OAuth login now works.

This commit is contained in:
default 2023-04-09 20:34:05 +02:00
parent 752058bf66
commit 4ced03bac1
3 changed files with 109 additions and 17 deletions

View file

@ -179,6 +179,9 @@ void httpd_connection(FILE *f)
if (status == 0) if (status == 0)
status = oauth_get_handler(req, q_path, &body, &b_size, &ctype); status = oauth_get_handler(req, q_path, &body, &b_size, &ctype);
if (status == 0)
status = mastoapi_get_handler(req, q_path, &body, &b_size, &ctype);
if (status == 0) if (status == 0)
status = html_get_handler(req, q_path, &body, &b_size, &ctype); status = html_get_handler(req, q_path, &body, &b_size, &ctype);
} }

View file

@ -73,12 +73,14 @@ xs_dict *app_get(const char *id)
const char *login_page = "" const char *login_page = ""
"<!DOCTYPE html>\n" "<!DOCTYPE html>\n"
"<body><h1>%s identify</h1>\n" "<body><h1>%s OAuth identify</h1>\n"
"<div style=\"background-color: red; color: white\">%s</div>\n"
"<form method=\"post\" action=\"https:/" "/%s/oauth/x-snac-login\">\n" "<form method=\"post\" action=\"https:/" "/%s/oauth/x-snac-login\">\n"
"<p>Login: <input type=\"text\" name=\"login\"></p>\n" "<p>Login: <input type=\"text\" name=\"login\"></p>\n"
"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n" "<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n" "<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
"<input type=\"hidden\" name=\"cid\" value=\"%s\">\n" "<input type=\"hidden\" name=\"cid\" value=\"%s\">\n"
"<input type=\"submit\" value=\"OK\">\n"
"</form><p>%s</p></body>\n" "</form><p>%s</p></body>\n"
""; "";
@ -90,13 +92,15 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
{ {
xs *j = xs_json_dumps_pp(req, 4); xs *j = xs_json_dumps_pp(req, 4);
printf("oauth:\n%s\n", j); printf("oauth get:\n%s\n", j);
} }
int status = 404; int status = 404;
xs_dict *msg = xs_dict_get(req, "q_vars"); xs_dict *msg = xs_dict_get(req, "q_vars");
xs *cmd = xs_replace(q_path, "/oauth", ""); xs *cmd = xs_replace(q_path, "/oauth", "");
srv_debug(0, xs_fmt("oauth_get_handler %s", q_path));
if (strcmp(cmd, "/authorize") == 0) { if (strcmp(cmd, "/authorize") == 0) {
const char *cid = xs_dict_get(msg, "client_id"); const char *cid = xs_dict_get(msg, "client_id");
const char *ruri = xs_dict_get(msg, "redirect_uri"); const char *ruri = xs_dict_get(msg, "redirect_uri");
@ -110,11 +114,17 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
if (app != NULL) { if (app != NULL) {
const char *host = xs_dict_get(srv_config, "host"); const char *host = xs_dict_get(srv_config, "host");
*body = xs_fmt(login_page, host, host, ruri, cid, USER_AGENT); *body = xs_fmt(login_page, host, "", host, ruri, cid, USER_AGENT);
*ctype = "text/html"; *ctype = "text/html";
status = 200; status = 200;
srv_debug(0, xs_fmt("oauth authorize: generating login page"));
} }
else
srv_debug(0, xs_fmt("oauth authorize: bad client_id %s", cid));
} }
else
srv_debug(0, xs_fmt("oauth authorize: invalid or unset arguments"));
} }
return status; return status;
@ -128,19 +138,64 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
if (!xs_startswith(q_path, "/oauth/")) if (!xs_startswith(q_path, "/oauth/"))
return 0; return 0;
{
xs *j = xs_json_dumps_pp(req, 4);
printf("oauth post:\n%s\n", j);
}
int status = 404; int status = 404;
xs_dict *msg = xs_dict_get(req, "p_vars"); xs_dict *msg = xs_dict_get(req, "p_vars");
xs *cmd = xs_replace(q_path, "/oauth", ""); xs *cmd = xs_replace(q_path, "/oauth", "");
printf("oauth: %s\n", q_path); srv_debug(0, xs_fmt("oauth_post_handler %s", q_path));
if (strcmp(cmd, "/x-snac-login") == 0) {
const char *login = xs_dict_get(msg, "login");
const char *passwd = xs_dict_get(msg, "passwd");
const char *redir = xs_dict_get(msg, "redir");
const char *cid = xs_dict_get(msg, "cid");
const char *host = xs_dict_get(srv_config, "host");
/* by default, generate another login form with an error */
*body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, USER_AGENT);
*ctype = "text/html";
status = 200;
if (login && passwd && redir && cid) {
snac snac;
if (user_open(&snac, login)) {
/* check the login + password */
if (check_password(login, passwd,
xs_dict_get(snac.config, "passwd"))) {
/* success! redirect to the desired uri */
xs *code = random_str();
xs_free(*body);
*body = xs_fmt("%s?code=%s", redir, code);
