|
|
@@ -73,12 +73,14 @@ xs_dict *app_get(const char *id)
|
|
|
|
|
|
const char *login_page = ""
|
|
|
"<!DOCTYPE html>\n"
|
|
|
-"<body><h1>%s identify</h1>\n"
|
|
|
+"<body><h1>%s OAuth identify</h1>\n"
|
|
|
+"<div style=\"background-color: red; color: white\">%s</div>\n"
|
|
|
"<form method=\"post\" action=\"https:/" "/%s/oauth/x-snac-login\">\n"
|
|
|
"<p>Login: <input type=\"text\" name=\"login\"></p>\n"
|
|
|
"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
|
|
|
"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
|
|
|
"<input type=\"hidden\" name=\"cid\" value=\"%s\">\n"
|
|
|
+"<input type=\"submit\" value=\"OK\">\n"
|
|
|
"</form><p>%s</p></body>\n"
|
|
|
"";
|
|
|
|
|
|
@@ -90,13 +92,15 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
|
|
|
|
|
|
{
|
|
|
xs *j = xs_json_dumps_pp(req, 4);
|
|
|
- printf("oauth:\n%s\n", j);
|
|
|
+ printf("oauth get:\n%s\n", j);
|
|
|
}
|
|
|
|
|
|
int status = 404;
|
|
|
xs_dict *msg = xs_dict_get(req, "q_vars");
|
|
|
xs *cmd = xs_replace(q_path, "/oauth", "");
|
|
|
|
|
|
+ srv_debug(0, xs_fmt("oauth_get_handler %s", q_path));
|
|
|
+
|
|
|
if (strcmp(cmd, "/authorize") == 0) {
|
|
|
const char *cid = xs_dict_get(msg, "client_id");
|
|
|
const char *ruri = xs_dict_get(msg, "redirect_uri");
|
|
|
@@ -110,11 +114,17 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
|
|
|
if (app != NULL) {
|
|
|
const char *host = xs_dict_get(srv_config, "host");
|
|
|
|
|
|
- *body = xs_fmt(login_page, host, host, ruri, cid, USER_AGENT);
|
|
|
+ *body = xs_fmt(login_page, host, "", host, ruri, cid, USER_AGENT);
|
|
|
*ctype = "text/html";
|
|
|
status = 200;
|
|
|
+
|
|
|
+ srv_debug(0, xs_fmt("oauth authorize: generating login page"));
|
|
|
}
|
|
|
+ else
|
|
|
+ srv_debug(0, xs_fmt("oauth authorize: bad client_id %s", cid));
|
|
|
}
|
|
|
+ else
|
|
|
+ srv_debug(0, xs_fmt("oauth authorize: invalid or unset arguments"));
|
|
|
}
|
|
|
|
|
|
return status;
|
|
|
@@ -122,25 +132,70 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
|
|
|
|
|
|
|
|
|
int oauth_post_handler(const xs_dict *req, const char *q_path,
|
|
|
- const char *payload, int p_size,
|
|
|
- char **body, int *b_size, char **ctype)
|
|
|
+ const char *payload, int p_size,
|
|
|
+ char **body, int *b_size, char **ctype)
|
|
|
{
|
|
|
if (!xs_startswith(q_path, "/oauth/"))
|
|
|
return 0;
|
|
|
|
|
|
+ {
|
|
|
+ xs *j = xs_json_dumps_pp(req, 4);
|
|
|
+ printf("oauth post:\n%s\n", j);
|
|
|
+ }
|
|
|
+
|
|
|
int status = 404;
|
|
|
xs_dict *msg = xs_dict_get(req, "p_vars");
|
|
|
xs *cmd = xs_replace(q_path, "/oauth", "");
|
|
|
|
|
|
- printf("oauth: %s\n", q_path);
|
|
|
+ srv_debug(0, xs_fmt("oauth_post_handler %s", q_path));
|
|
|
+
|
|
|
+ if (strcmp(cmd, "/x-snac-login") == 0) {
|
|
|
+ const char *login = xs_dict_get(msg, "login");
|
|
|
+ const char *passwd = xs_dict_get(msg, "passwd");
|
|
|
+ const char *redir = xs_dict_get(msg, "redir");
|
|
|
+ const char *cid = xs_dict_get(msg, "cid");
|
|
|
+
|
|
|
+ const char *host = xs_dict_get(srv_config, "host");
|
|
|
+
|
|
|
+
|
|
|
+ *body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, USER_AGENT);
|
|
|
+ *ctype = "text/html";
|
|
|
+ status = 200;
|
|
|
+
|
|
|
+ if (login && passwd && redir && cid) {
|
|
