More mastoapi work.

author: default 2023-04-08 09:09:43 +0200
committer: default 2023-04-08 09:09:43 +0200
commit: 4964a564560fb81a505179ae7d9730d2231a743c (patch)
tree: f8061836eec76123af0b325f3b59e2b215e2a21f
parent: Added some OAuth scaffold code. (diff)
download: snac2-4964a564560fb81a505179ae7d9730d2231a743c.tar.gz
snac2-4964a564560fb81a505179ae7d9730d2231a743c.tar.xz
snac2-4964a564560fb81a505179ae7d9730d2231a743c.zip
3 files changed, 88 insertions, 18 deletions
diff --git a/httpd.c b/httpd.c
index e220d29..6d7b76e 100644
--- a/httpd.c
+++ b/httpd.c
@@ -177,6 +177,9 @@ void httpd_connection(FILE *f)
            status = activitypub_get_handler(req, q_path, &body, &b_size, &ctype);
        if (status == 0)
+            status = oauth_get_handler(req, q_path, &body, &b_size, &ctype);
+        if (status == 0)
            status = html_get_handler(req, q_path, &body, &b_size, &ctype);
    }
    else
diff --git a/mastoapi.c b/mastoapi.c
index 9f9de13..06a74cd 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -8,14 +8,40 @@
 #include "snac.h"
-int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+static xs_str *random_str(void)
+/* just what is says in the tin */
+{
+    unsigned int data[4] = {0};
+    FILE *f;
+    if ((f = fopen("/dev/random", "r")) != NULL) {
+        fread(data, sizeof(data), 1, f);
+        fclose(f);
+    }
+    else {
+        data[0] = random() % 0xffffffff;
+        data[1] = random() % 0xffffffff;
+        data[2] = random() % 0xffffffff;
+        data[3] = random() % 0xffffffff;
+    }
+    return xs_hex_enc((char *)data, sizeof(data));
+}
+int oauth_get_handler(const xs_dict *req, const char *q_path,
                      char **body, int *b_size, char **ctype)
 {
    if (!xs_startswith(q_path, "/oauth/"))
        return 0;
+    {
+        xs *j = xs_json_dumps_pp(req, 4);
+        printf("oauth:\n%s\n", j);
+    }
    int status   = 404;
-    xs_dict *msg = xs_dict_get(req, "p_vars");
+    xs_dict *msg = xs_dict_get(req, "q_vars");
    xs *cmd      = xs_replace(q_path, "/oauth", "");
    if (strcmp(cmd, "/authorize") == 0) {
@@ -25,11 +51,32 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
        const char *scope = xs_dict_get(msg, "scope");
        if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
+            /* redirect to an identification page */
+            status = 303;
+//            *body  = xs_fmt("%s/test1/admin?redir=%s", srv_baseurl, ruri);
+            *body  = xs_fmt("%s/test1/admin", srv_baseurl);
        }
        else
            status = 400;
    }
-    else
+    return status;
+}
+int oauth_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
+                      char **body, int *b_size, char **ctype)
+{
+    if (!xs_startswith(q_path, "/oauth/"))
+        return 0;
+    int status   = 404;
+    xs_dict *msg = xs_dict_get(req, "p_vars");
+    xs *cmd      = xs_replace(q_path, "/oauth", "");
+    printf("oauth: %s\n", q_path);
    if (strcmp(cmd, "/token") == 0) {
        const char *gtype = xs_dict_get(msg, "grant_type");
        const char *code  = xs_dict_get(msg, "code");
@@ -39,10 +86,11 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
        const char *scope = xs_dict_get(msg, "scope");
        if (gtype && code && cid && csec && ruri) {
-            xs *rsp = xs_dict_new();
+            xs *rsp   = xs_dict_new();
-            xs *cat = xs_number_new(time(NULL));
+            xs *cat   = xs_number_new(time(NULL));
+            xs *token = random_str();
-            rsp = xs_dict_append(rsp, "access_token", "abcde");
+            rsp = xs_dict_append(rsp, "access_token", token);
            rsp = xs_dict_append(rsp, "token_type",   "Bearer");
            rsp = xs_dict_append(rsp, "scope",        scope);
            rsp = xs_dict_append(rsp, "created_at",   cat);
@@ -56,13 +104,25 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
    }
    else
    if (strcmp(cmd, "/revoke") == 0) {
+        const char *cid   = xs_dict_get(msg, "client_id");
+        const char *csec  = xs_dict_get(msg, "client_secret");
+        const char *token = xs_dict_get(msg, "token");
+        if (cid && csec && token) {
+            *body  = xs_str_new("{}");
+            *ctype = "application/json";
+            status = 200;
+        }
+        else
+            status = 400;
    }
    return status;
 }
-int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+int mastoapi_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
                      char **body, int *b_size, char **ctype)
 {
    if (!xs_startswith(q_path, "/api/v1/"))
@@ -96,15 +156,18 @@ int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
        const char *ruri = xs_dict_get(msg, "redirect_uris");
        if (name && ruri) {
-            xs *app = xs_dict_new();
+            xs *app  = xs_dict_new();
-            xs *id  = xs_replace_i(tid(0), ".", "");
+            xs *id   = xs_replace_i(tid(0), ".", "");
+            xs *cid  = random_str();
-            app = xs_dict_append(app, "name", name);
+            xs *csec = random_str();
-            app = xs_dict_append(app, "redirect_uri", ruri);
+            xs *vkey = random_str();
-            app = xs_dict_append(app, "client_id", "abcde");
-            app = xs_dict_append(app, "client_secret", "abcde");
+            app = xs_dict_append(app, "name",          name);
-            app = xs_dict_append(app, "vapid_key", "abcde");
+            app = xs_dict_append(app, "redirect_uri",  ruri);
-            app = xs_dict_append(app, "id", id);
+            app = xs_dict_append(app, "client_id",     cid);
+            app = xs_dict_append(app, "client_secret", csec);
+            app = xs_dict_append(app, "vapid_key",     vkey);
+            app = xs_dict_append(app, "id",            id);
            *body  = xs_json_dumps_pp(app, 4);
            *ctype = "application/json";
diff --git a/snac.h b/snac.h
index 438768a..f1960a3 100644
--- a/snac.h
+++ b/snac.h
@@ -224,7 +224,11 @@ int job_fifo_ready(void);
 void job_post(const xs_val *job, int urgent);
 void job_wait(xs_val **job);
-int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+int mastoapi_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
                      char **body, int *b_size, char **ctype);
-int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+int oauth_get_handler(const xs_dict *req, const char *q_path,
+                      char **body, int *b_size, char **ctype);
+int oauth_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
                      char **body, int *b_size, char **ctype);
author	default	2023-04-08 09:09:43 +0200
committer	default	2023-04-08 09:09:43 +0200
commit	4964a564560fb81a505179ae7d9730d2231a743c (patch)
tree	f8061836eec76123af0b325f3b59e2b215e2a21f
parent	Added some OAuth scaffold code. (diff)
download	snac2-4964a564560fb81a505179ae7d9730d2231a743c.tar.gz snac2-4964a564560fb81a505179ae7d9730d2231a743c.tar.xz snac2-4964a564560fb81a505179ae7d9730d2231a743c.zip

diff --git a/httpd.c b/httpd.c index e220d29..6d7b76e 100644 --- a/httpd.c +++ b/httpd.c
@@ -177,6 +177,9 @@ void httpd_connection(FILE *f)
177	status = activitypub_get_handler(req, q_path, &body, &b_size, &ctype);	177	status = activitypub_get_handler(req, q_path, &body, &b_size, &ctype);
