worky worky quite contrerky

internal/api/client/auth/auth_test.go

@@ -28,6 +28,7 @@ import (
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/db/pg"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"golang.org/x/crypto/bcrypt"
@@ -103,7 +104,7 @@ func (suite *AuthTestSuite) SetupTest() {
 
 	log := logrus.New()
 	log.SetLevel(logrus.TraceLevel)
-	db, err := db.NewPostgresService(context.Background(), suite.config, log)
+	db, err := pg.NewPostgresService(context.Background(), suite.config, log)
 	if err != nil {
 		logrus.Panicf("error creating database connection: %s", err)
 	}

internal/api/client/auth/middleware.go

@@ -33,7 +33,7 @@ func (m *Module) OauthTokenMiddleware(c *gin.Context) {
 	l := m.log.WithField("func", "OauthTokenMiddleware")
 	l.Trace("entering OauthTokenMiddleware")
 
-	ti, err := m.server.ValidationBearerToken(c.Request)
+	ti, err := m.server.ValidationBearerToken(c.Copy().Request)
 	if err != nil {
 		l.Tracef("could not validate token: %s", err)
 		return
@@ -74,4 +74,5 @@ func (m *Module) OauthTokenMiddleware(c *gin.Context) {
 		c.Set(oauth.SessionAuthorizedApplication, app)
 		l.Tracef("set gin context %s to %+v", oauth.SessionAuthorizedApplication, app)
 	}
+	c.Next()
 }

internal/api/client/auth/token.go

@@ -20,16 +20,46 @@ package auth
 
 import (
 	"net/http"
+	"net/url"
 
 	"github.com/gin-gonic/gin"
 )
 
+type tokenBody struct {
+	ClientID     *string `form:"client_id" json:"client_id" xml:"client_id"`
+	ClientSecret *string `form:"client_secret" json:"client_secret" xml:"client_secret"`
+	Code         *string `form:"code" json:"code" xml:"code"`
+	GrantType    *string `form:"grant_type" json:"grant_type" xml:"grant_type"`
+	RedirectURI  *string `form:"redirect_uri" json:"redirect_uri" xml:"redirect_uri"`
+}
+
 // TokenPOSTHandler should be served as a POST at https://example.org/oauth/token
 // The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.
 // See https://docs.joinmastodon.org/methods/apps/oauth/#obtain-a-token
 func (m *Module) TokenPOSTHandler(c *gin.Context) {
 	l := m.log.WithField("func", "TokenPOSTHandler")
 	l.Trace("entered TokenPOSTHandler")
+
+	form := &tokenBody{}
+	if err := c.ShouldBind(form); err == nil {
+      c.Request.Form = url.Values{}
+		if form.ClientID != nil {
+			c.Request.Form.Set("client_id", *form.ClientID)
+		}
+		if form.ClientSecret != nil {
+			c.Request.Form.Set("client_secret", *form.ClientSecret)
+		}
+		if form.Code != nil {
+			c.Request.Form.Set("code", *form.Code)
+		}
+		if form.GrantType != nil {
+			c.Request.Form.Set("grant_type", *form.GrantType)
+		}
+		if form.RedirectURI != nil {
+			c.Request.Form.Set("redirect_uri", *form.RedirectURI)
+		}
+	}
+
 	if err := m.server.HandleTokenRequest(c.Writer, c.Request); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 	}

internal/api/client/media/mediacreate.go

@@ -35,30 +35,32 @@ func (m *Module) MediaCreatePOSTHandler(c *gin.Context) {
 	authed, err := oauth.Authed(c, true, true, true, true) // posting new media is serious business so we want *everything*
 	if err != nil {
 		l.Debugf("couldn't auth: %s", err)
-		c.JSON(http.StatusForbidden, gin.H{"error": err.Error()})
+		c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
 		return
 	}
 
 	// extract the media create form from the request context
 	l.Tracef("parsing request form: %s", c.Request.Form)
-	var form model.AttachmentRequest
+	form := &model.AttachmentRequest{}
 	if err := c.ShouldBind(&form); err != nil {
-		l.Debugf("could not parse form from request: %s", err)
-		c.JSON(http.StatusBadRequest, gin.H{"error": "missing one or more required form values"})
+		l.Debugf("error parsing form: %s", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Errorf("could not parse form: %s", err)})
 		return
 	}
 
