 6cb40bee26
			
		
	
	
		6cb40bee26
		
	
	
	
	
		
			
			Closes #612 Co-authored-by: tusooa <tusooa@kazv.moe> Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/626 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Co-committed-by: FloatingGhost <hannah@coffee-and-dreams.uk>
		
			
				
	
	
		
			104 lines
		
	
	
	
		
			3.1 KiB
		
	
	
	
		
			Elixir
		
	
	
	
	
	
			
		
		
	
	
			104 lines
		
	
	
	
		
			3.1 KiB
		
	
	
	
		
			Elixir
		
	
	
	
	
	
| # Pleroma: A lightweight social networking server
 | |
| # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
 | |
| # SPDX-License-Identifier: AGPL-3.0-only
 | |
| 
 | |
| defmodule Pleroma.Web.MastodonAPI.AuthController do
 | |
|   use Pleroma.Web, :controller
 | |
| 
 | |
|   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 | |
| 
 | |
|   alias Pleroma.Helpers.AuthHelper
 | |
|   alias Pleroma.Helpers.UriHelper
 | |
|   alias Pleroma.User
 | |
|   alias Pleroma.Web.OAuth.App
 | |
|   alias Pleroma.Web.OAuth.Authorization
 | |
|   alias Pleroma.Web.OAuth.Token
 | |
|   alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
 | |
|   alias Pleroma.Web.TwitterAPI.TwitterAPI
 | |
| 
 | |
|   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 | |
| 
 | |
|   plug(Pleroma.Web.Plugs.RateLimiter, [name: :password_reset] when action == :password_reset)
 | |
| 
 | |
|   @local_mastodon_name "Mastodon-Local"
 | |
| 
 | |
|   @doc "GET /web/login"
 | |
|   # Local Mastodon FE login callback action
 | |
|   def login(conn, %{"code" => auth_token} = params) do
 | |
|     with {:ok, app} <- local_mastofe_app(),
 | |
|          {:ok, auth} <- Authorization.get_by_token(app, auth_token),
 | |
|          %User{} = user <- User.get_cached_by_id(auth.user_id),
 | |
|          {:ok, oauth_token} <- Token.get_or_exchange_token(auth, app, user) do
 | |
|       redirect_to =
 | |
|         conn
 | |
|         |> local_mastodon_post_login_path()
 | |
|         |> UriHelper.modify_uri_params(%{"access_token" => oauth_token.token})
 | |
| 
 | |
|       conn
 | |
|       |> AuthHelper.put_session_token(oauth_token.token)
 | |
|       |> redirect(to: redirect_to)
 | |
|     else
 | |
|       _ -> redirect_to_oauth_form(conn, params)
 | |
|     end
 | |
|   end
 | |
| 
 | |
|   def login(conn, params) do
 | |
|     with %{assigns: %{user: %User{}, token: %Token{app_id: app_id}}} <- conn,
 | |
|          {:ok, %{id: ^app_id}} <- local_mastofe_app() do
 | |
|       redirect(conn, to: local_mastodon_post_login_path(conn))
 | |
|     else
 | |
|       _ -> redirect_to_oauth_form(conn, params)
 | |
|     end
 | |
|   end
 | |
| 
 | |
|   defp redirect_to_oauth_form(conn, _params) do
 | |
|     with {:ok, app} <- local_mastofe_app() do
 | |
|       path =
 | |
|         ~p[/oauth/authorize?#{[response_type: "code", client_id: app.client_id, redirect_uri: ".", scope: Enum.join(app.scopes, " ")]}]
 | |
| 
 | |
|       redirect(conn, to: path)
 | |
|     end
 | |
|   end
 | |
| 
 | |
|   @doc "DELETE /auth/sign_out"
 | |
|   def logout(conn, _) do
 | |
|     conn =
 | |
|       with %{assigns: %{token: %Token{} = oauth_token}} <- conn,
 | |
|            session_token = AuthHelper.get_session_token(conn),
 | |
|            {:ok, %Token{token: ^session_token}} <- RevokeToken.revoke(oauth_token) do
 | |
|         AuthHelper.delete_session_token(conn)
 | |
|       else
 | |
|         _ -> conn
 | |
|       end
 | |
| 
 | |
|     redirect(conn, to: "/")
 | |
|   end
 | |
| 
 | |
|   @doc "POST /auth/password"
 | |
|   def password_reset(conn, params) do
 | |
|     nickname_or_email = params["email"] || params["nickname"]
 | |
| 
 | |
|     TwitterAPI.password_reset(nickname_or_email)
 | |
| 
 | |
|     json_response(conn, :no_content, "")
 | |
|   end
 | |
| 
 | |
|   defp local_mastodon_post_login_path(conn) do
 | |
|     case get_session(conn, :return_to) do
 | |
|       nil ->
 | |
|         ~p"/web/getting-started"
 | |
| 
 | |
|       return_to ->
 | |
|         delete_session(conn, :return_to)
 | |
|         return_to
 | |
|     end
 | |
|   end
 | |
| 
 | |
|   @spec local_mastofe_app() :: {:ok, App.t()} | {:error, Ecto.Changeset.t()}
 | |
|   def local_mastofe_app do
 | |
|     App.get_or_make(
 | |
|       %{client_name: @local_mastodon_name, redirect_uris: "."},
 | |
|       ["read", "write", "follow", "push", "admin"]
 | |
|     )
 | |
|   end
 | |
| end
 |