git.squeep.com Git - akkoma/blob - lib/pleroma/web/o_auth/authorization.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.OAuth.Authorization do
   6   use Ecto.Schema
   7
   8   alias Pleroma.Repo
   9   alias Pleroma.User
  10   alias Pleroma.Web.OAuth.App
  11   alias Pleroma.Web.OAuth.Authorization
  12
  13   import Ecto.Changeset
  14   import Ecto.Query
  15
  16   @type t :: %__MODULE__{}
  17
  18   schema "oauth_authorizations" do
  19     field(:token, :string)
  20     field(:scopes, {:array, :string}, default: [])
  21     field(:valid_until, :naive_datetime_usec)
  22     field(:used, :boolean, default: false)
  23     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
  24     belongs_to(:app, App)
  25
  26     timestamps()
  27   end
  28
  29   @spec create_authorization(App.t(), User.t() | %{}, [String.t()] | nil) ::
  30           {:ok, Authorization.t()} | {:error, Changeset.t()}
  31   def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do
  32     %{
  33       scopes: scopes || app.scopes,
  34       user_id: user.id,
  35       app_id: app.id
  36     }
  37     |> create_changeset()
  38     |> Repo.insert()
  39   end
  40
  41   @spec create_changeset(map()) :: Changeset.t()
  42   def create_changeset(attrs \\ %{}) do
  43     %Authorization{}
  44     |> cast(attrs, [:user_id, :app_id, :scopes, :valid_until])
  45     |> validate_required([:app_id, :scopes])
  46     |> add_token()
  47     |> add_lifetime()
  48   end
  49
  50   defp add_token(changeset) do
  51     token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
  52     put_change(changeset, :token, token)
  53   end
  54
  55   defp add_lifetime(changeset) do
  56     put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
  57   end
  58
  59   @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
  60   def use_changeset(%Authorization{} = auth, params) do
  61     auth
  62     |> cast(params, [:used])
  63     |> validate_required([:used])
  64   end
  65
  66   @spec use_token(Authorization.t()) ::
  67           {:ok, Authorization.t()} | {:error, Changeset.t()} | {:error, String.t()}
  68   def use_token(%Authorization{used: false, valid_until: valid_until} = auth) do
  69     if NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) < 0 do
  70       Repo.update(use_changeset(auth, %{used: true}))
  71     else
  72       {:error, "token expired"}
  73     end
  74   end
  75
  76   def use_token(%Authorization{used: true}), do: {:error, "already used"}
  77
  78   @spec delete_user_authorizations(User.t()) :: {integer(), any()}
  79   def delete_user_authorizations(%User{} = user) do
  80     user
  81     |> delete_by_user_query
  82     |> Repo.delete_all()
  83   end
  84
  85   def delete_by_user_query(%User{id: user_id}) do
  86     from(a in __MODULE__, where: a.user_id == ^user_id)
  87   end
  88
  89   @doc "gets auth for app by token"
  90   @spec get_by_token(App.t(), String.t()) :: {:ok, t()} | {:error, :not_found}
  91   def get_by_token(%App{id: app_id} = _app, token) do
  92     from(t in __MODULE__, where: t.app_id == ^app_id and t.token == ^token)
  93     |> Repo.find_resource()
  94   end
  95 end