Merge pull request #384 from cloudflare/sven/insert-ui-client

add client for the UI

backend/test/mastodon/oauth.spec.ts

@@ -85,7 +85,7 @@ describe('Mastodon APIs', () => {
 				headers,
 			})
 			const res = await oauth_authorize.handleRequestPost(req, db, userKEK, accessDomain, accessAud)
-			assert.equal(res.status, 403)
+			assert.equal(res.status, 422)
 		})
 
 		test('authorize redirects with code on success and show first login', async () => {

frontend/src/routes/layout.tsx

@@ -6,12 +6,12 @@ type AuthLoaderData = {
 	isAuthorized: boolean
 }
 
-export const authLoader = loader$<Promise<AuthLoaderData>>(async ({ platform, request }) => {
+export const authLoader = loader$<Promise<AuthLoaderData>>(async ({ platform }) => {
 	const isAuthorized = platform.data.connectedActor !== null
-	// FIXME(sven): remove hardcoded value
+	// defined in migrations/0010_add_ui_client.sql
 	const UI_CLIENT_ID = '924801be-d211-495d-8cac-e73503413af8'
 	const params = new URLSearchParams({
-		redirect_uri: request.url,
+		redirect_uri: '/',
 		response_type: 'code',
 		client_id: UI_CLIENT_ID,
 		scope: 'all',

functions/oauth/authorize.ts

@@ -50,7 +50,7 @@ export async function buildRedirect(
 
 	const redirect_uri = url.searchParams.get('redirect_uri')
 	if (client.redirect_uris !== redirect_uri) {
-		return new Response('', { status: 403 })
+		return errors.validationError('redirect_uri not allowed')
 	}
 
 	const code = `${client.id}.${jwt}`

migrations/0010_add_ui_client.sql

@@ -0,0 +1,4 @@
+-- Migration number: 0010 	 2023-03-08T09:40:30.734Z
+
+INSERT INTO clients (id, secret, name, redirect_uris, scopes)
+VALUES ('924801be-d211-495d-8cac-e73503413af8', hex(randomblob(42)), 'Wildebeest User Interface', '/', 'all');