Make auth tokens usable once and expire them.

[akkoma] / lib / pleroma / web / oauth / token.ex

diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex
index da723d6d6597711731fff623a542be2c7bb3afe3..828a966fbe83955a052a4a7f65758c0584a04d02 100644 (file)
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@@ -2,7 +2,7 @@ defmodule Pleroma.Web.OAuth.Token do
   use Ecto.Schema
 
   alias Pleroma.{User, Repo}
-  alias Pleroma.Web.OAuth.{Token, App}
+  alias Pleroma.Web.OAuth.{Token, App, Authorization}
 
   schema "oauth_tokens" do
     field :token, :string
@@ -14,6 +14,13 @@ defmodule Pleroma.Web.OAuth.Token do
     timestamps()
   end
 
+  def exchange_token(app, auth) do
+    with {:ok, auth} <- Authorization.use_token(auth),
+         true <- auth.app_id == app.id do
+      create_token(app, Repo.get(User, auth.user_id))
+    end
+  end
+
   def create_token(%App{} = app, %User{} = user) do
     token = :crypto.strong_rand_bytes(32) |> Base.url_encode64
     refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64