178		178
179	if (status == 0)	179	if (status == 0)
		180	status = oauth_get_handler(req, q_path, &body, &b_size, &ctype);
		181
		182	if (status == 0)
180	status = html_get_handler(req, q_path, &body, &b_size, &ctype);	183	status = html_get_handler(req, q_path, &body, &b_size, &ctype);
181	}	184	}
182	else	185	else


diff --git a/mastoapi.c b/mastoapi.c index 9f9de13..06a74cd 100644 --- a/mastoapi.c +++ b/mastoapi.c
@@ -8,14 +8,40 @@
8		8
9	#include "snac.h"	9	#include "snac.h"
10		10
11	int oauth_post_handler(xs_dict req, char q_path, char *payload, int p_size,	11	static xs_str *random_str(void)
		12	/* just what is says in the tin */
		13	{
		14	unsigned int data[4] = {0};
		15	FILE *f;
		16
		17	if ((f = fopen("/dev/random", "r")) != NULL) {
		18	fread(data, sizeof(data), 1, f);
		19	fclose(f);
		20	}
		21	else {
		22	data[0] = random() % 0xffffffff;
		23	data[1] = random() % 0xffffffff;
		24	data[2] = random() % 0xffffffff;
		25	data[3] = random() % 0xffffffff;
		26	}
		27
		28	return xs_hex_enc((char *)data, sizeof(data));
		29	}
		30
		31
		32	int oauth_get_handler(const xs_dict req, const char q_path,
12	char *body, int b_size, char **ctype)	33	char *body, int b_size, char **ctype)
13	{	34	{
14	if (!xs_startswith(q_path, "/oauth/"))	35	if (!xs_startswith(q_path, "/oauth/"))
15	return 0;	36	return 0;
16		37
		38	{
		39	xs *j = xs_json_dumps_pp(req, 4);
		40	printf("oauth:\n%s\n", j);
		41	}
		42
17	int status = 404;	43	int status = 404;
18	xs_dict *msg = xs_dict_get(req, "p_vars");	44	xs_dict *msg = xs_dict_get(req, "q_vars");
19	xs *cmd = xs_replace(q_path, "/oauth", "");	45	xs *cmd = xs_replace(q_path, "/oauth", "");
20		46
21	if (strcmp(cmd, "/authorize") == 0) {	47	if (strcmp(cmd, "/authorize") == 0) {
@@ -25,11 +51,32 @@ int oauth_post_handler(xs_dict req, char q_path, char *payload, int p_size,
25	const char *scope = xs_dict_get(msg, "scope");	51	const char *scope = xs_dict_get(msg, "scope");
26		52
27	if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {	53	if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
		54	/* redirect to an identification page */
		55	status = 303;
		56	// *body = xs_fmt("%s/test1/admin?redir=%s", srv_baseurl, ruri);
		57	*body = xs_fmt("%s/test1/admin", srv_baseurl);
28	}	58	}
29	else	59	else
30	status = 400;	60	status = 400;
31	}	61	}
32	else	62
		63	return status;
		64	}
		65
		66
		67	int oauth_post_handler(const xs_dict req, const char q_path,
		68	const char *payload, int p_size,
		69	char *body, int b_size, char **ctype)
		70	{
		71	if (!xs_startswith(q_path, "/oauth/"))
		72	return 0;
		73
		74	int status = 404;
		75	xs_dict *msg = xs_dict_get(req, "p_vars");
		76	xs *cmd = xs_replace(q_path, "/oauth", "");
		77
		78	printf("oauth: %s\n", q_path);
		79
33	if (strcmp(cmd, "/token") == 0) {	80	if (strcmp(cmd, "/token") == 0) {
34	const char *gtype = xs_dict_get(msg, "grant_type");	81	const char *gtype = xs_dict_get(msg, "grant_type");
35	const char *code = xs_dict_get(msg, "code");	82	const char *code = xs_dict_get(msg, "code");
@@ -39,10 +86,11 @@ int oauth_post_handler(xs_dict req, char q_path, char *payload, int p_size,
39	const char *scope = xs_dict_get(msg, "scope");	86	const char *scope = xs_dict_get(msg, "scope");
40		87
41	if (gtype && code && cid && csec && ruri) {	88	if (gtype && code && cid && csec && ruri) {
42	xs *rsp = xs_dict_new();	89	xs *rsp = xs_dict_new();
43	xs *cat = xs_number_new(time(NULL));	90	xs *cat = xs_number_new(time(NULL));
		91	xs *token = random_str();
44		92
