[feature] Refactor tokens, allow multiple app redirect_uris (#3849)

* [feature] Refactor tokens, allow multiple app redirect_uris * move + tweak handlers a bit * return error for unset oauth2.ClientStore funcs * wrap UpdateToken with cache * panic handling * cheeky little time optimization * unlock on error
2025-10-28 20:02:24 -05:00 · 2025-03-03 16:03:36 +01:00 · 2025-03-03 16:03:36 +01:00 · 1b37944f8b
commit 1b37944f8b
parent c80810eae8
77 changed files with 963 additions and 594 deletions
--- a/testrig/db.go
+++ b/testrig/db.go
@ -68,7 +68,6 @@ var testModels = []interface{}{
 	&gtsmodel.Notification{},
 	&gtsmodel.RouterSession{},
 	&gtsmodel.Token{},
-	&gtsmodel.Client{},
 	&gtsmodel.EmojiCategory{},
 	&gtsmodel.Tombstone{},
 	&gtsmodel.Report{},
@ -132,12 +131,6 @@ func StandardDBSetup(db db.DB, accounts map[string]*gtsmodel.Account) {
 		}
 	}

-	for _, v := range NewTestClients() {
-		if err := db.Put(ctx, v); err != nil {
-			log.Panic(ctx, err)
-		}
-	}
-
 	for _, v := range NewTestApplications() {
 		if err := db.Put(ctx, v); err != nil {
 			log.Panic(ctx, err)
--- a/testrig/oauthserver.go
+++ b/testrig/oauthserver.go
@ -20,11 +20,22 @@ package testrig
 import (
 	"context"

-	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth/handlers"
+	"github.com/superseriousbusiness/gotosocial/internal/state"
 )

 // NewTestOauthServer returns an oauth server with the given db
-func NewTestOauthServer(db db.DB) oauth.Server {
-	return oauth.New(context.Background(), db)
+func NewTestOauthServer(state *state.State) oauth.Server {
+	ctx := context.Background()
+	return oauth.New(
+		ctx,
+		state,
+		handlers.GetValidateURIHandler(ctx),
+		handlers.GetClientScopeHandler(ctx, state),
+		handlers.GetAuthorizeScopeHandler(),
+		handlers.GetInternalErrorHandler(ctx),
+		handlers.GetResponseErrorHandler(ctx),
+		handlers.GetUserAuthorizationHandler(),
+	)
 }
--- a/testrig/processor.go
+++ b/testrig/processor.go
@ -51,7 +51,7 @@ func NewTestProcessor(
 		),
 		typeutils.NewConverter(state),
 		federator,
-		NewTestOauthServer(state.DB),
+		NewTestOauthServer(state),
 		mediaManager,
 		state,
 		emailSender,
--- a/testrig/testmodels.go
+++ b/testrig/testmodels.go
@ -70,6 +70,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 			ID:              "01P9SVWS9J3SPHZQ3KCMBEN70N",
 			ClientID:        "01F8MGV8AC3NGSJW0FE8W1BV70",
 			RedirectURI:     "http://localhost:8080",
+			Scope:           "read write push",
 			Access:          "ZTK1MWMWZDGTMGMXOS0ZY2UXLWI5ZWETMWEZYZZIYTLHMZI4",
 			AccessCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
 			AccessExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
@ -79,6 +80,7 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 			ClientID:      "01F8MGV8AC3NGSJW0FE8W1BV70",
 			UserID:        "01F8MGVGPHQ2D3P3X0454H54Z5",
 			RedirectURI:   "http://localhost:8080",
+			Scope:         "read write push",
 			Code:          "ZJYYMZQ0MTQTZTU1NC0ZNJK4LWE2ZWITYTM1MDHHOTAXNJHL",
 			CodeCreateAt:  TimeMustParse("2022-06-10T15:22:08Z"),
 			CodeExpiresAt: TimeMustParse("2050-01-01T15:22:08Z"),
@ -107,37 +109,6 @@ func NewTestTokens() map[string]*gtsmodel.Token {
 	return tokens
 }

