snac2/mastoapi.c

/* snac - A simple, minimalistic ActivityPub instance */
/* copyright (c) 2022 - 2023 grunfink / MIT license */

#include "xs.h"
#include "xs_encdec.h"
#include "xs_json.h"
#include "xs_time.h"

#include "snac.h"

static xs_str *random_str(void)
/* just what is says in the tin */
{
    unsigned int data[4] = {0};
    FILE *f;

    if ((f = fopen("/dev/random", "r")) != NULL) {
        fread(data, sizeof(data), 1, f);
        fclose(f);
    }
    else {
        data[0] = random() % 0xffffffff;
        data[1] = random() % 0xffffffff;
        data[2] = random() % 0xffffffff;
        data[3] = random() % 0xffffffff;
    }

    return xs_hex_enc((char *)data, sizeof(data));
}


const char *login_page = ""
"<!DOCTYPE html>\n"
"<body><h1>%s identify</h1>\n"
"<form method=\"post\" action=\"https:/" "/%s/oauth/x-snac-login\">\n"
"<p>Login: <input type=\"text\" name=\"login\"></p>\n"
"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
"</form><p>%s</p></body>\n"
"";

int oauth_get_handler(const xs_dict *req, const char *q_path,
                      char **body, int *b_size, char **ctype)
{
    if (!xs_startswith(q_path, "/oauth/"))
        return 0;

    {
        xs *j = xs_json_dumps_pp(req, 4);
        printf("oauth:\n%s\n", j);
    }

    int status   = 404;
    xs_dict *msg = xs_dict_get(req, "q_vars");
    xs *cmd      = xs_replace(q_path, "/oauth", "");

    if (strcmp(cmd, "/authorize") == 0) {
        const char *cid   = xs_dict_get(msg, "client_id");
        const char *ruri  = xs_dict_get(msg, "redirect_uri");
        const char *rtype = xs_dict_get(msg, "response_type");
        const char *scope = xs_dict_get(msg, "scope");

        if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
            const char *host = xs_dict_get(srv_config, "host");

            *body  = xs_fmt(login_page, host, host, ruri, USER_AGENT);
            *ctype = "text/html";
            status = 200;
        }
        else
            status = 400;
    }

    return status;
}


int oauth_post_handler(const xs_dict *req, const char *q_path,
                      const char *payload, int p_size,
                      char **body, int *b_size, char **ctype)
{
    if (!xs_startswith(q_path, "/oauth/"))
        return 0;

    int status   = 404;
    xs_dict *msg = xs_dict_get(req, "p_vars");
    xs *cmd      = xs_replace(q_path, "/oauth", "");

    printf("oauth: %s\n", q_path);

    if (strcmp(cmd, "/token") == 0) {
        const char *gtype = xs_dict_get(msg, "grant_type");
        const char *code  = xs_dict_get(msg, "code");
        const char *cid   = xs_dict_get(msg, "client_id");
        const char *csec  = xs_dict_get(msg, "client_secret");
        const char *ruri  = xs_dict_get(msg, "redirect_uri");
        const char *scope = xs_dict_get(msg, "scope");

        if (gtype && code && cid && csec && ruri) {
            xs *rsp   = xs_dict_new();
            xs *cat   = xs_number_new(time(NULL));
            xs *token = random_str();

            rsp = xs_dict_append(rsp, "access_token", token);
            rsp = xs_dict_append(rsp, "token_type",   "Bearer");
            rsp = xs_dict_append(rsp, "scope",        scope);
            rsp = xs_dict_append(rsp, "created_at",   cat);

            *body  = xs_json_dumps_pp(rsp, 4);
            *ctype = "application/json";
            status = 200;
        }
        else
            status = 400;
    }
    else
    if (strcmp(cmd, "/revoke") == 0) {
        const char *cid   = xs_dict_get(msg, "client_id");
        const char *csec  = xs_dict_get(msg, "client_secret");
        const char *token = xs_dict_get(msg, "token");

        if (cid && csec && token) {
            *body  = xs_str_new("{}");
            *ctype = "application/json";
            status = 200;
        }
        else
            status = 400;
    }

    return status;
}


int mastoapi_post_handler(const xs_dict *req, const char *q_path,
                      const char *payload, int p_size,
                      char **body, int *b_size, char **ctype)
{
    if (!xs_startswith(q_path, "/api/v1/"))
        return 0;

    int status    = 404;
    xs *msg       = NULL;
    char *i_ctype = xs_dict_get(req, "content-type");

    if (xs_startswith(i_ctype, "application/json"))
        msg = xs_json_loads(payload);
    else
        msg = xs_dup(xs_dict_get(req, "p_vars"));

    if (msg == NULL)
        return 400;

    {
        xs *j = xs_json_dumps_pp(req, 4);
        printf("%s\n", j);
    }
    {
        xs *j = xs_json_dumps_pp(msg, 4);
        printf("%s\n", j);
    }

    xs *cmd = xs_replace(q_path, "/api/v1", "");

    if (strcmp(cmd, "/apps") == 0) {
        const char *name = xs_dict_get(msg, "client_name");
        const char *ruri = xs_dict_get(msg, "redirect_uris");

        if (name && ruri) {
            xs *app  = xs_dict_new();
            xs *id   = xs_replace_i(tid(0), ".", "");
            xs *cid  = random_str();
            xs *csec = random_str();
            xs *vkey = random_str();

            app = xs_dict_append(app, "name",          name);
            app = xs_dict_append(app, "redirect_uri",  ruri);
            app = xs_dict_append(app, "client_id",     cid);
            app = xs_dict_append(app, "client_secret", csec);
            app = xs_dict_append(app, "vapid_key",     vkey);
            app = xs_dict_append(app, "id",            id);

