pleroma-fe/src/services/new_api/oauth.js

import { reduce } from 'lodash'

const REDIRECT_URI = `${window.location.origin}/oauth-callback`

export const getOrCreateApp = ({ clientId, clientSecret, instance, commit }) => {
  if (clientId && clientSecret) {
    return Promise.resolve({ clientId, clientSecret })
  }

  const url = `${instance}/api/v1/apps`
  const form = new window.FormData()

  form.append('client_name', `PleromaFE_${window.___pleromafe_commit_hash}_${(new Date()).toISOString()}`)
  form.append('redirect_uris', REDIRECT_URI)
  form.append('scopes', 'read write follow push admin')

  return window.fetch(url, {
    method: 'POST',
    body: form
  })
    .then((data) => data.json())
    .then((app) => ({ clientId: app.client_id, clientSecret: app.client_secret }))
    .then((app) => commit('setClientData', app) || app)
}

const login = ({ instance, clientId }) => {
  const data = {
    response_type: 'code',
    client_id: clientId,
    redirect_uri: REDIRECT_URI,
    scope: 'read write follow push admin'
  }

  const dataString = reduce(data, (acc, v, k) => {
    const encoded = `${k}=${encodeURIComponent(v)}`
    if (!acc) {
      return encoded
    } else {
      return `${acc}&${encoded}`
    }
  }, false)

  // Do the redirect...
  const url = `${instance}/oauth/authorize?${dataString}`

  window.location.href = url
}

const getTokenWithCredentials = ({ clientId, clientSecret, instance, username, password }) => {
  const url = `${instance}/oauth/token`
  const form = new window.FormData()

  form.append('client_id', clientId)
  form.append('client_secret', clientSecret)
  form.append('grant_type', 'password')
  form.append('username', username)
  form.append('password', password)

  return window.fetch(url, {
    method: 'POST',
    body: form
  }).then((data) => data.json())
}

const getToken = ({ clientId, clientSecret, instance, code }) => {
  const url = `${instance}/oauth/token`
  const form = new window.FormData()

  form.append('client_id', clientId)
  form.append('client_secret', clientSecret)
  form.append('grant_type', 'authorization_code')
  form.append('code', code)
  form.append('redirect_uri', `${window.location.origin}/oauth-callback`)

  return window.fetch(url, {
    method: 'POST',
    body: form
  })
    .then((data) => data.json())
}

export const getClientToken = ({ clientId, clientSecret, instance }) => {
  const url = `${instance}/oauth/token`
  const form = new window.FormData()

  form.append('client_id', clientId)
  form.append('client_secret', clientSecret)
  form.append('grant_type', 'client_credentials')
  form.append('redirect_uri', `${window.location.origin}/oauth-callback`)

  return window.fetch(url, {
    method: 'POST',
    body: form
  }).then((data) => data.json())
}
const verifyOTPCode = ({ app, instance, mfaToken, code }) => {
  const url = `${instance}/oauth/mfa/challenge`
  const form = new window.FormData()

  form.append('client_id', app.client_id)
  form.append('client_secret', app.client_secret)
  form.append('mfa_token', mfaToken)
  form.append('code', code)
  form.append('challenge_type', 'totp')

  return window.fetch(url, {
    method: 'POST',
    body: form
  }).then((data) => data.json())
}

const verifyRecoveryCode = ({ app, instance, mfaToken, code }) => {
  const url = `${instance}/oauth/mfa/challenge`
  const form = new window.FormData()

  form.append('client_id', app.client_id)
  form.append('client_secret', app.client_secret)
  form.append('mfa_token', mfaToken)
  form.append('code', code)
  form.append('challenge_type', 'recovery')

  return window.fetch(url, {
    method: 'POST',
    body: form
  }).then((data) => data.json())
}

const revokeToken = ({ app, instance, token }) => {
  const url = `${instance}/oauth/revoke`
  const form = new window.FormData()

  form.append('client_id', app.clientId)
  form.append('client_secret', app.clientSecret)
  form.append('token', token)

  return window.fetch(url, {
    method: 'POST',
    body: form
  }).then((data) => data.json())
}

const oauth = {
  login,
  getToken,
  getTokenWithCredentials,
  getOrCreateApp,
  verifyOTPCode,
  verifyRecoveryCode,
  revokeToken
}

export default oauth
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`import { reduce } from 'lodash'`

			const REDIRECT_URI = `${window.location.origin}/oauth-callback`

			`export const getOrCreateApp = ({ clientId, clientSecret, instance, commit }) => {`
			`if (clientId && clientSecret) {`
			`return Promise.resolve({ clientId, clientSecret })`
			`}`
Move login to oauth. 2018-10-26 13:16:23 +00:00
			const url = `${instance}/api/v1/apps`
			`const form = new window.FormData()`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			form.append('client_name', `PleromaFE_${window.___pleromafe_commit_hash}_${(new Date()).toISOString()}`)
			`form.append('redirect_uris', REDIRECT_URI)`
Added OAuth 'push' and 'admin' scopes. 2019-12-08 10:52:26 +00:00			`form.append('scopes', 'read write follow push admin')`
Move login to oauth. 2018-10-26 13:16:23 +00:00
			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`})`
			`.then((data) => data.json())`
			`.then((app) => ({ clientId: app.client_id, clientSecret: app.client_secret }))`
			`.then((app) => commit('setClientData', app) \|\| app)`
Move login to oauth. 2018-10-26 13:16:23 +00:00			`}`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`const login = ({ instance, clientId }) => {`
			`const data = {`
			`response_type: 'code',`
			`client_id: clientId,`
			`redirect_uri: REDIRECT_URI,`
Added OAuth 'push' and 'admin' scopes. 2019-12-08 10:52:26 +00:00			`scope: 'read write follow push admin'`
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`}`
Move login to oauth. 2018-10-26 13:16:23 +00:00
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`const dataString = reduce(data, (acc, v, k) => {`
			const encoded = `${k}=${encodeURIComponent(v)}`
			`if (!acc) {`
			`return encoded`
			`} else {`
			return `${acc}&${encoded}`
			`}`
			`}, false)`
Move login to oauth. 2018-10-26 13:16:23 +00:00
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`// Do the redirect...`
			const url = `${instance}/oauth/authorize?${dataString}`

