diff options
Diffstat (limited to 'internal/processing/app.go')
| -rw-r--r-- | internal/processing/app.go | 58 |
1 files changed, 31 insertions, 27 deletions
diff --git a/internal/processing/app.go b/internal/processing/app.go index 2a43c5212..c9bd4eb68 100644 --- a/internal/processing/app.go +++ b/internal/processing/app.go @@ -19,6 +19,9 @@ package processing import ( "context" + "fmt" + "net/url" + "strings" "github.com/google/uuid" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" @@ -26,10 +29,12 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/id" + "github.com/superseriousbusiness/gotosocial/internal/oauth" ) func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) { - // set default 'read' for scopes if it's not set + // Set default 'read' for + // scopes if it's not set. var scopes string if form.Scopes == "" { scopes = "read" @@ -37,48 +42,47 @@ func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *a scopes = form.Scopes } - // generate new IDs for this application and its associated client - clientID, err := id.NewRandomULID() - if err != nil { - return nil, gtserror.NewErrorInternalError(err) + // Normalize + parse requested redirect URIs. + form.RedirectURIs = strings.TrimSpace(form.RedirectURIs) + var redirectURIs []string + if form.RedirectURIs != "" { + // Redirect URIs can be just one value, or can be passed + // as a newline-separated list of strings. Ensure each URI + // is parseable + normalize it by reconstructing from *url.URL. + for _, redirectStr := range strings.Split(form.RedirectURIs, "\n") { + redirectURI, err := url.Parse(redirectStr) + if err != nil { + errText := fmt.Sprintf("error parsing redirect URI: %v", err) + return nil, gtserror.NewErrorBadRequest(err, errText) + } + redirectURIs = append(redirectURIs, redirectURI.String()) + } + } else { + // No redirect URI(s) provided, just set default oob. + redirectURIs = append(redirectURIs, oauth.OOBURI) } - clientSecret := uuid.NewString() - appID, err := id.NewRandomULID() + // Generate random client ID. + clientID, err := id.NewRandomULID() if err != nil { return nil, gtserror.NewErrorInternalError(err) } - // generate the application to put in the database + // Generate + store app + // to put in the database. app := >smodel.Application{ - ID: appID, + ID: id.NewULID(), Name: form.ClientName, Website: form.Website, - RedirectURI: form.RedirectURIs, + RedirectURIs: redirectURIs, ClientID: clientID, - ClientSecret: clientSecret, + ClientSecret: uuid.NewString(), Scopes: scopes, } - - // chuck it in the db if err := p.state.DB.PutApplication(ctx, app); err != nil { return nil, gtserror.NewErrorInternalError(err) } - // now we need to model an oauth client from the application that the oauth library can use - oc := >smodel.Client{ - ID: clientID, - Secret: clientSecret, - Domain: form.RedirectURIs, - // This client isn't yet associated with a specific user, it's just an app client right now - UserID: "", - } - - // chuck it in the db - if err := p.state.DB.PutClient(ctx, oc); err != nil { - return nil, gtserror.NewErrorInternalError(err) - } - apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app) if err != nil { return nil, gtserror.NewErrorInternalError(err) |