git.squeep.com Git - akkoma/blob - lib/pleroma/web/o_auth/authorization.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.OAuth.Authorization do
   6   use Ecto.Schema
   7
   8   alias Pleroma.Repo
   9   alias Pleroma.User
  10   alias Pleroma.Web.OAuth.App
  11   alias Pleroma.Web.OAuth.Authorization
  12   alias Pleroma.Web.OAuth.Token
  13
  14   import Ecto.Changeset
  15   import Ecto.Query
  16
  17   @type t :: %__MODULE__{}
  18
  19   schema "oauth_authorizations" do
  20     field(:token, :string)
  21     field(:scopes, {:array, :string}, default: [])
  22     field(:valid_until, :naive_datetime_usec)
  23     field(:used, :boolean, default: false)
  24     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
  25     belongs_to(:app, App)
  26
  27     timestamps()
  28   end
  29
  30   @spec create_authorization(App.t(), User.t() | %{}, [String.t()] | nil) ::
  31           {:ok, Authorization.t()} | {:error, Changeset.t()}
  32   def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do
  33     %{
  34       scopes: scopes || app.scopes,
  35       user_id: user.id,
  36       app_id: app.id
  37     }
  38     |> create_changeset()
  39     |> Repo.insert()
  40   end
  41
  42   @spec create_changeset(map()) :: Changeset.t()
  43   def create_changeset(attrs \\ %{}) do
  44     %Authorization{}
  45     |> cast(attrs, [:user_id, :app_id, :scopes, :valid_until])
  46     |> validate_required([:app_id, :scopes])
  47     |> add_token()
  48     |> add_lifetime()
  49   end
  50
  51   defp add_token(changeset) do
  52     token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
  53     put_change(changeset, :token, token)
  54   end
  55
  56   defp add_lifetime(changeset) do
  57     lifespan = Token.lifespan()
  58     put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
  59   end
  60
  61   @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
  62   def use_changeset(%Authorization{} = auth, params) do
  63     auth
  64     |> cast(params, [:used])
  65     |> validate_required([:used])
  66   end
  67
  68   @spec use_token(Authorization.t()) ::
  69           {:ok, Authorization.t()} | {:error, Changeset.t()} | {:error, String.t()}
  70   def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
  71     if NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) < 0 do
  72       Repo.update(use_changeset(auth, %{used: true}))
  73     else
  74       {:error, "token expired"}
  75     end
  76   end
  77
  78   def use_token(%Authorization{used: true}), do: {:error, "already used"}
  79
  80   @spec delete_user_authorizations(User.t()) :: {integer(), any()}
  81   def delete_user_authorizations(%User{} = user) do
  82     user
  83     |> delete_by_user_query
  84     |> Repo.delete_all()
  85   end
  86
  87   def delete_by_user_query(%User{id: user_id}) do
  88     from(a in __MODULE__, where: a.user_id == ^user_id)
  89   end
  90
  91   @doc "gets auth for app by token"
  92   @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  93   def get_by_token(%App{id: app_id} = _app, token) do
  94     from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token)
  95     |> Repo.find_resource()
  96   end
  97 end