+		return fetch(url.href, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json"
+			},
+			body: JSON.stringify({
+				client_id: state.client_id,
+				client_secret: state.client_secret,
+				token: state.access_token,
+			})
+		}).then((res) => {
+			if (res.status != 200) {
+				// GoToSocial doesn't actually implement this route yet,
+				// so error is to be expected
+				return;
+			}
+			return res.json();
+		}).catch(() => {
+			// see above
+		}).then(() => {
+			localStorage.removeItem("oauth");
+			window.location = getCurrentUrl();
+		});
+	}
+
+	return {
+		register, authorize, callback, isAuthorized, apiRequest, logout
+	};
+};