 	// Give the fields on the request form a first pass to make sure the request is superficially valid.
 	l.Tracef("validating form %+v", form)
-	if err := validateCreateMedia(&form, m.config.MediaConfig); err != nil {
+	if err := validateCreateMedia(form, m.config.MediaConfig); err != nil {
 		l.Debugf("error validating form: %s", err)
-		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		c.JSON(http.StatusUnprocessableEntity, gin.H{"error": err.Error()})
 		return
 	}
 
-	mastoAttachment, err := m.processor.MediaCreate(authed, &form)
+	l.Debug("calling processor media create func")
+	mastoAttachment, err := m.processor.MediaCreate(authed, form)
 	if err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		l.Debugf("error creating attachment: %s", err)
+		c.JSON(http.StatusUnprocessableEntity, gin.H{"error": err.Error()})
 		return
 	}
 
@@ -67,7 +69,7 @@ func (m *Module) MediaCreatePOSTHandler(c *gin.Context) {
 
 func validateCreateMedia(form *model.AttachmentRequest, config *config.MediaConfig) error {
 	// check there actually is a file attached and it's not size 0
-	if form.File == nil || form.File.Size == 0 {
+	if form.File == nil {
 		return errors.New("no attachment given")
 	}
 

internal/api/model/application.go

@@ -43,13 +43,13 @@ type Application struct {
 // And here: https://docs.joinmastodon.org/client/token/
 type ApplicationCreateRequest struct {
 	// A name for your application
-	ClientName string `form:"client_name" binding:"required"`
+	ClientName string `form:"client_name" json:"client_name" xml:"client_name" binding:"required"`
 	// Where the user should be redirected after authorization.
 	// To display the authorization code to the user instead of redirecting
 	// to a web page, use urn:ietf:wg:oauth:2.0:oob in this parameter.
-	RedirectURIs string `form:"redirect_uris" binding:"required"`
+	RedirectURIs string `form:"redirect_uris" json:"redirect_uris" xml:"redirect_uris" binding:"required"`
 	// Space separated list of scopes. If none is provided, defaults to read.
-	Scopes string `form:"scopes"`
+	Scopes string `form:"scopes" json:"scopes" xml:"scopes"`
 	// A URL to the homepage of your app
-	Website string `form:"website"`
+	Website string `form:"website" json:"website" xml:"website"`
 }

internal/api/model/attachment.go

@@ -24,8 +24,8 @@ import "mime/multipart"
 // See: https://docs.joinmastodon.org/methods/statuses/media/
 type AttachmentRequest struct {
 	File        *multipart.FileHeader `form:"file" binding:"required"`
-	Description string                `form:"description" json:"description" xml:"description"`
-	Focus       string                `form:"focus" json:"focus" xml:"focus"`
+	Description string                `form:"description"`
+	Focus       string                `form:"focus"`
 }
 
 // AttachmentRequest represents the form data parameters submitted by a client during a media update/PUT request.
@@ -63,7 +63,7 @@ type Attachment struct {
 	// See https://docs.joinmastodon.org/methods/statuses/media/#focal-points points for more.
 	Meta MediaMeta `json:"meta,omitempty"`
 	// Alternate text that describes what is in the media attachment, to be used for the visually impaired or when media attachments do not load.
-	Description string `json:"description"`
+	Description string `json:"description,omitempty"`
 	// A hash computed by the BlurHash algorithm, for generating colorful preview thumbnails when media has not been downloaded yet.
 	// See https://github.com/woltapp/blurhash
 	Blurhash string `json:"blurhash,omitempty"`

internal/api/security/extraheaders.go

@@ -0,0 +1,8 @@
+package security
+
+import "github.com/gin-gonic/gin"
+
+// ExtraHeaders adds any additional required headers to the response
+func (m *Module) ExtraHeaders(c *gin.Context) {
+	c.Header("Server", "Mastodon")
+}

internal/api/security/security.go

@@ -42,5 +42,6 @@ func New(config *config.Config, log *logrus.Logger) api.ClientModule {
 // Route attaches security middleware to the given router
 func (m *Module) Route(s router.Router) error {
 	s.AttachMiddleware(m.FlocBlock)
+	s.AttachMiddleware(m.ExtraHeaders)
 	return nil
 }