oob.go (3588B)
1 // GoToSocial 2 // Copyright (C) GoToSocial Authors admin@gotosocial.org 3 // SPDX-License-Identifier: AGPL-3.0-or-later 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package auth 19 20 import ( 21 "context" 22 "errors" 23 "fmt" 24 "net/http" 25 26 "github.com/gin-contrib/sessions" 27 "github.com/gin-gonic/gin" 28 apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" 29 apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" 30 "github.com/superseriousbusiness/gotosocial/internal/db" 31 "github.com/superseriousbusiness/gotosocial/internal/gtserror" 32 "github.com/superseriousbusiness/gotosocial/internal/oauth" 33 ) 34 35 func (m *Module) OobHandler(c *gin.Context) { 36 instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context()) 37 if errWithCode != nil { 38 apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) 39 return 40 } 41 42 instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) { 43 return instance, nil 44 } 45 46 oobToken := c.Query("code") 47 if oobToken == "" { 48 err := errors.New("no 'code' query value provided in callback redirect") 49 apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error(), oauth.HelpfulAdvice), instanceGet) 50 return 51 } 52 53 s := sessions.Default(c) 54 55 errs := []string{} 56 57 scope, ok := s.Get(sessionScope).(string) 58 if !ok { 59 errs = append(errs, fmt.Sprintf("key %s was not found in session", sessionScope)) 60 } 61 62 userID, ok := s.Get(sessionUserID).(string) 63 if !ok { 64 errs = append(errs, fmt.Sprintf("key %s was not found in session", sessionUserID)) 65 } 66 67 if len(errs) != 0 { 68 errs = append(errs, oauth.HelpfulAdvice) 69 apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(errors.New("one or more missing keys on session during OobHandler"), errs...), m.processor.InstanceGetV1) 70 return 71 } 72 73 user, err := m.db.GetUserByID(c.Request.Context(), userID) 74 if err != nil { 75 m.clearSession(s) 76 safe := fmt.Sprintf("user with id %s could not be retrieved", userID) 77 var errWithCode gtserror.WithCode 78 if err == db.ErrNoEntries { 79 errWithCode = gtserror.NewErrorBadRequest(err, safe, oauth.HelpfulAdvice) 80 } else { 81 errWithCode = gtserror.NewErrorInternalError(err, safe, oauth.HelpfulAdvice) 82 } 83 apiutil.ErrorHandler(c, errWithCode, instanceGet) 84 return 85 } 86 87 acct, err := m.db.GetAccountByID(c.Request.Context(), user.AccountID) 88 if err != nil { 89 m.clearSession(s) 90 safe := fmt.Sprintf("account with id %s could not be retrieved", user.AccountID) 91 var errWithCode gtserror.WithCode 92 if err == db.ErrNoEntries { 93 errWithCode = gtserror.NewErrorBadRequest(err, safe, oauth.HelpfulAdvice) 94 } else { 95 errWithCode = gtserror.NewErrorInternalError(err, safe, oauth.HelpfulAdvice) 96 } 97 apiutil.ErrorHandler(c, errWithCode, instanceGet) 98 return 99 } 100 101 // we're done with the session now, so just clear it out 102 m.clearSession(s) 103 104 c.HTML(http.StatusOK, "oob.tmpl", gin.H{ 105 "instance": instance, 106 "user": acct.Username, 107 "oobToken": oobToken, 108 "scope": scope, 109 }) 110 }