Merge pull request 'add app_token verification, add config, syndicate query' (#98) from devel into main

Reviewed-on: #98
2023-06-08 09:06:50 +02:00 · 2023-06-08 09:06:50 +02:00 · 3b91e0b182
commit 3b91e0b182
parent 2e889ff3a4 59d0f954f2
4 changed files with 57 additions and 5 deletions
--- a/lib/chiya/accounts.ex
+++ b/lib/chiya/accounts.ex
@ -255,6 +255,10 @@ defmodule Chiya.Accounts do
    Repo.insert(changeset)
  end

+  def get_app_token(app_name, context) do
+    Repo.one(UserToken.app_name_and_context_query(app_name, context))
+  end
+
  def delete_app_token(id) do
    Repo.delete(Repo.get(UserToken, id))
  end
--- a/lib/chiya/accounts/user_token.ex
+++ b/lib/chiya/accounts/user_token.ex
@ -184,6 +184,10 @@ defmodule Chiya.Accounts.UserToken do
    from UserToken, where: [token: ^token, context: ^context]
  end

+  def app_name_and_context_query(app_name, context) do
+    from UserToken, where: [sent_to: ^app_name, context: ^context]
+  end
+
  @doc """
  Gets all tokens for the given user for the given contexts.
  """
--- a/lib/chiya_web/controllers/token_controller.ex
+++ b/lib/chiya_web/controllers/token_controller.ex
@ -38,7 +38,7 @@ defmodule ChiyaWeb.TokenController do
  end

  def delete(conn, %{"id" => id}) do
-    {:ok, _token} = Chiya.Accounts.delete_app_token(id) 
+    {:ok, _token} = Chiya.Accounts.delete_app_token(id)

    conn
    |> put_flash(:info, "Token deleted successfully.")
--- a/lib/chiya_web/indie/micropub_handler.ex
+++ b/lib/chiya_web/indie/micropub_handler.ex
@ -10,7 +10,7 @@ defmodule ChiyaWeb.Indie.MicropubHandler do
    dbg(properties)
    dbg(type)

-    with :ok <- Token.verify(access_token, "create", get_hostname()),
+    with :ok <- verify_token(access_token),
         {:ok, post_type} <- Props.get_post_type(properties),
         {:ok, note_attrs} <- get_attrs(type, post_type, properties),
         {:ok, note} <- Chiya.Notes.create_note(note_attrs) do
@ -51,12 +51,57 @@ defmodule ChiyaWeb.Indie.MicropubHandler do

  @impl true
  def handle_config_query(_access_token) do
-    {:error, :insufficient_scope}
+    channels = Chiya.Channels.list_channels()
+
+    {:ok,
+     %{
+       "destination" => [],
+       "post-types" => [],
+       "channels" =>
+         Enum.map(channels, fn c ->
+           %{
+             uid: c.slug,
+             name: c.name
+           }
+         end)
+     }}
  end

  @impl true
  def handle_syndicate_to_query(_access_token) do
-    {:error, :insufficient_scope}
+    {:ok, %{"syndicate-to" => []}}
+  end
+
+  defp verify_token(access_token) do
+    Enum.reduce_while([&verify_app_token/1, &verify_micropub_token/1], nil, fn fun, result ->
+      case fun.(access_token) do
+        :ok -> {:halt, :ok}
+        error -> {:cont, error}
+      end
+    end)
+  end
+
+  defp verify_micropub_token(access_token) do
+    Token.verify(access_token, "create", get_hostname())
+  end
+
+  defp verify_app_token(access_token) do
+    token = Chiya.Accounts.get_app_token("obsidian", "app")
+
+    if not is_nil(token) do
+      token_string =
+        token.token
+        |> :crypto.bytes_to_integer()
+        |> to_string()
+
+      if token_string == access_token do
+        :ok
+      else
+        {:error, :insufficient_scope, "Could not verify app token"}
+      end
+    else
+      {:error, :insufficient_scope, "Could not verify app token"}
+    end
  end

  defp get_attrs(type, post_type, properties) do
@ -85,7 +130,6 @@ defmodule ChiyaWeb.Indie.MicropubHandler do
       tags_string: tags,
       published_at: published_at
     }}
-    |> dbg()
  end

  defp get_hostname(),