hugo
/
generic-mastodon-authenticator
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '33d4b54eef'
${ noResults }
generic-mastodon-authenticator/main.go

277 lines
5.3 KiB
Go
Raw Blame History

package main
// Small generic oauth authentication server to retrieve oauth tokens
// from mastodon instances.
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"strings"
"github.com/gorilla/websocket"
"github.com/labstack/echo"
"github.com/labstack/echo/middleware"
"github.com/labstack/gommon/log"
"go.etcd.io/bbolt"
"gopkg.in/yaml.v2"
)
var (
upgrader = websocket.Upgrader{}
)
type Instance struct {
Secret string `json:"client_secret"`
ID string `json:"client_id"`
}
type App struct {
AuthMap *AuthenticationMap
Logger *echo.Logger
DB *bbolt.DB
Config *AppConfig
}
type AppConfig struct {
AppName string `yaml:"app_name"`
AppHost string `yaml:"app_host"`
AppScheme string `yaml:"app_scheme"`
DBPath string `yaml:"db_path"`
AppScopes []string `yaml:"app_scopes"`
Website string `yaml:"website"`
}
func (a *App) authRequestWebSocket(c echo.Context) error {
ws, err := upgrader.Upgrade(c.Response(), c.Request(), nil)
if err != nil {
return err
}
client := &AuthRequestClient{
conn: ws,
app: a,
}
req, err := client.ReceiveRequest()
if err != nil {
return err
}
(*a.Logger).Info("Queueing AuthRequest")
a.AuthMap.QueueRequest(req)
return nil
}
func (a *App) GetInstanceDataByRequest(request *AuthRequest) (*Instance, error) {
var instance *Instance
err := a.DB.View(func(t *bbolt.Tx) error {
instanceJson := t.Bucket([]byte("instances")).Get([]byte(request.Instance))
if instanceJson == nil {
instance = nil
return nil
}
instance = &Instance{}
err := json.Unmarshal(instanceJson, instance)
return err
})
if instance == nil && err == nil {
(*a.Logger).Infof("No instance data known for host '%s', requesting credentials from host\n", request.Instance)
instance, err = a.GetCredentialsFromInstanceHost(request.Instance)
if err != nil {
return nil, err
}
err = a.DB.Update(func(t *bbolt.Tx) error {
instanceJson, err := json.Marshal(instance)
if err != nil {
return err
}
err = t.Bucket([]byte("instances")).Put([]byte(request.Instance), instanceJson)
return err
})
return instance, err
}
return nil, err
}
func (a *App) authRequestRedirect(c echo.Context) error {
requestId := c.Param("request_id")
authRequest := a.AuthMap.GetRequestByID(requestId)
if authRequest == nil {
return c.String(http.StatusNotFound, "No authentication request found by this ID")
}
instance, err := a.GetInstanceDataByRequest(authRequest)
if err != nil {
(*a.Logger).Error(err)
}
if instance == nil {
return c.String(
http.StatusInternalServerError,
"Something has gone wrong, please note down the current time and contact the server admin",
)
}
values := &url.Values{
"client_id": []string{instance.ID},
"redirect_uri": []string{a.Config.AppScheme + "://" + a.Config.AppHost + "/confirm"},
"scopes": []string{strings.Join(a.Config.AppScopes, " ")},
"response_type": []string{"code"},
}
return c.Redirect(
http.StatusTemporaryRedirect,
"https://"+authRequest.Instance+"/oauth/authorize?"+values.Encode(),
)
}
func (c *AppConfig) FromFile(filePath string) error {
yamlfile, err := ioutil.ReadFile(filePath)
if err != nil {
return err
}
err = yaml.Unmarshal(yamlfile, c)
if err != nil {
return err
}
if c.AppName == "" || c.AppHost == "" || c.DBPath == "" || c.Website == "" {
return errors.New("app_name, app_host, db_path and website are required config parameters")
}
if c.AppScheme == "" {
c.AppScheme = "https"
}
return nil
}
func (a *App) InitializeDB() error {
(*a.Logger).Info("Initializing DB from file: ", a.Config.DBPath)
db, err := bbolt.Open(a.Config.DBPath, 0600, nil)
if err != nil {
return err
}
err = db.Update(func(t *bbolt.Tx) error {
_, err := t.CreateBucketIfNotExists([]byte("instances"))
return err
})
a.DB = db
return nil
}
func main() {
arguments := os.Args[1:]
if len(arguments) != 1 {
fmt.Fprintln(os.Stderr, "Expected 1 command line argument, but got : ", len(arguments))
fmt.Fprintln(os.Stderr, "Usage: generic-mastodon-authenticator CONFIG_PATH")
os.Exit(1)
}
config := &AppConfig{}
err := config.FromFile(arguments[0])
if err != nil {
log.Fatal(err)
}
e := echo.New()
e.Use(middleware.Logger())
e.Use(middleware.Recover())
e.Static("/", "../public")
e.Logger.SetLevel(log.INFO)
a := &App{
Logger: &e.Logger,
Config: config,
}
m := &AuthenticationMap{
app: a,
}
m.Init()
a.AuthMap = m
err = a.InitializeDB()
if err != nil {
log.Fatal(err)
}
e.GET("/ws", a.authRequestWebSocket)
e.GET("/auth/:request_id", a.authRequestRedirect)
e.Logger.Fatal(e.Start(":1323"))
}
func (a *App) GetCredentialsFromInstanceHost(host string) (*Instance, error) {
postData := &map[string]string{
"client_name": a.Config.AppName,
"redirect_uris": a.Config.AppScheme + "://" + a.Config.AppHost + "/confirm",
"scopes": strings.Join(a.Config.AppScopes, " "),
"website": a.Config.Website,
}
data, err := json.Marshal(postData)
if err != nil {
return nil, err
}
response, err := http.Post("https://"+host+"/api/v1/apps", "application/json", bytes.NewBuffer(data))
if err != nil {
return nil, err
}
body, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, err
}
instance := &Instance{}
err = json.Unmarshal(body, instance)
return instance, err
}
Reference in New Issue View Git Blame Copy Permalink