|
+ snac snac;
|
|
|
|
|
|
+ if (user_open(&snac, login)) {
|
|
|
+
|
|
|
+ if (check_password(login, passwd,
|
|
|
+ xs_dict_get(snac.config, "passwd"))) {
|
|
|
+
|
|
|
+ xs *code = random_str();
|
|
|
+
|
|
|
+ xs_free(*body);
|
|
|
+ *body = xs_fmt("%s?code=%s", redir, code);
|
|
|
+ status = 303;
|
|
|
+
|
|
|
+ srv_debug(0, xs_fmt("oauth x-snac-login: redirect to %s", *body));
|
|
|
+ }
|
|
|
+ else
|
|
|
+ srv_debug(0, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
|
|
|
+
|
|
|
+ user_free(&snac);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ srv_debug(0, xs_fmt("oauth x-snac-login: bad user '%s'", login));
|
|
|
+ }
|
|
|
+ else
|
|
|
+ srv_debug(0, xs_fmt("oauth x-snac-login: invalid or unset arguments"));
|
|
|
+ }
|
|
|
+ else
|
|
|
if (strcmp(cmd, "/token") == 0) {
|
|
|
const char *gtype = xs_dict_get(msg, "grant_type");
|
|
|
const char *code = xs_dict_get(msg, "code");
|
|
|
const char *cid = xs_dict_get(msg, "client_id");
|
|
|
const char *csec = xs_dict_get(msg, "client_secret");
|
|
|
const char *ruri = xs_dict_get(msg, "redirect_uri");
|
|
|
- const char *scope = xs_dict_get(msg, "scope");
|
|
|
|
|
|
if (gtype && code && cid && csec && ruri) {
|
|
|
xs *rsp = xs_dict_new();
|
|
|
@@ -149,15 +204,18 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
|
|
|
|
|
|
rsp = xs_dict_append(rsp, "access_token", token);
|
|
|
rsp = xs_dict_append(rsp, "token_type", "Bearer");
|
|
|
- rsp = xs_dict_append(rsp, "scope", scope);
|
|
|
rsp = xs_dict_append(rsp, "created_at", cat);
|
|
|
|
|
|
*body = xs_json_dumps_pp(rsp, 4);
|
|
|
*ctype = "application/json";
|
|
|
status = 200;
|
|
|
+
|
|
|
+ srv_debug(0, xs_fmt("oauth token: successful login, token %s", token));
|
|
|
}
|
|
|
- else
|
|
|
+ else {
|
|
|
+ srv_debug(0, xs_fmt("oauth token: invalid or unset arguments"));
|
|
|
status = 400;
|
|
|
+ }
|
|
|
}
|
|
|
else
|
|
|
if (strcmp(cmd, "/revoke") == 0) {
|
|
|
@@ -178,13 +236,42 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
|
|
|
}
|
|
|
|
|
|
|
|
|
+int mastoapi_get_handler(const xs_dict *req, const char *q_path,
|
|
|
+ char **body, int *b_size, char **ctype)
|
|
|
+{
|
|
|
+ if (!xs_startswith(q_path, "/api/v1/"))
|
|
|
+ return 0;
|
|
|
+
|
|
|
+ {
|
|
|
+ xs *j = xs_json_dumps_pp(req, 4);
|
|
|
+ printf("mastoapi get:\n%s\n", j);
|
|
|
+ }
|
|
|
+
|
|
|
+ int status = 404;
|
|
|
+ xs_dict *msg = xs_dict_get(req, "q_vars");
|
|
|
+ xs *cmd = xs_replace(q_path, "/api/v1", "");
|
|
|
+
|
|
|
+ srv_debug(0, xs_fmt("mastoapi_get_handler %s", q_path));
|
|
|
+
|
|
|
+ if (strcmp(cmd, "/accounts/verify_credentials") == 0) {
|
|
|
+ }
|
|
|
+
|
|
|
+ return status;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
int mastoapi_post_handler(const xs_dict *req, const char *q_path,
|
|
|
- const char *payload, int p_size,
|
|
|
- char **body, int *b_size, char **ctype)
|
|
|
+ const char *payload, int p_size,
|
|
|
+ char **body, int *b_size, char **ctype)
|
|
|
{
|
|
|
if (!xs_startswith(q_path, "/api/v1/"))
|
|
|
return 0;
|
|
|
|
|
|
+ {
|
|
|
+ xs *j = xs_json_dumps_pp(req, 4);
|
|
|
+ printf("mastoapi post:\n%s\n", j);
|
|
|
+ }
|
|
|
+
|
|
|
int status = 404;
|
|
|
xs *msg = NULL;
|
|
|
char *i_ctype = xs_dict_get(req, "content-type");
|
default