45	rsp = xs_dict_append(rsp, "access_token", "abcde");	93	rsp = xs_dict_append(rsp, "access_token", token);
46	rsp = xs_dict_append(rsp, "token_type", "Bearer");	94	rsp = xs_dict_append(rsp, "token_type", "Bearer");
47	rsp = xs_dict_append(rsp, "scope", scope);	95	rsp = xs_dict_append(rsp, "scope", scope);
48	rsp = xs_dict_append(rsp, "created_at", cat);	96	rsp = xs_dict_append(rsp, "created_at", cat);
@@ -56,13 +104,25 @@ int oauth_post_handler(xs_dict req, char q_path, char *payload, int p_size,
56	}	104	}
57	else	105	else
58	if (strcmp(cmd, "/revoke") == 0) {	106	if (strcmp(cmd, "/revoke") == 0) {
		107	const char *cid = xs_dict_get(msg, "client_id");
		108	const char *csec = xs_dict_get(msg, "client_secret");
		109	const char *token = xs_dict_get(msg, "token");
		110
		111	if (cid && csec && token) {
		112	*body = xs_str_new("{}");
		113	*ctype = "application/json";
		114	status = 200;
		115	}
		116	else
		117	status = 400;
59	}	118	}
60		119
61	return status;	120	return status;
62	}	121	}
63		122
64		123
65	int mastoapi_post_handler(xs_dict req, char q_path, char *payload, int p_size,	124	int mastoapi_post_handler(const xs_dict req, const char q_path,
		125	const char *payload, int p_size,
66	char *body, int b_size, char **ctype)	126	char *body, int b_size, char **ctype)
67	{	127	{
68	if (!xs_startswith(q_path, "/api/v1/"))	128	if (!xs_startswith(q_path, "/api/v1/"))
@@ -96,15 +156,18 @@ int mastoapi_post_handler(xs_dict req, char q_path, char *payload, int p_size,
96	const char *ruri = xs_dict_get(msg, "redirect_uris");	156	const char *ruri = xs_dict_get(msg, "redirect_uris");
97		157
98	if (name && ruri) {	158	if (name && ruri) {
99	xs *app = xs_dict_new();	159	xs *app = xs_dict_new();
100	xs *id = xs_replace_i(tid(0), ".", "");	160	xs *id = xs_replace_i(tid(0), ".", "");
101		161	xs *cid = random_str();
102	app = xs_dict_append(app, "name", name);	162	xs *csec = random_str();
103	app = xs_dict_append(app, "redirect_uri", ruri);	163	xs *vkey = random_str();
104	app = xs_dict_append(app, "client_id", "abcde");	164
105	app = xs_dict_append(app, "client_secret", "abcde");	165	app = xs_dict_append(app, "name", name);
106	app = xs_dict_append(app, "vapid_key", "abcde");	166	app = xs_dict_append(app, "redirect_uri", ruri);
107	app = xs_dict_append(app, "id", id);	167	app = xs_dict_append(app, "client_id", cid);
		168	app = xs_dict_append(app, "client_secret", csec);
		169	app = xs_dict_append(app, "vapid_key", vkey);
		170	app = xs_dict_append(app, "id", id);
108		171
109	*body = xs_json_dumps_pp(app, 4);	172	*body = xs_json_dumps_pp(app, 4);
110	*ctype = "application/json";	173	*ctype = "application/json";


diff --git a/snac.h b/snac.h index 438768a..f1960a3 100644 --- a/snac.h +++ b/snac.h
@@ -224,7 +224,11 @@ int job_fifo_ready(void);
224	void job_post(const xs_val *job, int urgent);	224	void job_post(const xs_val *job, int urgent);
225	void job_wait(xs_val **job);	225	void job_wait(xs_val **job);
226		226
227	int mastoapi_post_handler(xs_dict req, char q_path, char *payload, int p_size,	227	int mastoapi_post_handler(const xs_dict req, const char q_path,
		228	const char *payload, int p_size,
228	char *body, int b_size, char **ctype);	229	char *body, int b_size, char **ctype);
229	int oauth_post_handler(xs_dict req, char q_path, char *payload, int p_size,	230	int oauth_get_handler(const xs_dict req, const char q_path,
		231	char *body, int b_size, char **ctype);
		232	int oauth_post_handler(const xs_dict req, const char q_path,
		233	const char *payload, int p_size,
230	char *body, int b_size, char **ctype);	234	char *body, int b_size, char **ctype);