diff --git a/httpd.c b/httpd.c index e220d29..6d7b76e 100644 --- a/httpd.c +++ b/httpd.c @@ -176,6 +176,9 @@ void httpd_connection(FILE *f) if (status == 0) status = activitypub_get_handler(req, q_path, &body, &b_size, &ctype); + if (status == 0) + status = oauth_get_handler(req, q_path, &body, &b_size, &ctype); + if (status == 0) status = html_get_handler(req, q_path, &body, &b_size, &ctype); } diff --git a/mastoapi.c b/mastoapi.c index 9f9de13..06a74cd 100644 --- a/mastoapi.c +++ b/mastoapi.c @@ -8,14 +8,40 @@ #include "snac.h" -int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, +static xs_str *random_str(void) +/* just what is says in the tin */ +{ + unsigned int data[4] = {0}; + FILE *f; + + if ((f = fopen("/dev/random", "r")) != NULL) { + fread(data, sizeof(data), 1, f); + fclose(f); + } + else { + data[0] = random() % 0xffffffff; + data[1] = random() % 0xffffffff; + data[2] = random() % 0xffffffff; + data[3] = random() % 0xffffffff; + } + + return xs_hex_enc((char *)data, sizeof(data)); +} + + +int oauth_get_handler(const xs_dict *req, const char *q_path, char **body, int *b_size, char **ctype) { if (!xs_startswith(q_path, "/oauth/")) return 0; + { + xs *j = xs_json_dumps_pp(req, 4); + printf("oauth:\n%s\n", j); + } + int status = 404; - xs_dict *msg = xs_dict_get(req, "p_vars"); + xs_dict *msg = xs_dict_get(req, "q_vars"); xs *cmd = xs_replace(q_path, "/oauth", ""); if (strcmp(cmd, "/authorize") == 0) { @@ -25,11 +51,32 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, const char *scope = xs_dict_get(msg, "scope"); if (cid && ruri && rtype && strcmp(rtype, "code") == 0) { + /* redirect to an identification page */ + status = 303; +// *body = xs_fmt("%s/test1/admin?redir=%s", srv_baseurl, ruri); + *body = xs_fmt("%s/test1/admin", srv_baseurl); } else status = 400; } - else + + return status; +} + + +int oauth_post_handler(const xs_dict *req, const char *q_path, + const char *payload, int p_size, + char **body, int *b_size, char **ctype) +{ + if (!xs_startswith(q_path, "/oauth/")) + return 0; + + int status = 404; + xs_dict *msg = xs_dict_get(req, "p_vars"); + xs *cmd = xs_replace(q_path, "/oauth", ""); + + printf("oauth: %s\n", q_path); + if (strcmp(cmd, "/token") == 0) { const char *gtype = xs_dict_get(msg, "grant_type"); const char *code = xs_dict_get(msg, "code"); @@ -39,10 +86,11 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, const char *scope = xs_dict_get(msg, "scope"); if (gtype && code && cid && csec && ruri) { - xs *rsp = xs_dict_new(); - xs *cat = xs_number_new(time(NULL)); + xs *rsp = xs_dict_new(); + xs *cat = xs_number_new(time(NULL)); + xs *token = random_str(); - rsp = xs_dict_append(rsp, "access_token", "abcde"); + rsp = xs_dict_append(rsp, "access_token", token); rsp = xs_dict_append(rsp, "token_type", "Bearer"); rsp = xs_dict_append(rsp, "scope", scope); rsp = xs_dict_append(rsp, "created_at", cat); @@ -56,13 +104,25 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, } else if (strcmp(cmd, "/revoke") == 0) { + const char *cid = xs_dict_get(msg, "client_id"); + const char *csec = xs_dict_get(msg, "client_secret"); + const char *token = xs_dict_get(msg, "token"); + + if (cid && csec && token) { + *body = xs_str_new("{}"); + *ctype = "application/json"; + status = 200; + } + else + status = 400; } return status; } -int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, +int mastoapi_post_handler(const xs_dict *req, const char *q_path, + const char *payload, int p_size, char **body, int *b_size, char **ctype) { if (!xs_startswith(q_path, "/api/v1/")) @@ -96,15 +156,18 @@ int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, const char *ruri = xs_dict_get(msg, "redirect_uris"); if (name && ruri) { - xs *app = xs_dict_new(); - xs *id = xs_replace_i(tid(0), ".", ""); + xs *app = xs_dict_new(); + xs *id = xs_replace_i(tid(0), ".", ""); + xs *cid = random_str(); + xs *csec = random_str(); + xs *vkey = random_str(); - app = xs_dict_append(app, "name", name); - app = xs_dict_append(app, "redirect_uri", ruri); - app = xs_dict_append(app, "client_id", "abcde"); - app = xs_dict_append(app, "client_secret", "abcde"); - app = xs_dict_append(app, "vapid_key", "abcde"); - app = xs_dict_append(app, "id", id); + app = xs_dict_append(app, "name", name); + app = xs_dict_append(app, "redirect_uri", ruri); + app = xs_dict_append(app, "client_id", cid); + app = xs_dict_append(app, "client_secret", csec); + app = xs_dict_append(app, "vapid_key", vkey); + app = xs_dict_append(app, "id", id); *body = xs_json_dumps_pp(app, 4); *ctype = "application/json"; diff --git a/snac.h b/snac.h index 438768a..f1960a3 100644 --- a/snac.h +++ b/snac.h @@ -224,7 +224,11 @@ int job_fifo_ready(void); void job_post(const xs_val *job, int urgent); void job_wait(xs_val **job); -int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, +int mastoapi_post_handler(const xs_dict *req, const char *q_path, + const char *payload, int p_size, char **body, int *b_size, char **ctype); -int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size, +int oauth_get_handler(const xs_dict *req, const char *q_path, + char **body, int *b_size, char **ctype); +int oauth_post_handler(const xs_dict *req, const char *q_path, + const char *payload, int p_size, char **body, int *b_size, char **ctype);