Merge branch 'oauth-app-spam' into 'develop'

Fix OAuth app spam See merge request pleroma/pleroma!4244
2024-09-01 18:24:06 +00:00 · 2024-09-01 18:24:06 +00:00 · 9077d0925b
commit 9077d0925b
parent 61e4be396f 751d63d4bb
5 changed files with 129 additions and 24 deletions
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@ -36,8 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
      |> Map.put(:scopes, scopes)
      |> Maps.put_if_present(:user_id, user_id)

-    with cs <- App.register_changeset(%App{}, app_attrs),
-         {:ok, app} <- Repo.insert(cs) do
+    with {:ok, app} <- App.get_or_make(app_attrs) do
      render(conn, "show.json", app: app)
    end
  end
--- a/lib/pleroma/web/o_auth/app.ex
+++ b/lib/pleroma/web/o_auth/app.ex
@ -67,35 +67,27 @@ defmodule Pleroma.Web.OAuth.App do
    with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do
      app
      |> changeset(params)
+      |> validate_required([:scopes])
      |> Repo.update()
    end
  end

  @doc """
-  Gets app by attrs or create new  with attrs.
-  And updates the scopes if need.
+  Gets app by attrs or create new with attrs.
+  Updates the attrs if needed.
  """
-  @spec get_or_make(map(), list(String.t())) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
-  def get_or_make(attrs, scopes) do
-    with %__MODULE__{} = app <- Repo.get_by(__MODULE__, attrs) do
-      update_scopes(app, scopes)
+  @spec get_or_make(map()) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
+  def get_or_make(attrs) do
+    with %__MODULE__{} = app <- Repo.get_by(__MODULE__, client_name: attrs.client_name) do
+      __MODULE__.update(app.id, Map.take(attrs, [:scopes, :website]))
    else
      _e ->
        %__MODULE__{}
-        |> register_changeset(Map.put(attrs, :scopes, scopes))
+        |> register_changeset(attrs)
        |> Repo.insert()
    end
  end

-  defp update_scopes(%__MODULE__{} = app, []), do: {:ok, app}
-  defp update_scopes(%__MODULE__{scopes: scopes} = app, scopes), do: {:ok, app}
-
-  defp update_scopes(%__MODULE__{} = app, scopes) do
-    app
-    |> change(%{scopes: scopes})
-    |> Repo.update()
-  end
-
  @spec search(map()) :: {:ok, [t()], non_neg_integer()}
  def search(params) do
    query = from(a in __MODULE__)