logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

authorization.ex (2887B)

    

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Web.OAuth.Authorization do

  6.   use Ecto.Schema

  7. 

  8.   alias Pleroma.Repo

  9.   alias Pleroma.User

  10.   alias Pleroma.Web.OAuth.App

  11.   alias Pleroma.Web.OAuth.Authorization

  12. 

  13.   import Ecto.Changeset

  14.   import Ecto.Query

  15. 

  16.   @type t :: %__MODULE__{}

  17. 

  18.   schema "oauth_authorizations" do

  19.     field(:token, :string)

  20.     field(:scopes, {:array, :string}, default: [])

  21.     field(:valid_until, :naive_datetime_usec)

  22.     field(:used, :boolean, default: false)

  23.     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)

  24.     belongs_to(:app, App)

  25. 

  26.     timestamps()

  27.   end

  28. 

  29.   @spec create_authorization(App.t(), User.t() | %{}, [String.t()] | nil) ::

  30.           {:ok, Authorization.t()} | {:error, Changeset.t()}

  31.   def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do

  32.     %{

  33.       scopes: scopes || app.scopes,

  34.       user_id: user.id,

  35.       app_id: app.id

  36.     }

  37.     |> create_changeset()

  38.     |> Repo.insert()

  39.   end

  40. 

  41.   @spec create_changeset(map()) :: Changeset.t()

  42.   def create_changeset(attrs \\ %{}) do

  43.     %Authorization{}

  44.     |> cast(attrs, [:user_id, :app_id, :scopes, :valid_until])

  45.     |> validate_required([:app_id, :scopes])

  46.     |> add_token()

  47.     |> add_lifetime()

  48.   end

  49. 

  50.   defp add_token(changeset) do

  51.     token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)

  52.     put_change(changeset, :token, token)

  53.   end

  54. 

  55.   defp add_lifetime(changeset) do

  56.     put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))

  57.   end

  58. 

  59.   @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()

  60.   def use_changeset(%Authorization{} = auth, params) do

  61.     auth

  62.     |> cast(params, [:used])

  63.     |> validate_required([:used])

  64.   end

  65. 

  66.   @spec use_token(Authorization.t()) ::

  67.           {:ok, Authorization.t()} | {:error, Changeset.t()} | {:error, String.t()}

  68.   def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do

  69.     if NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) < 0 do

  70.       Repo.update(use_changeset(auth, %{used: true}))

  71.     else

  72.       {:error, "token expired"}

  73.     end

  74.   end

  75. 

  76.   def use_token(%Authorization{used: true}), do: {:error, "already used"}

  77. 

  78.   @spec delete_user_authorizations(User.t()) :: {integer(), any()}

  79.   def delete_user_authorizations(%User{} = user) do

  80.     user

  81.     |> delete_by_user_query

  82.     |> Repo.delete_all()

  83.   end

  84. 

  85.   def delete_by_user_query(%User{id: user_id}) do

  86.     from(a in __MODULE__, where: a.user_id == ^user_id)

  87.   end

  88. 

  89.   @doc "gets auth for app by token"

  90.   @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}

  91.   def get_by_token(%App{id: app_id} = _app, token) do

  92.     from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token)

  93.     |> Repo.find_resource()

  94.   end

  95. end