Half-implemented OAuth system for Mastodon

master
Bofh 1 year ago
parent 0b28014597
commit d9b0013329

@ -34,9 +34,20 @@ if ($result === null) {
}
# return authentication data
hres_json(200, OK, [
$payload = [
'instance' => $instance,
'result' => $result,
'result' => &$result,
'response_type' => 'code',
'scope' => $scopes
]);
];
$ID = sha1($result->client_id.$result->client_secret);
file_put_contents('/tmp/oauth-'.$ID, json_encode($payload));
$payload['id'] = $ID;
unset($result->id);
unset($result->name);
unset($result->website);
unset($result->vapid_key);
unset($result->client_secret);
hres_json(200, OK, $payload);

@ -1,6 +1,7 @@
<?php require_once '/src/base.php' ?>
<?php
$function = null;
$signup_method = null;
if (isset($_SERVER['REDIRECT_URL'])) {
@ -14,17 +15,66 @@ if (isset($_SERVER['REDIRECT_URL'])) {
}
# get the signup method from URL
$signup_method = $args[1];
if (str_contains($args[1], ':')) {
$ps = explode(':', $args[1]);
$signup_method = $ps[0];
$function = $ps[1];
} else {
$signup_method = $args[1];
$function = 'view';
}
if (!in_array($signup_method, ['mastodon'])) {
die('The given arguments are not correct');
die('The given signup method does not exist');
}
if (!in_array($function, ['view', 'oauth'])) {
die('The given function is not correct');
}
} else {
$function = 'view';
}
if ($function === 'oauth') {
$ID = $_GET['id'] ?? '';
$code = $_GET['code'] ?? '';
if (empty($code) || empty($ID)) {
header('Location: /signup'); die;
}
switch ($signup_method) {
case 'mastodon':
require '/src/action/oauth/mastodon.php';
break;
}
}
?>
<?php require '/src/views/head.php' ?>
<?php require '/src/views/public/head.php' ?>
<main>
SIGNUP: <?php echo $signup_method ?>
<br>
FUNCTION: <?php echo $function ?>
</main>
<?php require '/src/js/api.php' ?>
<script>
window.onload = function(e) {
<?php if ($function === 'view'): ?>
console.log('view');
<?php elseif ($function === 'oauth'): ?>
console.log('oauth');
<?php endif ?>
}
</script>
<?php require '/src/views/public/foot.php' ?>
<?php require '/src/views/foot.php' ?>

@ -0,0 +1,11 @@
<?php
$payload_fil = '/tmp/oauth-'.$ID;
if (!file_exists($payload_fil)) {
header('Location: /signup'); die;
}
$payload = json_decode(file_get_contents($payload_fil));
var_dump($payload);
var_dump($code);
die;

@ -0,0 +1,39 @@
<script>
const http = {
request: function(method, path, payload, callbk) {
payload = payload || null;
callbk = callbk || null;
const oReq = new XMLHttpRequest();
oReq.addEventListener("load", function() { if (callbk) callbk(this.responseText) });
oReq.open(method, path);
oReq.setRequestHeader('Content-Type', 'application/json');
oReq.send(payload);
},
get: function(path, payload, callbk) {
return http.request('GET', path, payload, callbk);
},
post: function(path, payload, callbk) {
return http.request('POST', path, payload, callbk);
}
};
const API = {
mastodon: {
registerInstance: function(instance) {
http.get('/api/signup/mastodon/get_client.php?instance='+encodeURIComponent(instance), {}, function(data)
{
data = JSON.parse(data);
if (data.status === 'err') {
alert(data.message);
return;
}
const res = data.message;
const oauthUrl = res.instance+'/oauth/authorize?client_id='+encodeURIComponent(res.result.client_id)+'&redirect_uri='+encodeURIComponent(res.result.redirect_uri+'?id='+res.id)+'&response_type='+encodeURIComponent(res.response_type)+'&scope='+encodeURIComponent(res.scope);
localStorage['auth_data'] = JSON.stringify(res);
document.location.href = oauthUrl;
});
}
}
}
</script>
Loading…
Cancel
Save