			`window.location.href = url`
Move login to oauth. 2018-10-26 13:16:23 +00:00			`}`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`const getTokenWithCredentials = ({ clientId, clientSecret, instance, username, password }) => {`
Re-activate registration, use oauth password flow to fetch token. 2018-11-06 20:48:05 +00:00			const url = `${instance}/oauth/token`
			`const form = new window.FormData()`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`form.append('client_id', clientId)`
			`form.append('client_secret', clientSecret)`
Re-activate registration, use oauth password flow to fetch token. 2018-11-06 20:48:05 +00:00			`form.append('grant_type', 'password')`
			`form.append('username', username)`
			`form.append('password', password)`

			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`}).then((data) => data.json())`
			`}`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`const getToken = ({ clientId, clientSecret, instance, code }) => {`
Move login to oauth. 2018-10-26 13:16:23 +00:00			const url = `${instance}/oauth/token`
			`const form = new window.FormData()`

Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`form.append('client_id', clientId)`
			`form.append('client_secret', clientSecret)`
Move login to oauth. 2018-10-26 13:16:23 +00:00			`form.append('grant_type', 'authorization_code')`
			`form.append('code', code)`
Restore old routes, enable user route as fallback. 2018-12-25 17:43:52 +00:00			form.append('redirect_uri', `${window.location.origin}/oauth-callback`)
Move login to oauth. 2018-10-26 13:16:23 +00:00
Proper clientId/secret/token caching, MastoAPI registration 2019-05-22 16:13:41 +00:00			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`})`
			`.then((data) => data.json())`
			`}`

			`export const getClientToken = ({ clientId, clientSecret, instance }) => {`
			const url = `${instance}/oauth/token`
			`const form = new window.FormData()`

			`form.append('client_id', clientId)`
			`form.append('client_secret', clientSecret)`
			`form.append('grant_type', 'client_credentials')`
			form.append('redirect_uri', `${window.location.origin}/oauth-callback`)

Move login to oauth. 2018-10-26 13:16:23 +00:00			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`}).then((data) => data.json())`
			`}`
npm eslint --fix . 2019-07-05 07:02:14 +00:00			`const verifyOTPCode = ({ app, instance, mfaToken, code }) => {`
Revert "add TOTP/Recovery Form for mobile version" This reverts commit a3811f944819430c278b6da6b08dc322a9b9ff65. 2019-06-12 20:16:55 +00:00			const url = `${instance}/oauth/mfa/challenge`
			`const form = new window.FormData()`

			`form.append('client_id', app.client_id)`
			`form.append('client_secret', app.client_secret)`
			`form.append('mfa_token', mfaToken)`
			`form.append('code', code)`
			`form.append('challenge_type', 'totp')`

			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`}).then((data) => data.json())`
			`}`

npm eslint --fix . 2019-07-05 07:02:14 +00:00			`const verifyRecoveryCode = ({ app, instance, mfaToken, code }) => {`
Revert "add TOTP/Recovery Form for mobile version" This reverts commit a3811f944819430c278b6da6b08dc322a9b9ff65. 2019-06-12 20:16:55 +00:00			const url = `${instance}/oauth/mfa/challenge`
			`const form = new window.FormData()`

			`form.append('client_id', app.client_id)`
			`form.append('client_secret', app.client_secret)`
			`form.append('mfa_token', mfaToken)`
			`form.append('code', code)`
			`form.append('challenge_type', 'recovery')`

			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`}).then((data) => data.json())`
			`}`
Move login to oauth. 2018-10-26 13:16:23 +00:00
Revoke oAuth token 2019-07-02 08:33:40 +00:00			`const revokeToken = ({ app, instance, token }) => {`
			const url = `${instance}/oauth/revoke`
			`const form = new window.FormData()`

			`form.append('client_id', app.clientId)`
			`form.append('client_secret', app.clientSecret)`
			`form.append('token', token)`

			`return window.fetch(url, {`
			`method: 'POST',`
			`body: form`
			`}).then((data) => data.json())`
			`}`

Move login to oauth. 2018-10-26 13:16:23 +00:00			`const oauth = {`
			`login,`
Re-activate registration, use oauth password flow to fetch token. 2018-11-06 20:48:05 +00:00			`getToken,`
			`getTokenWithCredentials,`
Revert "add TOTP/Recovery Form for mobile version" This reverts commit a3811f944819430c278b6da6b08dc322a9b9ff65. 2019-06-12 20:16:55 +00:00			`getOrCreateApp,`
			`verifyOTPCode,`
Revoke oAuth token 2019-07-02 08:33:40 +00:00			`verifyRecoveryCode,`
			`revokeToken`
Move login to oauth. 2018-10-26 13:16:23 +00:00			`}`

			`export default oauth`