metatext-app-ios-iphone-ipad/ServiceLayer/Sources/ServiceLayer/Services/AuthenticationService.swift

// Copyright © 2020 Metabolist. All rights reserved.

import Combine
import Foundation
import Mastodon
import MastodonAPI

public enum AuthenticationError: Error {
    case canceled
}

struct AuthenticationService {
    private let mastodonAPIClient: MastodonAPIClient
    private let webAuthSessionType: WebAuthSession.Type
    private let webAuthSessionContextProvider = WebAuthSessionContextProvider()

    init(url: URL, environment: AppEnvironment) {
        mastodonAPIClient = MastodonAPIClient(session: environment.session, instanceURL: url)
        webAuthSessionType = environment.webAuthSessionType
    }
}

extension AuthenticationService {
    func authenticate() -> AnyPublisher<(AppAuthorization, AccessToken), Error> {
        let authorization = appAuthorization(redirectURI: OAuth.authorizationCallbackURL).share()

        return authorization
            .zip(authorization.flatMap(authenticate(appAuthorization:)))
            .eraseToAnyPublisher()
    }

    func register(_ registration: Registration,
                  id: Identity.Id) -> AnyPublisher<(AppAuthorization, AccessToken), Error> {
        let redirectURI = OAuth.registrationCallbackURL.appendingPathComponent(id.uuidString)
        let authorization = appAuthorization(redirectURI: redirectURI)
            .share()

        return authorization.zip(
            authorization.flatMap { appAuthorization -> AnyPublisher<AccessToken, Error> in
                mastodonAPIClient.request(
                    AccessTokenEndpoint.oauthToken(
                        clientId: appAuthorization.clientId,
                        clientSecret: appAuthorization.clientSecret,
                        grantType: OAuth.registrationGrantType,
                        scopes: OAuth.scopes,
                        code: nil,
                        redirectURI: redirectURI.absoluteString))
                    .flatMap { accessToken -> AnyPublisher<AccessToken, Error> in
                        mastodonAPIClient.accessToken = accessToken.accessToken

                        return mastodonAPIClient.request(AccessTokenEndpoint.accounts(registration))
                    }
                    .eraseToAnyPublisher()
            })
            .eraseToAnyPublisher()
    }
}

private extension AuthenticationService {
    struct OAuth {
        static let clientName = "Metatext"
        static let scopes = "read write follow push"
        static let codeCallbackQueryItemName = "code"
        static let authorizationCodeGrantType = "authorization_code"
        static let registrationGrantType = "client_credentials"
        static let callbackURLScheme = "metatext"
        static let authorizationCallbackURL = URL(string: "\(callbackURLScheme)://oauth.callback")!
        static let registrationCallbackURL = URL(string: "https://metatext.link/confirmation")!
        static let website = URL(string: "https://metabolist.org/metatext")!
    }

    enum OAuthError: Error {
        case codeNotFound
    }

    static func extractCode(oauthCallbackURL: URL) throws -> String {
        guard let queryItems = URLComponents(
                url: oauthCallbackURL,
                resolvingAgainstBaseURL: true)?.queryItems,
              let code = queryItems.first(where: {
                $0.name == OAuth.codeCallbackQueryItemName
              })?.value
        else { throw OAuthError.codeNotFound }

        return code
    }

    func appAuthorization(redirectURI: URL) -> AnyPublisher<AppAuthorization, Error> {
        mastodonAPIClient.request(
            AppAuthorizationEndpoint.apps(
                clientName: OAuth.clientName,
                redirectURI: redirectURI.absoluteString,
                scopes: OAuth.scopes,
                website: OAuth.website))
    }

    func authorizationURL(appAuthorization: AppAuthorization) throws -> URL {
        guard var authorizationURLComponents = URLComponents(
                url: mastodonAPIClient.instanceURL,
                resolvingAgainstBaseURL: true)
        else { throw URLError(.badURL) }

        authorizationURLComponents.path = "/oauth/authorize"
        authorizationURLComponents.queryItems = [
            .init(name: "client_id", value: appAuthorization.clientId),
            .init(name: "scope", value: OAuth.scopes),
            .init(name: "response_type", value: "code"),
            .init(name: "redirect_uri", value: OAuth.authorizationCallbackURL.absoluteString)
        ]

        guard let authorizationURL = authorizationURLComponents.url else {
            throw URLError(.badURL)
        }

        return authorizationURL
    }

    func authenticate(appAuthorization: AppAuthorization) -> AnyPublisher<AccessToken, Error> {
        Just(appAuthorization)
            .tryMap(authorizationURL(appAuthorization:))
            .flatMap {
                webAuthSessionType.publisher(
                    url: $0,
                    callbackURLScheme: OAuth.callbackURLScheme,
                    presentationContextProvider: webAuthSessionContextProvider)
            }
            .mapError { error -> Error in
                if (error as? WebAuthSessionError)?.code == .canceledLogin {
                    return AuthenticationError.canceled as Error
                }

