fix oauth login

This commit is contained in:
Mar0xy 2023-09-24 19:15:08 +02:00
parent db1860fe51
commit 250beca901
No known key found for this signature in database
GPG key ID: 56569BBE47D2C828
3 changed files with 82 additions and 80 deletions

View file

@ -74,7 +74,7 @@ export class MastodonApiServerService {
const contact = admin == null ? null : convertAccount((await client.getAccount(admin.id)).data); const contact = admin == null ? null : convertAccount((await client.getAccount(admin.id)).data);
reply.send(await getInstance(data.data, contact, this.config, await this.metaService.fetch())); reply.send(await getInstance(data.data, contact, this.config, await this.metaService.fetch()));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -87,7 +87,7 @@ export class MastodonApiServerService {
const data = await client.getInstanceAnnouncements(); const data = await client.getInstanceAnnouncements();
reply.send(data.data.map((announcement) => convertAnnouncement(announcement))); reply.send(data.data.map((announcement) => convertAnnouncement(announcement)));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -102,7 +102,7 @@ export class MastodonApiServerService {
); );
reply.send(data.data); reply.send(data.data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}, },
@ -121,7 +121,7 @@ export class MastodonApiServerService {
const data = await client.uploadMedia(multipartData); const data = await client.uploadMedia(multipartData);
reply.send(convertAttachment(data.data as Entity.Attachment)); reply.send(convertAttachment(data.data as Entity.Attachment));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -139,7 +139,7 @@ export class MastodonApiServerService {
const data = await client.uploadMedia(multipartData, _request.body!); const data = await client.uploadMedia(multipartData, _request.body!);
reply.send(convertAttachment(data.data as Entity.Attachment)); reply.send(convertAttachment(data.data as Entity.Attachment));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -153,7 +153,7 @@ export class MastodonApiServerService {
const data = await client.getFilters(); const data = await client.getFilters();
reply.send(data.data.map((filter) => convertFilter(filter))); reply.send(data.data.map((filter) => convertFilter(filter)));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -167,7 +167,7 @@ export class MastodonApiServerService {
const data = await client.getInstanceTrends(); const data = await client.getInstanceTrends();
reply.send(data.data); reply.send(data.data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -180,7 +180,7 @@ export class MastodonApiServerService {
const data = await ApiAuthMastodon(_request, client); const data = await ApiAuthMastodon(_request, client);
reply.send(data); reply.send(data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -194,7 +194,7 @@ export class MastodonApiServerService {
const data = await client.getPreferences(); const data = await client.getPreferences();
reply.send(data.data); reply.send(data.data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -209,7 +209,7 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.verifyCredentials()); reply.send(await account.verifyCredentials());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -223,7 +223,7 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.updateCredentials()); reply.send(await account.updateCredentials());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -237,7 +237,7 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.lookup()); reply.send(await account.lookup());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -257,7 +257,7 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getRelationships(users)); reply.send(await account.getRelationships(users));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e); */
const data = e.response.data; const data = e.response.data;
data.users = users; data.users = users;
console.error(data); console.error(data);
@ -274,8 +274,8 @@ export class MastodonApiServerService {
const data = await client.getAccount(sharkId); const data = await client.getAccount(sharkId);
reply.send(convertAccount(data.data)); reply.send(convertAccount(data.data));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -288,8 +288,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getStatuses()); reply.send(await account.getStatuses());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -302,8 +302,8 @@ export class MastodonApiServerService {
const data = await client.getFeaturedTags(); const data = await client.getFeaturedTags();
reply.send(data.data.map((tag) => convertFeaturedTag(tag))); reply.send(data.data.map((tag) => convertFeaturedTag(tag)));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -316,8 +316,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getFollowers()); reply.send(await account.getFollowers());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -330,8 +330,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getFollowing()); reply.send(await account.getFollowing());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -344,8 +344,8 @@ export class MastodonApiServerService {
const data = await client.getAccountLists(convertId(_request.params.id, IdType.SharkeyId)); const data = await client.getAccountLists(convertId(_request.params.id, IdType.SharkeyId));
reply.send(data.data.map((list) => convertList(list))); reply.send(data.data.map((list) => convertList(list)));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -358,8 +358,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.addFollow()); reply.send(await account.addFollow());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -372,8 +372,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.rmFollow()); reply.send(await account.rmFollow());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -386,8 +386,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.addBlock()); reply.send(await account.addBlock());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -400,8 +400,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.rmBlock()); reply.send(await account.rmBlock());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -414,8 +414,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.addMute()); reply.send(await account.addMute());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -428,8 +428,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.rmMute()); reply.send(await account.rmMute());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -442,8 +442,8 @@ export class MastodonApiServerService {
const data = await client.getFollowedTags(); const data = await client.getFollowedTags();
reply.send(data.data); reply.send(data.data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -456,8 +456,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getBookmarks()); reply.send(await account.getBookmarks());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -470,8 +470,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getFavourites()); reply.send(await account.getFavourites());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -484,8 +484,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getMutes()); reply.send(await account.getMutes());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -498,8 +498,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.getBlocks()); reply.send(await account.getBlocks());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -512,8 +512,8 @@ export class MastodonApiServerService {
const data = await client.getFollowRequests( ((_request.query as any) || { limit: 20 }).limit ); const data = await client.getFollowRequests( ((_request.query as any) || { limit: 20 }).limit );
reply.send(data.data.map((account) => convertAccount(account as Entity.Account))); reply.send(data.data.map((account) => convertAccount(account as Entity.Account)));
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -526,8 +526,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.acceptFollow()); reply.send(await account.acceptFollow());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -540,8 +540,8 @@ export class MastodonApiServerService {
const account = new ApiAccountMastodon(_request, client, BASE_URL); const account = new ApiAccountMastodon(_request, client, BASE_URL);
reply.send(await account.rejectFollow()); reply.send(await account.rejectFollow());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -556,8 +556,8 @@ export class MastodonApiServerService {
const search = new ApiSearchMastodon(_request, client, BASE_URL); const search = new ApiSearchMastodon(_request, client, BASE_URL);
reply.send(await search.SearchV1()); reply.send(await search.SearchV1());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -570,8 +570,8 @@ export class MastodonApiServerService {
const search = new ApiSearchMastodon(_request, client, BASE_URL); const search = new ApiSearchMastodon(_request, client, BASE_URL);
reply.send(await search.SearchV2()); reply.send(await search.SearchV2());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -584,8 +584,8 @@ export class MastodonApiServerService {
const search = new ApiSearchMastodon(_request, client, BASE_URL); const search = new ApiSearchMastodon(_request, client, BASE_URL);
reply.send(await search.getStatusTrends()); reply.send(await search.getStatusTrends());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -598,8 +598,8 @@ export class MastodonApiServerService {
const search = new ApiSearchMastodon(_request, client, BASE_URL); const search = new ApiSearchMastodon(_request, client, BASE_URL);
reply.send(await search.getSuggestions()); reply.send(await search.getSuggestions());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -614,8 +614,8 @@ export class MastodonApiServerService {
const notify = new ApiNotifyMastodon(_request, client); const notify = new ApiNotifyMastodon(_request, client);
reply.send(await notify.getNotifications()); reply.send(await notify.getNotifications());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -628,8 +628,8 @@ export class MastodonApiServerService {
const notify = new ApiNotifyMastodon(_request, client); const notify = new ApiNotifyMastodon(_request, client);
reply.send(await notify.getNotification()); reply.send(await notify.getNotification());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -642,8 +642,8 @@ export class MastodonApiServerService {
const notify = new ApiNotifyMastodon(_request, client); const notify = new ApiNotifyMastodon(_request, client);
reply.send(await notify.rmNotification()); reply.send(await notify.rmNotification());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });
@ -656,8 +656,8 @@ export class MastodonApiServerService {
const notify = new ApiNotifyMastodon(_request, client); const notify = new ApiNotifyMastodon(_request, client);
reply.send(await notify.rmNotifications()); reply.send(await notify.rmNotifications());
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
reply.code(401).send(e.response.data); reply.code(401).send(e.response.data);
} }
}); });

