diff --git a/internal/apimodule/account/accountcreate.go b/internal/apimodule/account/accountcreate.go index 44b28bd52..58b98c0e4 100644 --- a/internal/apimodule/account/accountcreate.go +++ b/internal/apimodule/account/accountcreate.go @@ -99,16 +99,16 @@ func (m *accountModule) accountCreate(form *mastotypes.AccountCreateRequest, sig } l.Tracef("generating a token for user %s with account %s and application %s", user.ID, user.AccountID, app.ID) - ti, err := m.oauthServer.GenerateUserAccessToken(token, app.ClientSecret, user.ID) + accessToken, err := m.oauthServer.GenerateUserAccessToken(token, app.ClientSecret, user.ID) if err != nil { return nil, fmt.Errorf("error creating new access token for user %s: %s", user.ID, err) } return &mastotypes.Token{ - AccessToken: ti.GetCode(), + AccessToken: accessToken.GetAccess(), TokenType: "Bearer", - Scope: ti.GetScope(), - CreatedAt: ti.GetCodeCreateAt().Unix(), + Scope: accessToken.GetScope(), + CreatedAt: accessToken.GetAccessCreateAt().Unix(), }, nil } diff --git a/internal/apimodule/fileserver/fileserver.go b/internal/apimodule/fileserver/fileserver.go index af7bc5a24..4f120fb4f 100644 --- a/internal/apimodule/fileserver/fileserver.go +++ b/internal/apimodule/fileserver/fileserver.go @@ -7,6 +7,7 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/apimodule" "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/db/model" "github.com/superseriousbusiness/gotosocial/internal/router" "github.com/superseriousbusiness/gotosocial/internal/storage" ) @@ -40,3 +41,23 @@ func (m *fileServer) Route(s router.Router) error { // s.AttachHandler(http.MethodPost, appsPath, m.appsPOSTHandler) return nil } + +func (m *fileServer) CreateTables(db db.DB) error { + models := []interface{}{ + &model.User{}, + &model.Account{}, + &model.Follow{}, + &model.FollowRequest{}, + &model.Status{}, + &model.Application{}, + &model.EmailDomainBlock{}, + &model.MediaAttachment{}, + } + + for _, m := range models { + if err := db.CreateTable(m); err != nil { + return fmt.Errorf("error creating table: %s", err) + } + } + return nil +} diff --git a/internal/db/model/user.go b/internal/db/model/user.go index 111ee9ec2..61e9954d5 100644 --- a/internal/db/model/user.go +++ b/internal/db/model/user.go @@ -33,7 +33,7 @@ type User struct { // id of this user in the local database; the end-user will never need to know this, it's strictly internal ID string `pg:"type:uuid,default:gen_random_uuid(),pk,notnull,unique"` // confirmed email address for this user, this should be unique -- only one email address registered per instance, multiple users per email are not supported - Email string `pg:"default:'',notnull,unique"` + Email string `pg:"default:null,unique"` // The id of the local gtsmodel.Account entry for this user, if it exists (unconfirmed users don't have an account yet) AccountID string `pg:"default:'',notnull,unique"` // The encrypted password of this user, generated using https://pkg.go.dev/golang.org/x/crypto/bcrypt#GenerateFromPassword. A salt is included so we're safe against 🌈 tables diff --git a/internal/gotosocial/actions.go b/internal/gotosocial/actions.go index 29a391d87..ff1c0335c 100644 --- a/internal/gotosocial/actions.go +++ b/internal/gotosocial/actions.go @@ -77,6 +77,9 @@ var Run action.GTSAction = func(ctx context.Context, c *config.Config, log *logr if err := m.Route(router); err != nil { return fmt.Errorf("routing error: %s", err) } + if err := m.CreateTables(dbService); err != nil { + return fmt.Errorf("table creation error: %s", err) + } } gts, err := New(dbService, &cache.MockCache{}, router, federation.New(dbService), c) diff --git a/internal/oauth/server.go b/internal/oauth/server.go index 2c0a07ed3..02d1d4b1e 100644 --- a/internal/oauth/server.go +++ b/internal/oauth/server.go @@ -20,6 +20,7 @@ package oauth import ( "context" + "fmt" "net/http" "github.com/gin-gonic/gin" @@ -169,19 +170,40 @@ func (s *s) ValidationBearerToken(r *http.Request) (oauth2.TokenInfo, error) { // // The ti parameter refers to an existing Application token that was used to make the upstream // request. This token needs to be validated and exist in database in order to create a new token. -func (s *s) GenerateUserAccessToken(ti oauth2.TokenInfo, clientSecret string, userID string) (accessToken oauth2.TokenInfo, err error) { - tgr := &oauth2.TokenGenerateRequest{ +func (s *s) GenerateUserAccessToken(ti oauth2.TokenInfo, clientSecret string, userID string) (oauth2.TokenInfo, error) { + + authToken, err := s.server.Manager.GenerateAuthToken(context.Background(), oauth2.Code, &oauth2.TokenGenerateRequest{ ClientID: ti.GetClientID(), ClientSecret: