Merge pull request #360 from kelvin27315/main

Register clients without a website
pull/367/head
Sven Sauleau 2023-03-06 09:49:08 +01:00 zatwierdzone przez GitHub
commit 8da9a5ed26
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
4 zmienionych plików z 46 dodań i 7 usunięć

Wyświetl plik

@ -6,16 +6,16 @@ export interface Client {
secret: string
name: string
redirect_uris: string
website: string
scopes: string
website?: string
}
export async function createClient(
db: Database,
name: string,
redirect_uris: string,
website: string,
scopes: string
scopes: string,
website?: string
): Promise<Client> {
const id = crypto.randomUUID()
@ -28,7 +28,10 @@ export async function createClient(
INSERT INTO clients (id, secret, name, redirect_uris, website, scopes)
VALUES (?, ?, ?, ?, ?, ?)
`
const { success, error } = await db.prepare(query).bind(id, secret, name, redirect_uris, website, scopes).run()
const { success, error } = await db
.prepare(query)
.bind(id, secret, name, redirect_uris, website === undefined ? null : website, scopes)
.run()
if (!success) {
throw new Error('SQL error: ' + error)
}

Wyświetl plik

@ -36,6 +36,33 @@ describe('Mastodon APIs', () => {
assert.deepEqual(rest, {})
})
test('POST /apps registers client without website', async () => {
const db = await makeDB()
const vapidKeys = await generateVAPIDKeys()
const request = new Request('https://example.com', {
method: 'POST',
body: '{"redirect_uris":"mastodon://example.com/oauth","client_name":"Example mastodon client","scopes":"read write follow push"}',
headers: {
'content-type': 'application/json',
},
})
const res = await apps.handleRequest(db, request, vapidKeys)
assert.equal(res.status, 200)
assertCORS(res)
assertJSON(res)
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { name, redirect_uri, client_id, client_secret, vapid_key, id, ...rest } = await res.json<
Record<string, string>
>()
assert.equal(name, 'Example mastodon client')
assert.equal(redirect_uri, 'mastodon://example.com/oauth')
assert.equal(id, '20')
assert.deepEqual(rest, {})
})
test('POST /apps returns 422 for malformed requests', async () => {
// client_name and redirect_uris are required according to https://docs.joinmastodon.org/methods/apps/#form-data-parameters
const db = await makeDB()

Wyświetl plik

@ -73,7 +73,7 @@ export async function createTestClient(
redirectUri: string = 'https://localhost',
scopes: string = 'read follow'
): Promise<Client> {
return createClient(db, 'test client', redirectUri, 'https://cloudflare.com', scopes)
return createClient(db, 'test client', redirectUri, scopes, 'https://cloudflare.com')
}
type TestQueue = Queue<any> & { messages: Array<any> }

Wyświetl plik

@ -11,7 +11,7 @@ import { type Database, getDatabase } from 'wildebeest/backend/src/database'
type AppsPost = {
redirect_uris: string
website: string
website?: string
client_name: string
scopes: string
}
@ -42,9 +42,18 @@ export async function handleRequest(db: Database, request: Request, vapidKeys: J
} catch {
return errors.unprocessableEntity('redirect_uris must be a valid URI')
}
} else if (body.website) {
if (body.website.length > 2000) {
return errors.unprocessableEntity('website cannot exceed 2000 characters')
}
try {
new URL('', body.website)
} catch {
return errors.unprocessableEntity('website is invalid URI')
}
}
const client = await createClient(db, body.client_name, body.redirect_uris, body.website, body.scopes)
const client = await createClient(db, body.client_name, body.redirect_uris, body.scopes, body.website)
const vapidKey = VAPIDPublicKey(vapidKeys)
const res = {