git.squeep.com Git - akkoma/blob - lib/pleroma/web/oauth/token.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.OAuth.Token do
   6   use Ecto.Schema
   7
   8   import Ecto.Query
   9   import Ecto.Changeset
  10
  11   alias Pleroma.Repo
  12   alias Pleroma.User
  13   alias Pleroma.Web.OAuth.App
  14   alias Pleroma.Web.OAuth.Authorization
  15   alias Pleroma.Web.OAuth.Token
  16
  17   @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
  18   @type t :: %__MODULE__{}
  19
  20   schema "oauth_tokens" do
  21     field(:token, :string)
  22     field(:refresh_token, :string)
  23     field(:scopes, {:array, :string}, default: [])
  24     field(:valid_until, :naive_datetime_usec)
  25     belongs_to(:user, Pleroma.User, type: Pleroma.FlakeId)
  26     belongs_to(:app, App)
  27
  28     timestamps()
  29   end
  30
  31   @doc "Gets token for app by access token"
  32   @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  33   def get_by_token(%App{id: app_id} = _app, token) do
  34     from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token)
  35     |> Repo.find_resource()
  36   end
  37
  38   @doc "Gets token for app by refresh token"
  39   @spec get_by_refresh_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  40   def get_by_refresh_token(%App{id: app_id} = _app, token) do
  41     from(t in __MODULE__,
  42       where: t.app_id == ^app_id and t.refresh_token == ^token,
  43       preload: [:user]
  44     )
  45     |> Repo.find_resource()
  46   end
  47
  48   def exchange_token(app, auth) do
  49     with {:ok, auth} <- Authorization.use_token(auth),
  50          true <- auth.app_id == app.id do
  51       create_token(
  52         app,
  53         User.get_cached_by_id(auth.user_id),
  54         %{scopes: auth.scopes}
  55       )
  56     end
  57   end
  58
  59   defp put_token(changeset) do
  60     changeset
  61     |> change(%{token: Token.Utils.generate_token()})
  62     |> validate_required([:token])
  63     |> unique_constraint(:token)
  64   end
  65
  66   defp put_refresh_token(changeset, attrs) do
  67     refresh_token = Map.get(attrs, :refresh_token, Token.Utils.generate_token())
  68
  69     changeset
  70     |> change(%{refresh_token: refresh_token})
  71     |> validate_required([:refresh_token])
  72     |> unique_constraint(:refresh_token)
  73   end
  74
  75   defp put_valid_until(changeset, attrs) do
  76     expires_in =
  77       Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), @expires_in))
  78
  79     changeset
  80     |> change(%{valid_until: expires_in})
  81     |> validate_required([:valid_until])
  82   end
  83
  84   def create_token(%App{} = app, %User{} = user, attrs \\ %{}) do
  85     %__MODULE__{user_id: user.id, app_id: app.id}
  86     |> cast(%{scopes: attrs[:scopes] || app.scopes}, [:scopes])
  87     |> validate_required([:scopes, :user_id, :app_id])
  88     |> put_valid_until(attrs)
  89     |> put_token
  90     |> put_refresh_token(attrs)
  91     |> Repo.insert()
  92   end
  93
  94   def delete_user_tokens(%User{id: user_id}) do
  95     from(
  96       t in Token,
  97       where: t.user_id == ^user_id
  98     )
  99     |> Repo.delete_all()
 100   end
 101
 102   def delete_user_token(%User{id: user_id}, token_id) do
 103     from(
 104       t in Token,
 105       where: t.user_id == ^user_id,
 106       where: t.id == ^token_id
 107     )
 108     |> Repo.delete_all()
 109   end
 110
 111   def get_user_tokens(%User{id: user_id}) do
 112     from(
 113       t in Token,
 114       where: t.user_id == ^user_id
 115     )
 116     |> Repo.all()
 117     |> Repo.preload(:app)
 118   end
 119
 120   def is_expired?(%__MODULE__{valid_until: valid_until}) do
 121     NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0
 122   end
 123
 124   def is_expired?(_), do: false
 125 end