clientSecret, UserID: userID, RedirectURI: ti.GetRedirectURI(), Scope: ti.GetScope(), - Code: ti.GetCode(), - // CodeChallenge: ti.GetCodeChallenge(), - // CodeChallengeMethod: ti.GetCodeChallengeMethod(), + }) + if err != nil { + return nil, fmt.Errorf("error generating first auth token: %s", err) } + if authToken == nil { + return nil, errors.New("generated auth token was empty") + } + s.log.Tracef("obtained auth token: %+v", authToken) - return s.server.Manager.GenerateAccessToken(context.Background(), oauth2.AuthorizationCode, tgr) + accessToken, err := s.server.Manager.GenerateAccessToken(context.Background(), oauth2.AuthorizationCode, &oauth2.TokenGenerateRequest{ + ClientID: authToken.GetClientID(), + ClientSecret: clientSecret, + // UserID: userID, + RedirectURI: authToken.GetRedirectURI(), + Scope: authToken.GetScope(), + Code: authToken.GetCode(), + }) + + if err != nil { + return nil, fmt.Errorf("error generating first auth token: %s", err) + } + if accessToken == nil { + return nil, errors.New("generated access token was empty") + } + s.log.Tracef("obtained access token: %+v", accessToken) + return accessToken, nil } func New(database db.DB, log *logrus.Logger) Server { @@ -228,5 +250,6 @@ func New(database db.DB, log *logrus.Logger) Server { srv.SetClientInfoHandler(server.ClientFormHandler) return &s{ server: srv, + log: log, } } diff --git a/internal/oauth/tokenstore.go b/internal/oauth/tokenstore.go index eaf6e0a99..c4c9ff1d5 100644 --- a/internal/oauth/tokenstore.go +++ b/internal/oauth/tokenstore.go @@ -121,6 +121,9 @@ func (pts *tokenStore) RemoveByRefresh(ctx context.Context, refresh string) erro // GetByCode selects a token from the DB based on the Code field func (pts *tokenStore) GetByCode(ctx context.Context, code string) (oauth2.TokenInfo, error) { + if code == "" { + return nil, nil + } pgt := &Token{ Code: code, } @@ -132,6 +135,9 @@ func (pts *tokenStore) GetByCode(ctx context.Context, code string) (oauth2.Token // GetByAccess selects a token from the DB based on the Access field func (pts *tokenStore) GetByAccess(ctx context.Context, access string) (oauth2.TokenInfo, error) { + if access == "" { + return nil, nil + } pgt := &Token{ Access: access, } @@ -143,6 +149,9 @@ func (pts *tokenStore) GetByAccess(ctx context.Context, access string) (oauth2.T // GetByRefresh selects a token from the DB based on the Refresh field func (pts *tokenStore) GetByRefresh(ctx context.Context, refresh string) (oauth2.TokenInfo, error) { + if refresh == "" { + return nil, nil + } pgt := &Token{ Refresh: refresh, } diff --git a/pkg/mastotypes/application.go b/pkg/mastotypes/application.go index 88128f71d..1984eff46 100644 --- a/pkg/mastotypes/application.go +++ b/pkg/mastotypes/application.go @@ -43,11 +43,11 @@ type Application struct { // And here: https://docs.joinmastodon.org/client/token/ type ApplicationPOSTRequest struct { // A name for your application - ClientName string `form:"client_name"` + ClientName string `form:"client_name" binding:"required"` // Where the user should be redirected after authorization. // To display the authorization code to the user instead of redirecting // to a web page, use urn:ietf:wg:oauth:2.0:oob in this parameter. - RedirectURIs string `form:"redirect_uris"` + RedirectURIs string `form:"redirect_uris" binding:"required"` // Space separated list of scopes. If none is provided, defaults to read. Scopes string `form:"scopes"` // A URL to the homepage of your app diff --git a/scripts/auth_flow.sh b/scripts/auth_flow.sh new file mode 100644 index 000000000..76e29f567 --- /dev/null +++ b/scripts/auth_flow.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Step 1: create the app to register the new account +curl -X POST -F "client_name=ahhhhhh" -F "redirect_uris=http://localhost:8080" localhost:8080/api/v1/apps + +# Step 2: obtain a code for that app +curl -X POST -F "scope=read" -F "grant_type=client_credentials" -F "client_id=bbec8b67-b389-49fb-ad9c-4a990e95d75a" -F "client_secret=da21d8b1-0705-4a1c-a38e-96060ab5553d" -F "redirect_uri=http://localhost:8080" localhost:8080/oauth/token + +# Step 3: use the code to register a new account +curl -H "Authorization: Bearer MGVHMZQYYMYTNJK4OC0ZN2I3LTGWNWETMGE3ZTY2NTJKYZE4" -F "reason=seems like a good time my dude" -F "email=user7@example.org" -F "username=test_user7" -F "password=this is a big long password" -F "agreement=true" -F "locale=en" localhost:8080/api/v1/accounts + +# Step 4: verify the returned access token +curl -H "Authorization: Bearer ODGYODAWNTUTZJUZZI0ZMJK3LWEXMJYTYZA5NMVKZDYWMGQY" localhost:8080/api/v1/accounts/verify_credentials