Merge pull request #360 from kelvin27315/main

Register clients without a website

backend/src/mastodon/client.ts

@@ -6,16 +6,16 @@ export interface Client {
 	secret: string
 	name: string
 	redirect_uris: string
-	website: string
 	scopes: string
+	website?: string
 }
 
 export async function createClient(
 	db: Database,
 	name: string,
 	redirect_uris: string,
-	website: string,
-	scopes: string
+	scopes: string,
+	website?: string
 ): Promise<Client> {
 	const id = crypto.randomUUID()
 
@@ -28,7 +28,10 @@ export async function createClient(
           INSERT INTO clients (id, secret, name, redirect_uris, website, scopes)
           VALUES (?, ?, ?, ?, ?, ?)
     `
-	const { success, error } = await db.prepare(query).bind(id, secret, name, redirect_uris, website, scopes).run()
+	const { success, error } = await db
+		.prepare(query)
+		.bind(id, secret, name, redirect_uris, website === undefined ? null : website, scopes)
+		.run()
 	if (!success) {
 		throw new Error('SQL error: ' + error)
 	}

backend/test/mastodon/apps.spec.ts

@@ -36,6 +36,33 @@ describe('Mastodon APIs', () => {
 			assert.deepEqual(rest, {})
 		})
 
+		test('POST /apps registers client without website', async () => {
+			const db = await makeDB()
+			const vapidKeys = await generateVAPIDKeys()
+			const request = new Request('https://example.com', {
+				method: 'POST',
+				body: '{"redirect_uris":"mastodon://example.com/oauth","client_name":"Example mastodon client","scopes":"read write follow push"}',
+				headers: {
+					'content-type': 'application/json',
+				},
+			})
+
+			const res = await apps.handleRequest(db, request, vapidKeys)
+			assert.equal(res.status, 200)
+			assertCORS(res)
+			assertJSON(res)
+
+			// eslint-disable-next-line @typescript-eslint/no-unused-vars
+			const { name, redirect_uri, client_id, client_secret, vapid_key, id, ...rest } = await res.json<
+				Record<string, string>
+			>()
+
+			assert.equal(name, 'Example mastodon client')
+			assert.equal(redirect_uri, 'mastodon://example.com/oauth')
+			assert.equal(id, '20')
+			assert.deepEqual(rest, {})
+		})
+
 		test('POST /apps returns 422 for malformed requests', async () => {
 			// client_name and redirect_uris are required according to https://docs.joinmastodon.org/methods/apps/#form-data-parameters
 			const db = await makeDB()

backend/test/utils.ts

@@ -73,7 +73,7 @@ export async function createTestClient(
 	redirectUri: string = 'https://localhost',
 	scopes: string = 'read follow'
 ): Promise<Client> {
-	return createClient(db, 'test client', redirectUri, 'https://cloudflare.com', scopes)
+	return createClient(db, 'test client', redirectUri, scopes, 'https://cloudflare.com')
 }
 
 type TestQueue = Queue<any> & { messages: Array<any> }

functions/api/v1/apps.ts

@@ -11,7 +11,7 @@ import { type Database, getDatabase } from 'wildebeest/backend/src/database'
 
 type AppsPost = {
 	redirect_uris: string
-	website: string
+	website?: string
 	client_name: string
 	scopes: string
 }
@@ -42,9 +42,18 @@ export async function handleRequest(db: Database, request: Request, vapidKeys: J
 		} catch {
 			return errors.unprocessableEntity('redirect_uris must be a valid URI')
 		}
+	} else if (body.website) {
+		if (body.website.length > 2000) {
+			return errors.unprocessableEntity('website cannot exceed 2000 characters')
+		}
+		try {
+			new URL('', body.website)
+		} catch {
+			return errors.unprocessableEntity('website is invalid URI')
+		}
 	}
 
-	const client = await createClient(db, body.client_name, body.redirect_uris, body.website, body.scopes)
+	const client = await createClient(db, body.client_name, body.redirect_uris, body.scopes, body.website)
 	const vapidKey = VAPIDPublicKey(vapidKeys)
 
 	const res = {