SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

allow showing just code

Browse Source
This commit is contained in:
tsmethurst
2021-03-20 00:18:44 +01:00
parent fd02a7dfbe
commit b915f427be
2 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
internal/oauth/oauth.go
View File

@ -36,8 +36,6 @@ import (
"golang.org/x/crypto/bcrypt"
)
const methodAny = "ANY"
type API struct {
manager *manage.Manager
server *server.Server
@ -107,7 +105,7 @@ func (a *API) AddRoutes(s api.Server) error {
s.AttachHandler(http.MethodGet, "/auth/sign_in", a.SignInGETHandler)
s.AttachHandler(http.MethodPost, "/auth/sign_in", a.SignInPOSTHandler)
s.AttachHandler(http.MethodPost, "/oauth/token", a.TokenHandler)
s.AttachHandler(http.MethodPost, "/oauth/token", a.TokenPOSTHandler)
s.AttachHandler(http.MethodGet, "/oauth/authorize", a.AuthorizeGETHandler)
s.AttachHandler(http.MethodPost, "/oauth/authorize", a.AuthorizePOSTHandler)
@ -161,10 +159,10 @@ func (a *API) SignInPOSTHandler(c *gin.Context) {
c.Redirect(http.StatusFound, "/oauth/authorize")
}
// TokenHandler should be served as a POST at https://example.org/oauth/token
// TokenPOSTHandler should be served as a POST at https://example.org/oauth/token
// The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.
// See https://docs.joinmastodon.org/methods/apps/oauth/#obtain-a-token
func (a *API) TokenHandler(c *gin.Context) {
func (a *API) TokenPOSTHandler(c *gin.Context) {
l := a.log.WithField("func", "TokenHandler")
l.Trace("entered token handler, will now go to server.HandleTokenRequest")
if err := a.server.HandleTokenRequest(c.Writer, c.Request); err != nil {
@ -211,8 +209,14 @@ func (a *API) AuthorizeGETHandler(c *gin.Context) {
return
}
l.Trace("serving authorize html")
c.HTML(http.StatusOK, "authorize.tmpl", gin.H{})
code := &code{}
if err := c.Bind(code); err != nil || code.Code == "" {
// no code yet, serve auth html and let the user confirm
l.Trace("serving authorize html")
c.HTML(http.StatusOK, "authorize.tmpl", gin.H{})
return
}
c.String(http.StatusOK, code.Code)
}
// AuthorizePOSTHandler should be served as POST at https://example.org/oauth/authorize
@ -254,6 +258,10 @@ func (a *API) AuthorizePOSTHandler(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "session missing redirect_uri"})
return
} else {
// todo: explain this little hack
if v == "urn:ietf:wg:oauth:2.0:oob" {
v = "http://localhost:8080/oauth/authorize"
}
values.Add("redirect_uri", v)
}