hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#1234] Mastodon 2.4.3 hierarchical scopes initial support (WIP).

Browse source
This commit is contained in:
Ivan Tashkinov 2019-09-08 15:00:03 +03:00
commit b63faf9819
8 changed files with 113 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

20
lib/pleroma/plugs/oauth_scopes_plug.ex
View file

@ -13,15 +13,16 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
op = options[:op] || :|
token = assigns[:token]
matched_scopes = token && filter_descendants(scopes, token.scopes)
cond do
is_nil(token) ->
conn
op == :| && scopes -- token.scopes != scopes ->
op == :| && Enum.any?(matched_scopes) ->
conn
op == :& && scopes -- token.scopes == [] ->
op == :& && matched_scopes == scopes ->
conn
options[:fallback] == :proceed_unauthenticated ->
@ -30,7 +31,7 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
|> assign(:token, nil)
true ->
missing_scopes = scopes -- token.scopes
missing_scopes = scopes -- matched_scopes
permissions = Enum.join(missing_scopes, " #{op} ")
error_message =
@ -42,4 +43,17 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
|> halt()
end
end
@doc "Filters descendants of supported scopes"
def filter_descendants(scopes, supported_scopes) do
Enum.filter(
scopes,
fn scope ->
Enum.find(
supported_scopes,
&(scope == &1 || String.starts_with?(scope, &1 <> ":"))
)
end
)
end
end

36
lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
View file

@ -19,6 +19,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
alias Pleroma.Notification
alias Pleroma.Object
alias Pleroma.Pagination
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo
alias Pleroma.ScheduledActivity
@ -52,6 +53,41 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
require Logger
require Pleroma.Constants
plug(
OAuthScopesPlug,
%{scopes: ["follow", "read:blocks"]} when action in [:blocks, :domain_blocks]
)
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:blocks"]}
when action in [:block, :unblock, :block_domain, :unblock_domain]
)
plug(OAuthScopesPlug, %{scopes: ["follow", "read:follows"]} when action == :follow_requests)
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]}
when action in [
:follow,
:unfollow,
:subscribe,
:unsubscribe,
:authorize_follow_request,
:reject_follow_request
]
)
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
plug(
OAuthScopesPlug,
%{scopes: ["write:mutes"]}
when action in [:mute_conversation, :unmute_conversation]
)
@rate_limited_relations_actions ~w(follow unfollow)a
@rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status

2
lib/pleroma/web/oauth/oauth_controller.ex
View file

@ -451,7 +451,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
defp validate_scopes(app, params) do
params
|> Scopes.fetch_scopes(app.scopes)
|> Scopes.validates(app.scopes)
|> Scopes.validate(app.scopes)
end
def default_redirect_uri(%App{} = app) do

14
lib/pleroma/web/oauth/scopes.ex
View file

@ -8,7 +8,7 @@ defmodule Pleroma.Web.OAuth.Scopes do
"""
@doc """
Fetch scopes from requiest params.
Fetch scopes from request params.
Note: `scopes` is used by Mastodon supporting it but sticking to
OAuth's standard `scope` wherever we control it
@ -53,14 +53,14 @@ defmodule Pleroma.Web.OAuth.Scopes do
@doc """
Validates scopes.
"""
@spec validates(list() | nil, list()) ::
@spec validate(list() | nil, list()) ::
{:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
def validates([], _app_scopes), do: {:error, :missing_scopes}
def validates(nil, _app_scopes), do: {:error, :missing_scopes}
def validate([], _app_scopes), do: {:error, :missing_scopes}
def validate(nil, _app_scopes), do: {:error, :missing_scopes}
def validates(scopes, app_scopes) do
case scopes -- app_scopes do
[] -> {:ok, scopes}
def validate(scopes, app_scopes) do
case Pleroma.Plugs.OAuthScopesPlug.filter_descendants(scopes, app_scopes) do
^scopes -> {:ok, scopes}
_ -> {:error, :unsupported_scopes}
end
end

14
lib/pleroma/web/router.ex
View file

@ -104,10 +104,6 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["write"]})
end
pipeline :oauth_follow do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]})
end
pipeline :oauth_push do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
end
@ -211,11 +207,7 @@ defmodule Pleroma.Web.Router do
post("/main/ostatus", UtilController, :remote_subscribe)
get("/ostatus_subscribe", UtilController, :remote_follow)
scope [] do
pipe_through(:oauth_follow)
post("/ostatus_subscribe", UtilController, :do_remote_follow)
end
post("/ostatus_subscribe", UtilController, :do_remote_follow)
end
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
@ -231,8 +223,6 @@ defmodule Pleroma.Web.Router do
end
scope [] do
pipe_through(:oauth_follow)
post("/blocks_import", UtilController, :blocks_import)
post("/follow_import", UtilController, :follow_import)
end
@ -373,8 +363,6 @@ defmodule Pleroma.Web.Router do
end
scope [] do
pipe_through(:oauth_follow)
post("/follows", MastodonAPIController, :follow)
post("/accounts/:id/follow", MastodonAPIController, :follow)

9
lib/pleroma/web/twitter_api/controllers/util_controller.ex
View file

@ -13,11 +13,20 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Healthcheck
alias Pleroma.Notification
alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
alias Pleroma.Web
alias Pleroma.Web.CommonAPI
alias Pleroma.Web.WebFinger
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]}
when action in [:do_remote_follow, :follow_import]
)
plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
def help_test(conn, _params) do