Half-implemented OAuth system for Mastodon

public/api/signup/mastodon/get_client.php

@@ -34,9 +34,20 @@ if ($result === null) {
 }
 
 # return authentication data
-hres_json(200, OK, [
+$payload = [
 	'instance'		=> $instance,
-	'result'		=> $result,
+	'result'		=> &$result,
 	'response_type'	=> 'code',
 	'scope'			=> $scopes
-]);
+];
+$ID = sha1($result->client_id.$result->client_secret);
+file_put_contents('/tmp/oauth-'.$ID, json_encode($payload));
+
+$payload['id'] = $ID;
+unset($result->id);
+unset($result->name);
+unset($result->website);
+unset($result->vapid_key);
+unset($result->client_secret);
+
+hres_json(200, OK, $payload);

public/signup/index.php

@@ -1,6 +1,7 @@
 <?php require_once '/src/base.php' ?>
 <?php
 
+$function      = null;
 $signup_method = null;
 if (isset($_SERVER['REDIRECT_URL'])) {
 
@@ -14,17 +15,66 @@ if (isset($_SERVER['REDIRECT_URL'])) {
 	}
 
 	# get the signup method from URL
-	$signup_method = $args[1];
+	if (str_contains($args[1], ':')) {
+		$ps = explode(':', $args[1]);
+		$signup_method = $ps[0];
+		$function      = $ps[1];
+	} else {
+		$signup_method = $args[1];
+		$function      = 'view';
+	}
+
 	if (!in_array($signup_method, ['mastodon'])) {
-		die('The given arguments are not correct');
+		die('The given signup method does not exist');
+	}
+
+	if (!in_array($function, ['view', 'oauth'])) {
+		die('The given function is not correct');
+	}
+
+} else {
+	$function = 'view';
+}
+
+if ($function === 'oauth') {
+	$ID   = $_GET['id'] ?? '';
+	$code = $_GET['code'] ?? '';
+	if (empty($code) || empty($ID)) {
+		header('Location: /signup'); die;
+	}
+
+	switch ($signup_method) {
+		case 'mastodon':
+			require '/src/action/oauth/mastodon.php';
+			break;
 	}
 }
 
 ?>
 <?php require '/src/views/head.php' ?>
 <?php require '/src/views/public/head.php' ?>
+
 <main>
 SIGNUP: <?php echo $signup_method ?>
+<br>
+FUNCTION: <?php echo $function ?>
 </main>
+
+<?php require '/src/js/api.php' ?>
+<script>
+
+window.onload = function(e) {
+	<?php if ($function === 'view'): ?>
+
+	console.log('view');
+
+	<?php elseif ($function === 'oauth'): ?>
+
+	console.log('oauth');
+
+	<?php endif ?>
+}
+
+</script>
 <?php require '/src/views/public/foot.php' ?>
 <?php require '/src/views/foot.php' ?>

src/action/oauth/mastodon.php

@@ -0,0 +1,11 @@
+<?php
+
+$payload_fil = '/tmp/oauth-'.$ID;
+if (!file_exists($payload_fil)) {
+	header('Location: /signup'); die;
+}
+
+$payload = json_decode(file_get_contents($payload_fil));
+var_dump($payload);
+var_dump($code);
+die;

src/js/api.php

@@ -0,0 +1,39 @@
+<script>
+const http = {
+	request: function(method, path, payload, callbk) {
+		payload = payload || null;
+		callbk = callbk || null;
+		const oReq = new XMLHttpRequest();
+		oReq.addEventListener("load", function() { if (callbk) callbk(this.responseText) });
+		oReq.open(method, path);
+		oReq.setRequestHeader('Content-Type', 'application/json');
+		oReq.send(payload);
+	},
+	get: function(path, payload, callbk) {
+		return http.request('GET',  path, payload, callbk);
+	},
+	post: function(path, payload, callbk) {
+		return http.request('POST', path, payload, callbk);
+	}
+};
+
+const API = {
+	mastodon: {
+		registerInstance: function(instance) {
+			http.get('/api/signup/mastodon/get_client.php?instance='+encodeURIComponent(instance), {}, function(data) 
+			{
+				data = JSON.parse(data);
+				if (data.status === 'err') {
+					alert(data.message);
+					return;
+				}
+
+				const res = data.message;
+				const oauthUrl = res.instance+'/oauth/authorize?client_id='+encodeURIComponent(res.result.client_id)+'&redirect_uri='+encodeURIComponent(res.result.redirect_uri+'?id='+res.id)+'&response_type='+encodeURIComponent(res.response_type)+'&scope='+encodeURIComponent(res.scope);
+				localStorage['auth_data'] = JSON.stringify(res);
+				document.location.href = oauthUrl;
+			});
+		}
+	}
+}
+</script>