gotosocial/internal/processing/app.go

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package processing

import (
	"context"
	"fmt"
	"net/url"
	"strings"

	"github.com/google/uuid"
	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
	"github.com/superseriousbusiness/gotosocial/internal/id"
	"github.com/superseriousbusiness/gotosocial/internal/oauth"
)

func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
	// Set default 'read' for
	// scopes if it's not set.
	var scopes string
	if form.Scopes == "" {
		scopes = "read"
	} else {
		scopes = form.Scopes
	}

	// Normalize + parse requested redirect URIs.
	form.RedirectURIs = strings.TrimSpace(form.RedirectURIs)
	var redirectURIs []string
	if form.RedirectURIs != "" {
		// Redirect URIs can be just one value, or can be passed
		// as a newline-separated list of strings. Ensure each URI
		// is parseable + normalize it by reconstructing from *url.URL.
		for _, redirectStr := range strings.Split(form.RedirectURIs, "\n") {
			redirectURI, err := url.Parse(redirectStr)
			if err != nil {
				errText := fmt.Sprintf("error parsing redirect URI: %v", err)
				return nil, gtserror.NewErrorBadRequest(err, errText)
			}
			redirectURIs = append(redirectURIs, redirectURI.String())
		}
	} else {
		// No redirect URI(s) provided, just set default oob.
		redirectURIs = append(redirectURIs, oauth.OOBURI)
	}

	// Generate random client ID.
	clientID, err := id.NewRandomULID()
	if err != nil {
		return nil, gtserror.NewErrorInternalError(err)
	}

	// Generate + store app
	// to put in the database.
	app := &gtsmodel.Application{
		ID:           id.NewULID(),
		Name:         form.ClientName,
		Website:      form.Website,
		RedirectURIs: redirectURIs,
		ClientID:     clientID,
		ClientSecret: uuid.NewString(),
		Scopes:       scopes,
	}
	if err := p.state.DB.PutApplication(ctx, app); err != nil {
		return nil, gtserror.NewErrorInternalError(err)
	}

	apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)
	if err != nil {
		return nil, gtserror.NewErrorInternalError(err)
	}

	return apiApp, nil
}
[chore] Improve copyright header handling (#1608) * [chore] Remove years from all license headers Years or year ranges aren't required in license headers. Many projects have removed them in recent years and it avoids a bit of yearly toil. In many cases our copyright claim was also a bit dodgy since we added the 2021-2023 header to files created after 2021 but you can't claim copyright into the past that way. * [chore] Add license header check This ensures a license header is always added to any new file. This avoids maintainers/reviewers needing to remember to check for and ask for it in case a contribution doesn't include it. * [chore] Add missing license headers * [chore] Further updates to license header * Use the more common // indentend comment format * Remove the hack we had for the linter now that we use the // format * Add SPDX license identifier 2023-03-12 16:00:57 +01:00			`// GoToSocial`
			`// Copyright (C) GoToSocial Authors admin@gotosocial.org`
			`// SPDX-License-Identifier: AGPL-3.0-or-later`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
Refine statuses (#26) Remote media is now dereferenced and attached properly to incoming federated statuses. Mentions are now dereferenced and attached properly to incoming federated statuses. Small fixes to status visibility. Allow URL params for filtering statuses: // ExcludeRepliesKey is for specifying whether to exclude replies in a list of returned statuses by an account. // PinnedKey is for specifying whether to include pinned statuses in a list of returned statuses by an account. // MaxIDKey is for specifying the maximum ID of the status to retrieve. // MediaOnlyKey is for specifying that only statuses with media should be returned in a list of returned statuses by an account. Add endpoint for fetching an account's statuses. 2021-05-17 19:06:58 +02:00
Move a lot of stuff + tidy stuff (#37) Lots of renaming and moving stuff, some bug fixes, more lenient parsing of notifications and home timeline. 2021-05-30 13:12:00 +02:00			`package processing`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00
			`import (`
Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 15:34:33 +02:00			`"context"`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`"fmt"`
			`"net/url"`
			`"strings"`
Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 15:34:33 +02:00
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`"github.com/google/uuid"`
			`apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"`
[feature] Enforce OAuth token scopes (#3835) * move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error 2025-02-26 13:04:55 +01:00			`apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 20:38:03 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/gtserror"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/id"`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/oauth"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`)`

