sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: check for obviously invalid instance URLs, use correct JSON key for mastodon scopes

Browse source
This commit is contained in:
sam 2024-11-23 20:40:09 +01:00
parent 9160281ea2
commit d0bf638a21
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
2 changed files with 18 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Foxnouns.Backend/Controllers/Authentication/FediverseAuthController.cs
View file

@ -6,7 +6,6 @@ using Foxnouns.Backend.Utils;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using NodaTime; using NodaTime;
using FediverseAuthService = Foxnouns.Backend.Services.Auth.FediverseAuthService;
namespace Foxnouns.Backend.Controllers.Authentication; namespace Foxnouns.Backend.Controllers.Authentication;
@ -25,6 +24,9 @@ public class FediverseAuthController(
[ProducesResponseType<FediverseUrlResponse>(statusCode: StatusCodes.Status200OK)] [ProducesResponseType<FediverseUrlResponse>(statusCode: StatusCodes.Status200OK)]
public async Task<IActionResult> GetFediverseUrlAsync([FromQuery] string instance) public async Task<IActionResult> GetFediverseUrlAsync([FromQuery] string instance)
{ {
if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))
throw new ApiError.BadRequest("Not a valid domain.", "instance", instance);
var url = await fediverseAuthService.GenerateAuthUrlAsync(instance); var url = await fediverseAuthService.GenerateAuthUrlAsync(instance);
return Ok(new FediverseUrlResponse(url)); return Ok(new FediverseUrlResponse(url));
} }

24
Foxnouns.Backend/Services/Auth/FediverseAuthService.Mastodon.cs
View file

@ -1,3 +1,4 @@
using System.Diagnostics.CodeAnalysis;
using System.Net; using System.Net;
using System.Web; using System.Web;
using Foxnouns.Backend.Database; using Foxnouns.Backend.Database;
@ -17,16 +18,13 @@ public partial class FediverseAuthService
Snowflake? existingAppId = null Snowflake? existingAppId = null
) )
{ {
var resp = await _client.PostAsync( var resp = await _client.PostAsJsonAsync(
$"https://{instance}/api/v1/apps", $"https://{instance}/api/v1/apps",
new FormUrlEncodedContent( new CreateMastodonApplicationRequest(
new Dictionary<string, string> ClientName: $"pronouns.cc (+{_config.BaseUrl})",
{ RedirectUris: MastodonRedirectUri(instance),
{ "client_name", $"pronouns.cc (+{_config.BaseUrl})" }, Scopes: "read read:accounts",
{ "redirect_uris", MastodonRedirectUri(instance) }, Website: _config.BaseUrl
{ "scope", "read:accounts" },
{ "website", _config.BaseUrl },
}
) )
); );
resp.EnsureSuccessStatusCode(); resp.EnsureSuccessStatusCode();
@ -237,9 +235,17 @@ public partial class FediverseAuthService
private static string MastodonCurrentAppUri(string instance) => private static string MastodonCurrentAppUri(string instance) =>
$"https://{instance}/api/v1/apps/verify_credentials"; $"https://{instance}/api/v1/apps/verify_credentials";
[SuppressMessage("ReSharper", "ClassNeverInstantiated.Local")]
private record PartialMastodonApplication( private record PartialMastodonApplication(
[property: J("name")] string Name, [property: J("name")] string Name,
[property: J("client_id")] string ClientId, [property: J("client_id")] string ClientId,
[property: J("client_secret")] string ClientSecret [property: J("client_secret")] string ClientSecret
); );
private record CreateMastodonApplicationRequest(
[property: J("client_name")] string ClientName,
[property: J("redirect_uris")] string RedirectUris,
[property: J("scopes")] string Scopes,
[property: J("website")] string Website
);
} }