From 9fe622cddfc0e6a4d69d00849d01c0811a4a9f61 Mon Sep 17 00:00:00 2001 From: Sven Sauleau Date: Wed, 8 Mar 2023 09:46:21 +0000 Subject: [PATCH] add client for the UI --- backend/test/mastodon/oauth.spec.ts | 2 +- frontend/src/routes/layout.tsx | 6 +++--- functions/oauth/authorize.ts | 2 +- migrations/0010_add_ui_client.sql | 4 ++++ 4 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 migrations/0010_add_ui_client.sql diff --git a/backend/test/mastodon/oauth.spec.ts b/backend/test/mastodon/oauth.spec.ts index eb55137..765e47f 100644 --- a/backend/test/mastodon/oauth.spec.ts +++ b/backend/test/mastodon/oauth.spec.ts @@ -85,7 +85,7 @@ describe('Mastodon APIs', () => { headers, }) const res = await oauth_authorize.handleRequestPost(req, db, userKEK, accessDomain, accessAud) - assert.equal(res.status, 403) + assert.equal(res.status, 422) }) test('authorize redirects with code on success and show first login', async () => { diff --git a/frontend/src/routes/layout.tsx b/frontend/src/routes/layout.tsx index 44e2719..ba847a4 100644 --- a/frontend/src/routes/layout.tsx +++ b/frontend/src/routes/layout.tsx @@ -6,12 +6,12 @@ type AuthLoaderData = { isAuthorized: boolean } -export const authLoader = loader$>(async ({ platform, request }) => { +export const authLoader = loader$>(async ({ platform }) => { const isAuthorized = platform.data.connectedActor !== null - // FIXME(sven): remove hardcoded value + // defined in migrations/0010_add_ui_client.sql const UI_CLIENT_ID = '924801be-d211-495d-8cac-e73503413af8' const params = new URLSearchParams({ - redirect_uri: request.url, + redirect_uri: '/', response_type: 'code', client_id: UI_CLIENT_ID, scope: 'all', diff --git a/functions/oauth/authorize.ts b/functions/oauth/authorize.ts index 612d856..033aac5 100644 --- a/functions/oauth/authorize.ts +++ b/functions/oauth/authorize.ts @@ -50,7 +50,7 @@ export async function buildRedirect( const redirect_uri = url.searchParams.get('redirect_uri') if (client.redirect_uris !== redirect_uri) { - return new Response('', { status: 403 }) + return errors.validationError('redirect_uri not allowed') } const code = `${client.id}.${jwt}` diff --git a/migrations/0010_add_ui_client.sql b/migrations/0010_add_ui_client.sql new file mode 100644 index 0000000..61f65b9 --- /dev/null +++ b/migrations/0010_add_ui_client.sql @@ -0,0 +1,4 @@ +-- Migration number: 0010 2023-03-08T09:40:30.734Z + +INSERT INTO clients (id, secret, name, redirect_uris, scopes) +VALUES ('924801be-d211-495d-8cac-e73503413af8', hex(randomblob(42)), 'Wildebeest User Interface', '/', 'all');