                return error
            }
            .tryMap(Self.extractCode(oauthCallbackURL:))
            .flatMap {
                mastodonAPIClient.request(
                    AccessTokenEndpoint.oauthToken(
                        clientId: appAuthorization.clientId,
                        clientSecret: appAuthorization.clientSecret,
                        grantType: OAuth.authorizationCodeGrantType,
                        scopes: OAuth.scopes,
                        code: $0,
                        redirectURI: OAuth.authorizationCallbackURL.absoluteString))
            }
            .eraseToAnyPublisher()
    }
}
Refactoring 2020-08-09 07:37:04 +02:00			`// Copyright © 2020 Metabolist. All rights reserved.`

			`import Combine`
Sort imports 2020-09-05 04:31:43 +02:00			`import Foundation`
wip 2020-08-31 01:33:11 +02:00			`import Mastodon`
Put Mastodon API code in separate module from entities 2020-09-04 03:55:46 +02:00			`import MastodonAPI`
Refactoring 2020-08-09 07:37:04 +02:00
Refactoring 2020-09-09 03:02:55 +02:00			`public enum AuthenticationError: Error {`
			`case canceled`
			`}`

			`struct AuthenticationService {`
Put Mastodon API code in separate module from entities 2020-09-04 03:55:46 +02:00			`private let mastodonAPIClient: MastodonAPIClient`
Renaming 2020-08-12 11:01:21 +02:00			`private let webAuthSessionType: WebAuthSession.Type`
Refactoring 2020-08-09 07:37:04 +02:00			`private let webAuthSessionContextProvider = WebAuthSessionContextProvider()`

Refactoring 2020-09-09 03:02:55 +02:00			`init(url: URL, environment: AppEnvironment) {`
			`mastodonAPIClient = MastodonAPIClient(session: environment.session, instanceURL: url)`
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`webAuthSessionType = environment.webAuthSessionType`
Refactoring 2020-08-09 07:37:04 +02:00			`}`
			`}`

Refactoring 2020-09-09 03:02:55 +02:00			`extension AuthenticationService {`
			`func authenticate() -> AnyPublisher<(AppAuthorization, AccessToken), Error> {`
Pending accounts 2020-09-13 10:03:08 +02:00			`let authorization = appAuthorization(redirectURI: OAuth.authorizationCallbackURL).share()`
Registrations wip 2020-09-11 11:55:06 +02:00
			`return authorization`
			`.zip(authorization.flatMap(authenticate(appAuthorization:)))`
			`.eraseToAnyPublisher()`
			`}`

The great id cleanup 2020-10-06 00:50:05 +02:00			`func register(_ registration: Registration,`
			`id: Identity.Id) -> AnyPublisher<(AppAuthorization, AccessToken), Error> {`
Pending accounts 2020-09-13 10:03:08 +02:00			`let redirectURI = OAuth.registrationCallbackURL.appendingPathComponent(id.uuidString)`
			`let authorization = appAuthorization(redirectURI: redirectURI)`
Refactoring 2020-09-09 03:02:55 +02:00			`.share()`
Refactoring 2020-08-09 07:37:04 +02:00
Registrations wip 2020-09-11 11:55:06 +02:00			`return authorization.zip(`
			`authorization.flatMap { appAuthorization -> AnyPublisher<AccessToken, Error> in`
			`mastodonAPIClient.request(`
			`AccessTokenEndpoint.oauthToken(`
The great id cleanup 2020-10-06 00:50:05 +02:00			`clientId: appAuthorization.clientId,`
Registrations wip 2020-09-11 11:55:06 +02:00			`clientSecret: appAuthorization.clientSecret,`
			`grantType: OAuth.registrationGrantType,`
			`scopes: OAuth.scopes,`
			`code: nil,`
Pending accounts 2020-09-13 10:03:08 +02:00			`redirectURI: redirectURI.absoluteString))`
Registrations wip 2020-09-11 11:55:06 +02:00			`.flatMap { accessToken -> AnyPublisher<AccessToken, Error> in`
			`mastodonAPIClient.accessToken = accessToken.accessToken`

Refactoring 2020-09-12 04:50:42 +02:00			`return mastodonAPIClient.request(AccessTokenEndpoint.accounts(registration))`
Registrations wip 2020-09-11 11:55:06 +02:00			`}`
			`.eraseToAnyPublisher()`
			`})`
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`.eraseToAnyPublisher()`
Refactoring 2020-08-09 07:37:04 +02:00			`}`
			`}`

Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`private extension AuthenticationService {`
			`struct OAuth {`
			`static let clientName = "Metatext"`
			`static let scopes = "read write follow push"`
			`static let codeCallbackQueryItemName = "code"`
Registrations wip 2020-09-11 11:55:06 +02:00			`static let authorizationCodeGrantType = "authorization_code"`
			`static let registrationGrantType = "client_credentials"`
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`static let callbackURLScheme = "metatext"`
Pending accounts 2020-09-13 10:03:08 +02:00			`static let authorizationCallbackURL = URL(string: "\(callbackURLScheme)://oauth.callback")!`
			`static let registrationCallbackURL = URL(string: "https://metatext.link/confirmation")!`
Change domain 2021-02-15 23:20:59 +01:00			`static let website = URL(string: "https://metabolist.org/metatext")!`
Refactoring 2020-08-09 07:37:04 +02:00			`}`

Remove unneeded localization 2020-08-31 21:01:37 +02:00			`enum OAuthError: Error {`
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`case codeNotFound`
Refactoring 2020-08-09 07:37:04 +02:00			`}`

Refactoring 2020-09-09 03:02:55 +02:00			`static func extractCode(oauthCallbackURL: URL) throws -> String {`
			`guard let queryItems = URLComponents(`
			`url: oauthCallbackURL,`
			`resolvingAgainstBaseURL: true)?.queryItems,`
			`let code = queryItems.first(where: {`
			`$0.name == OAuth.codeCallbackQueryItemName`
			`})?.value`
			`else { throw OAuthError.codeNotFound }`

			`return code`
			`}`

Pending accounts 2020-09-13 10:03:08 +02:00			`func appAuthorization(redirectURI: URL) -> AnyPublisher<AppAuthorization, Error> {`
Registrations wip 2020-09-11 11:55:06 +02:00			`mastodonAPIClient.request(`
			`AppAuthorizationEndpoint.apps(`
			`clientName: OAuth.clientName,`
Pending accounts 2020-09-13 10:03:08 +02:00			`redirectURI: redirectURI.absoluteString,`
Registrations wip 2020-09-11 11:55:06 +02:00			`scopes: OAuth.scopes,`
			`website: OAuth.website))`
			`}`

Refactoring 2020-09-09 03:02:55 +02:00			`func authorizationURL(appAuthorization: AppAuthorization) throws -> URL {`
			`guard var authorizationURLComponents = URLComponents(`
			`url: mastodonAPIClient.instanceURL,`
			`resolvingAgainstBaseURL: true)`
			`else { throw URLError(.badURL) }`
Refactoring 2020-08-09 07:37:04 +02:00
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`authorizationURLComponents.path = "/oauth/authorize"`
			`authorizationURLComponents.queryItems = [`
Refactoring 2020-09-09 03:02:55 +02:00			`.init(name: "client_id", value: appAuthorization.clientId),`
			`.init(name: "scope", value: OAuth.scopes),`
			`.init(name: "response_type", value: "code"),`
Pending accounts 2020-09-13 10:03:08 +02:00			`.init(name: "redirect_uri", value: OAuth.authorizationCallbackURL.absoluteString)`
Refactoring 2020-09-09 03:02:55 +02:00			`]`

			`guard let authorizationURL = authorizationURLComponents.url else {`
			`throw URLError(.badURL)`
			`}`
Refactoring 2020-08-09 07:37:04 +02:00
Refactoring 2020-09-09 03:02:55 +02:00			`return authorizationURL`
			`}`

			`func authenticate(appAuthorization: AppAuthorization) -> AnyPublisher<AccessToken, Error> {`
			`Just(appAuthorization)`
			`.tryMap(authorizationURL(appAuthorization:))`
			`.flatMap {`
			`webAuthSessionType.publisher(`
			`url: $0,`
			`callbackURLScheme: OAuth.callbackURLScheme,`
			`presentationContextProvider: webAuthSessionContextProvider)`
			`}`
			`.mapError { error -> Error in`
			`if (error as? WebAuthSessionError)?.code == .canceledLogin {`
			`return AuthenticationError.canceled as Error`
			`}`

			`return error`
			`}`
			`.tryMap(Self.extractCode(oauthCallbackURL:))`
			`.flatMap {`
			`mastodonAPIClient.request(`
			`AccessTokenEndpoint.oauthToken(`
The great id cleanup 2020-10-06 00:50:05 +02:00			`clientId: appAuthorization.clientId,`
Refactoring 2020-09-09 03:02:55 +02:00			`clientSecret: appAuthorization.clientSecret,`
Registrations wip 2020-09-11 11:55:06 +02:00			`grantType: OAuth.authorizationCodeGrantType,`
Refactoring 2020-09-09 03:02:55 +02:00			`scopes: OAuth.scopes,`
Registrations wip 2020-09-11 11:55:06 +02:00			`code: $0,`
Pending accounts 2020-09-13 10:03:08 +02:00			`redirectURI: OAuth.authorizationCallbackURL.absoluteString))`
Refactoring 2020-09-09 03:02:55 +02:00			`}`
			`.eraseToAnyPublisher()`
Add anonymous instance, lots of refactoring 2020-08-09 13:27:38 +02:00			`}`
			`}`