-// NewTestClients returns a map of Clients keyed according to which account they are used by.
-func NewTestClients() map[string]*gtsmodel.Client {
-	clients := map[string]*gtsmodel.Client{
-		"instance_application": {
-			ID:     "01AY6P665V14JJR0AFVRT7311Y",
-			Secret: "baedee87-6d00-4cf5-87b9-4d78ee58ef01",
-			Domain: "http://localhost:8080",
-			UserID: "",
-		},
-		"admin_account": {
-			ID:     "01F8MGWSJCND9BWBD4WGJXBM93",
-			Secret: "dda8e835-2c9c-4bd2-9b8b-77c2e26d7a7a",
-			Domain: "http://localhost:8080",
-			UserID: "01F8MGWYWKVKS3VS8DV1AMYPGE", // admin_account
-		},
-		"local_account_1": {
-			ID:     "01F8MGV8AC3NGSJW0FE8W1BV70",
-			Secret: "c3724c74-dc3b-41b2-a108-0ea3d8399830",
-			Domain: "http://localhost:8080",
-			UserID: "01F8MGVGPHQ2D3P3X0454H54Z5", // local_account_1
-		},
-		"local_account_2": {
-			ID:     "01F8MGW47HN8ZXNHNZ7E47CDMQ",
-			Secret: "8f5603a5-c721-46cd-8f1b-2e368f51379f",
-			Domain: "http://localhost:8080",
-			UserID: "01F8MH1VYJAE00TVVGMM5JNJ8X", // local_account_2
-		},
-	}
-	return clients
-}
-
 // NewTestApplications returns a map of applications keyed to which number application they are.
 func NewTestApplications() map[string]*gtsmodel.Application {
 	apps := map[string]*gtsmodel.Application{
@ -145,7 +116,7 @@ func NewTestApplications() map[string]*gtsmodel.Application {
 			ID:           "01HT5P2YHDMPAAD500NDAY8JW1",
 			Name:         "localhost:8080 instance application",
 			Website:      "http://localhost:8080",
-			RedirectURI:  "http://localhost:8080",
+			RedirectURIs: []string{"http://localhost:8080"},
 			ClientID:     "01AY6P665V14JJR0AFVRT7311Y", // instance account ID
 			ClientSecret: "baedee87-6d00-4cf5-87b9-4d78ee58ef01",
 			Scopes:       "write:accounts",
@ -154,28 +125,28 @@ func NewTestApplications() map[string]*gtsmodel.Application {
 			ID:           "01F8MGXQRHYF5QPMTMXP78QC2F",
 			Name:         "superseriousbusiness",
 			Website:      "https://superserious.business",
-			RedirectURI:  "http://localhost:8080",
+			RedirectURIs: []string{"http://localhost:8080"},
 			ClientID:     "01F8MGWSJCND9BWBD4WGJXBM93",           // admin client
 			ClientSecret: "dda8e835-2c9c-4bd2-9b8b-77c2e26d7a7a", // admin client
-			Scopes:       "read write follow push",
+			Scopes:       "read write push",
 		},
 		"application_1": {
 			ID:           "01F8MGY43H3N2C8EWPR2FPYEXG",
 			Name:         "really cool gts application",
 			Website:      "https://reallycool.app",
-			RedirectURI:  "http://localhost:8080",
+			RedirectURIs: []string{"http://localhost:8080"},
 			ClientID:     "01F8MGV8AC3NGSJW0FE8W1BV70",           // client_1
 			ClientSecret: "c3724c74-dc3b-41b2-a108-0ea3d8399830", // client_1
-			Scopes:       "read write follow push",
+			Scopes:       "read write push",
 		},
 		"application_2": {
 			ID:           "01F8MGYG9E893WRHW0TAEXR8GJ",
 			Name:         "kindaweird",
 			Website:      "https://kindaweird.app",
-			RedirectURI:  "http://localhost:8080",
+			RedirectURIs: []string{"http://localhost:8080"},
 			ClientID:     "01F8MGW47HN8ZXNHNZ7E47CDMQ",           // client_2
 			ClientSecret: "8f5603a5-c721-46cd-8f1b-2e368f51379f", // client_2
-			Scopes:       "read write follow push",
+			Scopes:       "read write push",
 		},
 	}
 	return apps
--- a/testrig/teststructs.go
+++ b/testrig/teststructs.go
@ -82,7 +82,7 @@ func SetupTestStructs(
 	transportController := NewTestTransportController(&state, httpClient)
 	mediaManager := NewTestMediaManager(&state)
 	federator := NewTestFederator(&state, transportController, mediaManager)
-	oauthServer := NewTestOauthServer(db)
+	oauthServer := NewTestOauthServer(&state)
 	emailSender := NewEmailSender(rTemplatePath, nil)
 	webPushSender := NewWebPushMockSender()