status = 303;
srv_debug(0, xs_fmt("oauth x-snac-login: redirect to %s", *body));
}
else
srv_debug(0, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
user_free(&snac);
}
else
srv_debug(0, xs_fmt("oauth x-snac-login: bad user '%s'", login));
}
else
srv_debug(0, xs_fmt("oauth x-snac-login: invalid or unset arguments"));
}
else
if (strcmp(cmd, "/token") == 0) { if (strcmp(cmd, "/token") == 0) {
const char *gtype = xs_dict_get(msg, "grant_type"); const char *gtype = xs_dict_get(msg, "grant_type");
const char *code = xs_dict_get(msg, "code"); const char *code = xs_dict_get(msg, "code");
const char *cid = xs_dict_get(msg, "client_id"); const char *cid = xs_dict_get(msg, "client_id");
const char *csec = xs_dict_get(msg, "client_secret"); const char *csec = xs_dict_get(msg, "client_secret");
const char *ruri = xs_dict_get(msg, "redirect_uri"); const char *ruri = xs_dict_get(msg, "redirect_uri");
const char *scope = xs_dict_get(msg, "scope");
if (gtype && code && cid && csec && ruri) { if (gtype && code && cid && csec && ruri) {
xs *rsp = xs_dict_new(); xs *rsp = xs_dict_new();
@ -149,16 +204,19 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
rsp = xs_dict_append(rsp, "access_token", token); rsp = xs_dict_append(rsp, "access_token", token);
rsp = xs_dict_append(rsp, "token_type", "Bearer"); rsp = xs_dict_append(rsp, "token_type", "Bearer");
rsp = xs_dict_append(rsp, "scope", scope);
rsp = xs_dict_append(rsp, "created_at", cat); rsp = xs_dict_append(rsp, "created_at", cat);
*body = xs_json_dumps_pp(rsp, 4); *body = xs_json_dumps_pp(rsp, 4);
*ctype = "application/json"; *ctype = "application/json";
status = 200; status = 200;
srv_debug(0, xs_fmt("oauth token: successful login, token %s", token));
} }
else else {
srv_debug(0, xs_fmt("oauth token: invalid or unset arguments"));
status = 400; status = 400;
} }
}
else else
if (strcmp(cmd, "/revoke") == 0) { if (strcmp(cmd, "/revoke") == 0) {
const char *cid = xs_dict_get(msg, "client_id"); const char *cid = xs_dict_get(msg, "client_id");
@ -178,6 +236,30 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
} }
int mastoapi_get_handler(const xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype)
{
if (!xs_startswith(q_path, "/api/v1/"))
return 0;
{
xs *j = xs_json_dumps_pp(req, 4);
printf("mastoapi get:\n%s\n", j);
}
int status = 404;
xs_dict *msg = xs_dict_get(req, "q_vars");
xs *cmd = xs_replace(q_path, "/api/v1", "");
srv_debug(0, xs_fmt("mastoapi_get_handler %s", q_path));
if (strcmp(cmd, "/accounts/verify_credentials") == 0) {
}
return status;
}
int mastoapi_post_handler(const xs_dict *req, const char *q_path, int mastoapi_post_handler(const xs_dict *req, const char *q_path,
const char *payload, int p_size, const char *payload, int p_size,
char **body, int *b_size, char **ctype) char **body, int *b_size, char **ctype)
@ -185,6 +267,11 @@ int mastoapi_post_handler(const xs_dict *req, const char *q_path,
if (!xs_startswith(q_path, "/api/v1/")) if (!xs_startswith(q_path, "/api/v1/"))
return 0; return 0;
{
xs *j = xs_json_dumps_pp(req, 4);
printf("mastoapi post:\n%s\n", j);
}
int status = 404; int status = 404;
xs *msg = NULL; xs *msg = NULL;
char *i_ctype = xs_dict_get(req, "content-type"); char *i_ctype = xs_dict_get(req, "content-type");

8
snac.h
View file

@ -224,11 +224,13 @@ int job_fifo_ready(void);
void job_post(const xs_val *job, int urgent); void job_post(const xs_val *job, int urgent);
void job_wait(xs_val **job); void job_wait(xs_val **job);
int mastoapi_post_handler(const xs_dict *req, const char *q_path,
const char *payload, int p_size,
char **body, int *b_size, char **ctype);
int oauth_get_handler(const xs_dict *req, const char *q_path, int oauth_get_handler(const xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype); char **body, int *b_size, char **ctype);
int oauth_post_handler(const xs_dict *req, const char *q_path, int oauth_post_handler(const xs_dict *req, const char *q_path,
const char *payload, int p_size, const char *payload, int p_size,
char **body, int *b_size, char **ctype); char **body, int *b_size, char **ctype);
int mastoapi_get_handler(const xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype);
int mastoapi_post_handler(const xs_dict *req, const char *q_path,
const char *payload, int p_size,
char **body, int *b_size, char **ctype);