oauth: get token support code in URL

2023-02-15 18:31:20 +00:00 · 2023-02-15 18:31:20 +00:00 · 22745197e2
commit 22745197e2
--- a/backend/test/mastodon/oauth.spec.ts
+++ b/backend/test/mastodon/oauth.spec.ts
@ -240,5 +240,25 @@ describe('Mastodon APIs', () => {
 			assert.equal(res.status, 200)
 			assertCORS(res)
 		})
 		test('token handles code in URL', async () => {
 			const db = await makeDB()
 			const client = await createTestClient(db, 'https://localhost')
 			const code = client.id + '.a'
 			const req = new Request('https://example.com/oauth/token?code=' + code, {
 				method: 'POST',
 				headers: {
 					'content-type': 'application/json',
 				},
 				body: '',
 			})
 			const res = await oauth_token.handleRequest(db, req)
 			assert.equal(res.status, 200)
 			const data = await res.json<any>()
 			assert.equal(data.access_token, code)
 		})
 	})
 })
--- a/functions/oauth/token.ts
+++ b/functions/oauth/token.ts
@ -24,12 +24,23 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
 		return new Response('', { headers })
 	}
-	const data = await readBody<Body>(request)
+	let data: Body = { code: null }
-	if (!data.code) {
+	try {
 		data = await readBody<Body>(request)
 	} catch (err: any) {
        // ignore error
    }
 	let code = data.code
 	if (!code) {
 		const url = new URL(request.url)
 		code = url.searchParams.get('code')
 	}
 	if (!code) {
 		return errors.notAuthorized('missing authorization')
 	}
-	const parts = data.code.split('.')
+	const parts = code.split('.')
 	const clientId = parts[0]
 	const client = await getClientById(db, clientId)
@ -38,7 +49,7 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
 	}
 	const res = {
-		access_token: data.code,
+		access_token: code,
 		token_type: 'Bearer',
 		scope: client.scopes,
 		created_at: (Date.now() / 1000) | 0,