[feature] Enforce OAuth token scopes (#3835) * move tokenauth to apiutil * enforce scopes * docs * update test models, remove deprecated "follow" * file header * tests * tweak scope matcher * simplify... * fix tests * log user out of settings panel in case of oauth error 2025-02-26 13:04:55 +01:00			`func (p Processor) AppCreate(ctx context.Context, authed apiutil.Auth, form apimodel.ApplicationCreateRequest) (apimodel.Application, gtserror.WithCode) {`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`// Set default 'read' for`
			`// scopes if it's not set.`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`var scopes string`
			`if form.Scopes == "" {`
			`scopes = "read"`
			`} else {`
			`scopes = form.Scopes`
			`}`

[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`// Normalize + parse requested redirect URIs.`
			`form.RedirectURIs = strings.TrimSpace(form.RedirectURIs)`
			`var redirectURIs []string`
			`if form.RedirectURIs != "" {`
			`// Redirect URIs can be just one value, or can be passed`
			`// as a newline-separated list of strings. Ensure each URI`
			`// is parseable + normalize it by reconstructing from *url.URL.`
			`for _, redirectStr := range strings.Split(form.RedirectURIs, "\n") {`
			`redirectURI, err := url.Parse(redirectStr)`
			`if err != nil {`
			`errText := fmt.Sprintf("error parsing redirect URI: %v", err)`
			`return nil, gtserror.NewErrorBadRequest(err, errText)`
			`}`
			`redirectURIs = append(redirectURIs, redirectURI.String())`
			`}`
			`} else {`
			`// No redirect URI(s) provided, just set default oob.`
			`redirectURIs = append(redirectURIs, oauth.OOBURI)`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`}`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`// Generate random client ID.`
			`clientID, err := id.NewRandomULID()`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`if err != nil {`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 20:38:03 +02:00			`return nil, gtserror.NewErrorInternalError(err)`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`}`

[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`// Generate + store app`
			`// to put in the database.`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`app := &gtsmodel.Application{`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`ID: id.NewULID(),`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`Name: form.ClientName,`
			`Website: form.Website,`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`RedirectURIs: redirectURIs,`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`ClientID: clientID,`
[feature] Refactor tokens, allow multiple app redirect_uris 2025-03-02 16:46:44 +01:00			`ClientSecret: uuid.NewString(),`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`Scopes: scopes,`
			`}`
[performance] remove last of relational queries to instead rely on caches (#2091) 2023-08-10 16:08:41 +02:00			`if err := p.state.DB.PutApplication(ctx, app); err != nil {`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 20:38:03 +02:00			`return nil, gtserror.NewErrorInternalError(err)`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`}`

[chore] deinterface the typeutils.Converter and update to use state structure (#2217) * update typeconverter to use state structure * deinterface the typeutils.TypeConverter -> typeutils.Converter * finish copying over old type converter code comments * fix cherry-pick merge issues, fix tests pointing to old typeutils interface type still 2023-09-23 18:44:11 +02:00			`apiApp, err := p.converter.AppToAPIAppSensitive(ctx, app)`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`if err != nil {`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 20:38:03 +02:00			`return nil, gtserror.NewErrorInternalError(err)`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`}`

Refactor/tidy (#261) * tidy up streaming * cut down code duplication * test get followers/following * test streaming processor * fix some test models * add TimeMustParse * fix uri / url typo * make trace logging less verbose * make logging more consistent * disable quote on logging * remove context.Background * remove many extraneous mastodon references * regenerate swagger * don't log query on no rows result * log latency first for easier reading 2021-10-04 15:24:19 +02:00			`return apiApp, nil`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`}`