wildebeest/functions/oauth/token.ts

// https://docs.joinmastodon.org/methods/oauth/#token

import * as errors from 'wildebeest/backend/src/errors'
import type { Env } from 'wildebeest/backend/src/types/env'
import { getClientById } from 'wildebeest/backend/src/mastodon/client'

export const onRequest: PagesFunction<Env, any> = async ({ params, request, env }) => {
	return handleRequest(env.DATABASE, request)
}

export async function handleRequest(db: D1Database, request: Request): Promise<Response> {
	const headers = {
		'Access-Control-Allow-Origin': '*',
		'Access-Control-Allow-Headers': 'content-type, authorization',
		'content-type': 'application/json; charset=utf-8',
	}

	if (request.method === 'OPTIONS') {
		return new Response('', { headers })
	}

	const formData = await request.formData()
	const code = formData.get('code')
	if (!code) {
		return errors.notAuthorized('missing authorization')
	}

	const parts = code.split('.')
	const clientId = parts[0]

	const client = await getClientById(db, clientId)
	if (client === null) {
		return errors.clientUnknown()
	}

	const res = {
		access_token: code,
		token_type: 'Bearer',
		scope: client.scopes,
		created_at: (Date.now() / 1000) | 0,
	}
	return new Response(JSON.stringify(res), { headers })
}
Import wildebeest code Co-authored-by: Sven Sauleau <sven@cloudflare.com> Co-authored-by: Dario Piotrowicz <dario@cloudflare.com> Co-authored-by: André Cruz <acruz@cloudflare.com> Co-authored-by: James Culveyhouse <jculveyhouse@cloudflare.com> Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> 2022-12-05 20:14:56 +00:00			`// https://docs.joinmastodon.org/methods/oauth/#token`

			`import * as errors from 'wildebeest/backend/src/errors'`
			`import type { Env } from 'wildebeest/backend/src/types/env'`
			`import { getClientById } from 'wildebeest/backend/src/mastodon/client'`

			`export const onRequest: PagesFunction<Env, any> = async ({ params, request, env }) => {`
			`return handleRequest(env.DATABASE, request)`
			`}`

			`export async function handleRequest(db: D1Database, request: Request): Promise<Response> {`
			`const headers = {`
			`'Access-Control-Allow-Origin': '*',`
			`'Access-Control-Allow-Headers': 'content-type, authorization',`
			`'content-type': 'application/json; charset=utf-8',`
			`}`

			`if (request.method === 'OPTIONS') {`
			`return new Response('', { headers })`
			`}`

MOW-92: switch /oauth/token to form data 2023-01-10 10:09:19 +00:00			`const formData = await request.formData()`
			`const code = formData.get('code')`
			`if (!code) {`
Import wildebeest code Co-authored-by: Sven Sauleau <sven@cloudflare.com> Co-authored-by: Dario Piotrowicz <dario@cloudflare.com> Co-authored-by: André Cruz <acruz@cloudflare.com> Co-authored-by: James Culveyhouse <jculveyhouse@cloudflare.com> Co-authored-by: Pete Bacon Darwin <pete@bacondarwin.com> 2022-12-05 20:14:56 +00:00			`return errors.notAuthorized('missing authorization')`
			`}`

			`const parts = code.split('.')`
			`const clientId = parts[0]`

			`const client = await getClientById(db, clientId)`
			`if (client === null) {`
			`return errors.clientUnknown()`
			`}`

			`const res = {`
			`access_token: code,`
			`token_type: 'Bearer',`
			`scope: client.scopes,`
			`created_at: (Date.now() / 1000) \| 0,`
			`}`
			`return new Response(JSON.stringify(res), { headers })`
			`}`