Commit 1f6fa969 authored by Eugen Rochko's avatar Eugen Rochko

Use client credentials flow to verify app secrets for instance still work

parent 1b0e90fa
# frozen_string_literal: true
class MastodonClient < ApplicationRecord
class << self
def obtain!(domain, callback_url)
new_client = Mastodon::REST::Client.new(base_url: "https://#{domain}").create_app('Mastodon Bridge', callback_url, 'read follow')
client = self.new(domain: domain)
client.client_id = new_client.client_id
client.client_secret = new_client.client_secret
client.save!
client
end
end
def client_token
return attributes['client_token'] if attributes['client_token'].present?
res = HTTP.post("https://#{domain}/oauth/token", params: {
grant_type: 'client_credentials',
client_id: client_id,
client_secret: client_secret,
})
info = Oj.load(res.to_s, mode: :null)
return if info.nil?
update!(client_token: info['access_token'])
info['access_token']
end
def still_valid?
return false if client_token.blank?
res = HTTP.get("https://#{domain}/api/v1/apps/verify_credentials", headers: { 'Authorization': "Bearer #{client_token}" })
res.code == 200
end
end
......@@ -250,15 +250,18 @@ Devise.setup do |config|
config.omniauth :twitter, ENV['TWITTER_CLIENT_ID'], ENV['TWITTER_CLIENT_SECRET']
config.omniauth :mastodon, scope: 'read follow', credentials: lambda { |domain, callback_url|
client = MastodonClient.where(domain: domain).first_or_initialize(domain: domain)
return [client.client_id, client.client_secret] unless client.new_record?
new_client = Mastodon::REST::Client.new(base_url: "https://#{domain}").create_app('Mastodon Bridge', callback_url, 'read follow')
client.client_id = new_client.client_id
client.client_secret = new_client.client_secret
client.save
client = MastodonClient.where(domain: domain).first
if client.nil?
client = MastodonClient.obtain!(domain, callback_url)
else
still_valid = Rails.cache.fetch("client-status/#{client.id}") { client.still_valid? }
unless still_valid
client.destroy!
client = MastodonClient.obtain!(domain, callback_url)
end
end
[client.client_id, client.client_secret]
}
......
class AddClientTokenToMastodonClients < ActiveRecord::Migration[5.1]
def change
add_column :mastodon_clients, :client_token, :string
end
end
......@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20170404222753) do
ActiveRecord::Schema.define(version: 20180110004149) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
......@@ -34,6 +34,7 @@ ActiveRecord::Schema.define(version: 20170404222753) do
t.string "client_secret"
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "client_token"
t.index ["domain"], name: "index_mastodon_clients_on_domain", unique: true
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment