hj/pleroma-fe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Create an app only when needed

Browse source
This commit is contained in:
tusooa 2025-03-09 15:06:19 -04:00
commit 3a4cdbef15
No known key found for this signature in database
GPG key ID: 42AEC43D48433C51
12 changed files with 449 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

108
src/modules/oauth.js
View file

@ -1,5 +1,27 @@
import { createApp, getClientToken, verifyAppToken } from 'src/services/new_api/oauth.js'
// status codes about verifyAppToken (GET /api/v1/apps/verify_credentials)
const isAppTokenRejected = error => (
// Pleroma API docs say it returns 422 when unauthorized
error.statusCode === 422 ||
// but it actually returns 400 (as of 2.9.0)
// NOTE: don't try to match against the error message, it is translatable
error.statusCode === 400 ||
// and Mastodon docs say it returns 401
error.statusCode === 401
)
// status codes about getAppToken (GET /oauth/token)
const isClientDataRejected = error => (
// Mastodon docs say it returns 401
error.statusCode === 401 ||
// but Pleroma actually returns 400 (as of 2.9.0)
// NOTE: don't try to match against the error message, it is translatable
error.statusCode === 400
)
const oauth = {
state: {
state: () => ({
clientId: false,
clientSecret: false,
/* App token is authentication for app without any user, used mostly for
@ -11,7 +33,7 @@ const oauth = {
* that need authorized user to be successful (i.e. posting, liking etc)
*/
userToken: false
},
}),
mutations: {
setClientData (state, { clientId, clientSecret }) {
state.clientId = clientId
@ -41,6 +63,88 @@ const oauth = {
// added here for smoother transition, otherwise user will be logged out
return state.userToken || state.token
}
},
actions: {
async createApp ({ rootState, commit }) {
const instance = rootState.instance.server
const app = await createApp(instance)
commit('setClientData', app)
return app
},
/// Use this if you want to get the client id and secret but are not interested
/// in whether they are valid.
/// @return {{ clientId: string, clientSecret: string }} An object representing the app
ensureApp ({ state, dispatch }) {
if (state.clientId && state.clientSecret) {
return {
clientId: state.clientId,
clientSecret: state.clientSecret
}
} else {
return dispatch('createApp')
}
},
async getAppToken ({ state, rootState, commit }) {
const res = await getClientToken({
clientId: state.clientId,
clientSecret: state.clientSecret,
instance: rootState.instance.server
})
commit('setAppToken', res.access_token)
return res.access_token
},
/// Use this if you want to ensure the app is still valid to use.
/// @return {string} The access token to the app (not attached to any user)
async ensureAppToken ({ state, rootState, dispatch, commit }) {
if (state.appToken) {
try {
await verifyAppToken({
instance: rootState.instance.server,
appToken: state.appToken
})
return state.appToken
} catch (e) {
if (!isAppTokenRejected(e)) {
// The server did not reject our token, but we encountered other problems. Maybe the server is down.
throw e
} else {
// The app token is rejected, so it is no longer useful.
commit('setAppToken', false)
}
}
}
// appToken is not available, or is rejected: try to get a new one.
// First, make sure the client id and client secret are filled.
try {
await dispatch('ensureApp')
} catch (e) {
console.error('Cannot create app', e)
throw e
}
// Note that at this step, the client id and secret may be invalid
// (because the backend may have already deleted the app due to no user login)
try {
return await dispatch('getAppToken')
} catch (e) {
if (!isClientDataRejected(e)) {
// Non-credentials problem, fail fast
console.error('Cannot get app token', e)
throw e
} else {
// the client id and secret are invalid, so we should clear them
// and re-create our app
commit('setClientData', {
clientId: false,
clientSecret: false
})
await dispatch('createApp')
// try once again to get the token
return await dispatch('getAppToken')
}
}
}
}
}