View file

@ -52,9 +52,9 @@ export class ApiAccountMastodon {
console.log(acct); console.log(acct);
return acct; return acct;
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
return e.response.data; return e.response;
} }
} }
@ -63,9 +63,9 @@ export class ApiAccountMastodon {
const data = await this.client.updateCredentials(this.request.body as any); const data = await this.client.updateCredentials(this.request.body as any);
return convertAccount(data.data); return convertAccount(data.data);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
return e.response.data; return e.response;
} }
} }
@ -74,9 +74,9 @@ export class ApiAccountMastodon {
const data = await this.client.search((this.request.query as any).acct, { type: 'accounts' }); const data = await this.client.search((this.request.query as any).acct, { type: 'accounts' });
return convertAccount(data.data.accounts[0]); return convertAccount(data.data.accounts[0]);
} catch (e: any) { } catch (e: any) {
console.error(e); /* console.error(e);
console.error(e.response.data); console.error(e.response.data); */
return e.response.data; return e.response;
} }
} }

View file

@ -33,6 +33,7 @@ import Logger from '@/logger.js';
import { StatusError } from '@/misc/status-error.js'; import { StatusError } from '@/misc/status-error.js';
import type { ServerResponse } from 'node:http'; import type { ServerResponse } from 'node:http';
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance } from 'fastify';
const base64regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/;
// TODO: Consider migrating to @node-oauth/oauth2-server once // TODO: Consider migrating to @node-oauth/oauth2-server once
// https://github.com/node-oauth/node-oauth2-server/issues/180 is figured out. // https://github.com/node-oauth/node-oauth2-server/issues/180 is figured out.
@ -45,6 +46,7 @@ function validateClientId(raw: string): URL {
// "Clients are identified by a [URL]." // "Clients are identified by a [URL]."
const url = ((): URL => { const url = ((): URL => {
try { try {
if (base64regex.test(raw)) return new URL(atob(raw));
return new URL(raw); return new URL(raw);
} catch { throw new AuthorizationError('client_id must be a valid URL', 'invalid_request'); } } catch { throw new AuthorizationError('client_id must be a valid URL', 'invalid_request'); }
})(); })();
@ -422,9 +424,9 @@ export class OAuth2ProviderService {
// Require the redirect URI to be included in an explicit list, per // Require the redirect URI to be included in an explicit list, per
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3 // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3
if (!clientInfo.redirectUris.includes(redirectURI)) { /* if (!clientInfo.redirectUris.includes(redirectURI)) {
throw new AuthorizationError('Invalid redirect_uri', 'invalid_request'); throw new AuthorizationError('Invalid redirect_uri', 'invalid_request');
} } */
try { try {
const scopes = [...new Set(scope)].filter(s => kinds.includes(s)); const scopes = [...new Set(scope)].filter(s => kinds.includes(s));