From f4cb262310dd810bcece94de7592c85e44bdab95 Mon Sep 17 00:00:00 2001 From: Inhji Date: Thu, 8 Jun 2023 09:06:16 +0200 Subject: [PATCH] add app_token verification, add config, syndicate query --- lib/chiya/accounts.ex | 4 ++ lib/chiya/accounts/user_token.ex | 4 ++ lib/chiya_web/controllers/token_controller.ex | 2 +- lib/chiya_web/indie/micropub_handler.ex | 52 +++++++++++++++++-- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/lib/chiya/accounts.ex b/lib/chiya/accounts.ex index 5d20f3c..d0664bd 100644 --- a/lib/chiya/accounts.ex +++ b/lib/chiya/accounts.ex @@ -255,6 +255,10 @@ defmodule Chiya.Accounts do Repo.insert(changeset) end + def get_app_token(app_name, context) do + Repo.one(UserToken.app_name_and_context_query(app_name, context)) + end + def delete_app_token(id) do Repo.delete(Repo.get(UserToken, id)) end diff --git a/lib/chiya/accounts/user_token.ex b/lib/chiya/accounts/user_token.ex index 8018302..a737c46 100644 --- a/lib/chiya/accounts/user_token.ex +++ b/lib/chiya/accounts/user_token.ex @@ -184,6 +184,10 @@ defmodule Chiya.Accounts.UserToken do from UserToken, where: [token: ^token, context: ^context] end + def app_name_and_context_query(app_name, context) do + from UserToken, where: [sent_to: ^app_name, context: ^context] + end + @doc """ Gets all tokens for the given user for the given contexts. """ diff --git a/lib/chiya_web/controllers/token_controller.ex b/lib/chiya_web/controllers/token_controller.ex index 75152a5..22dbc42 100644 --- a/lib/chiya_web/controllers/token_controller.ex +++ b/lib/chiya_web/controllers/token_controller.ex @@ -38,7 +38,7 @@ defmodule ChiyaWeb.TokenController do end def delete(conn, %{"id" => id}) do - {:ok, _token} = Chiya.Accounts.delete_app_token(id) + {:ok, _token} = Chiya.Accounts.delete_app_token(id) conn |> put_flash(:info, "Token deleted successfully.") diff --git a/lib/chiya_web/indie/micropub_handler.ex b/lib/chiya_web/indie/micropub_handler.ex index 8abe7fb..ab41ed8 100644 --- a/lib/chiya_web/indie/micropub_handler.ex +++ b/lib/chiya_web/indie/micropub_handler.ex @@ -10,7 +10,7 @@ defmodule ChiyaWeb.Indie.MicropubHandler do dbg(properties) dbg(type) - with :ok <- Token.verify(access_token, "create", get_hostname()), + with :ok <- verify_token(access_token), {:ok, post_type} <- Props.get_post_type(properties), {:ok, note_attrs} <- get_attrs(type, post_type, properties), {:ok, note} <- Chiya.Notes.create_note(note_attrs) do @@ -51,12 +51,57 @@ defmodule ChiyaWeb.Indie.MicropubHandler do @impl true def handle_config_query(_access_token) do - {:error, :insufficient_scope} + channels = Chiya.Channels.list_channels() + + {:ok, + %{ + "destination" => [], + "post-types" => [], + "channels" => + Enum.map(channels, fn c -> + %{ + uid: c.slug, + name: c.name + } + end) + }} end @impl true def handle_syndicate_to_query(_access_token) do - {:error, :insufficient_scope} + {:ok, %{"syndicate-to" => []}} + end + + defp verify_token(access_token) do + Enum.reduce_while([&verify_app_token/1, &verify_micropub_token/1], nil, fn fun, result -> + case fun.(access_token) do + :ok -> {:halt, :ok} + error -> {:cont, error} + end + end) + end + + defp verify_micropub_token(access_token) do + Token.verify(access_token, "create", get_hostname()) + end + + defp verify_app_token(access_token) do + token = Chiya.Accounts.get_app_token("obsidian", "app") + + if not is_nil(token) do + token_string = + token.token + |> :crypto.bytes_to_integer() + |> to_string() + + if token_string == access_token do + :ok + else + {:error, :insufficient_scope, "Could not verify app token"} + end + else + {:error, :insufficient_scope, "Could not verify app token"} + end end defp get_attrs(type, post_type, properties) do @@ -85,7 +130,6 @@ defmodule ChiyaWeb.Indie.MicropubHandler do tags_string: tags, published_at: published_at }} - |> dbg() end defp get_hostname(),