            *body  = xs_json_dumps_pp(app, 4);
            *ctype = "application/json";
            status = 200;
        }
    }

    return status;
}
New file mastoapi.c. 2023-04-08 07:09:05 +03:00			`/* snac - A simple, minimalistic ActivityPub instance */`
			`/* copyright (c) 2022 - 2023 grunfink / MIT license */`

			`#include "xs.h"`
			`#include "xs_encdec.h"`
			`#include "xs_json.h"`
			`#include "xs_time.h"`

			`#include "snac.h"`

More mastoapi work. 2023-04-08 10:09:43 +03:00			`static xs_str *random_str(void)`
			`/* just what is says in the tin */`
			`{`
			`unsigned int data[4] = {0};`
			`FILE *f;`

			`if ((f = fopen("/dev/random", "r")) != NULL) {`
			`fread(data, sizeof(data), 1, f);`
			`fclose(f);`
			`}`
			`else {`
			`data[0] = random() % 0xffffffff;`
			`data[1] = random() % 0xffffffff;`
			`data[2] = random() % 0xffffffff;`
			`data[3] = random() % 0xffffffff;`
			`}`

			`return xs_hex_enc((char *)data, sizeof(data));`
			`}`


The /oauth/authorize URL generates a login page. 2023-04-08 10:27:22 +03:00			`const char *login_page = ""`
			`"<!DOCTYPE html>\n"`
			`"<body><h1>%s identify</h1>\n"`
			`"<form method=\"post\" action=\"https:/" "/%s/oauth/x-snac-login\">\n"`
			`"<p>Login: <input type=\"text\" name=\"login\"></p>\n"`
			`"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"`
			`"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"`
			`"</form><p>%s</p></body>\n"`
			`"";`

More mastoapi work. 2023-04-08 10:09:43 +03:00			`int oauth_get_handler(const xs_dict req, const char q_path,`
New file mastoapi.c. 2023-04-08 07:09:05 +03:00			`char *body, int b_size, char **ctype)`
			`{`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`if (!xs_startswith(q_path, "/oauth/"))`
			`return 0;`

More mastoapi work. 2023-04-08 10:09:43 +03:00			`{`
			`xs *j = xs_json_dumps_pp(req, 4);`
			`printf("oauth:\n%s\n", j);`
			`}`

Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`int status = 404;`
More mastoapi work. 2023-04-08 10:09:43 +03:00			`xs_dict *msg = xs_dict_get(req, "q_vars");`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`xs *cmd = xs_replace(q_path, "/oauth", "");`

			`if (strcmp(cmd, "/authorize") == 0) {`
			`const char *cid = xs_dict_get(msg, "client_id");`
			`const char *ruri = xs_dict_get(msg, "redirect_uri");`
			`const char *rtype = xs_dict_get(msg, "response_type");`
			`const char *scope = xs_dict_get(msg, "scope");`

			`if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {`
The /oauth/authorize URL generates a login page. 2023-04-08 10:27:22 +03:00			`const char *host = xs_dict_get(srv_config, "host");`

			`*body = xs_fmt(login_page, host, host, ruri, USER_AGENT);`
			`*ctype = "text/html";`
			`status = 200;`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`}`
			`else`
			`status = 400;`
			`}`
More mastoapi work. 2023-04-08 10:09:43 +03:00
			`return status;`
			`}`


			`int oauth_post_handler(const xs_dict req, const char q_path,`
			`const char *payload, int p_size,`
			`char *body, int b_size, char **ctype)`
			`{`
			`if (!xs_startswith(q_path, "/oauth/"))`
			`return 0;`

			`int status = 404;`
			`xs_dict *msg = xs_dict_get(req, "p_vars");`
			`xs *cmd = xs_replace(q_path, "/oauth", "");`

			`printf("oauth: %s\n", q_path);`

Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`if (strcmp(cmd, "/token") == 0) {`
			`const char *gtype = xs_dict_get(msg, "grant_type");`
			`const char *code = xs_dict_get(msg, "code");`
			`const char *cid = xs_dict_get(msg, "client_id");`
			`const char *csec = xs_dict_get(msg, "client_secret");`
			`const char *ruri = xs_dict_get(msg, "redirect_uri");`
			`const char *scope = xs_dict_get(msg, "scope");`

			`if (gtype && code && cid && csec && ruri) {`
More mastoapi work. 2023-04-08 10:09:43 +03:00			`xs *rsp = xs_dict_new();`
			`xs *cat = xs_number_new(time(NULL));`
			`xs *token = random_str();`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00
More mastoapi work. 2023-04-08 10:09:43 +03:00			`rsp = xs_dict_append(rsp, "access_token", token);`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`rsp = xs_dict_append(rsp, "token_type", "Bearer");`
			`rsp = xs_dict_append(rsp, "scope", scope);`
			`rsp = xs_dict_append(rsp, "created_at", cat);`

			`*body = xs_json_dumps_pp(rsp, 4);`
			`*ctype = "application/json";`
			`status = 200;`
			`}`
			`else`
			`status = 400;`
			`}`
			`else`
			`if (strcmp(cmd, "/revoke") == 0) {`
More mastoapi work. 2023-04-08 10:09:43 +03:00			`const char *cid = xs_dict_get(msg, "client_id");`
			`const char *csec = xs_dict_get(msg, "client_secret");`
			`const char *token = xs_dict_get(msg, "token");`

			`if (cid && csec && token) {`
			`*body = xs_str_new("{}");`
			`*ctype = "application/json";`
			`status = 200;`
			`}`
			`else`
			`status = 400;`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`}`

			`return status;`
			`}`

New file mastoapi.c. 2023-04-08 07:09:05 +03:00
More mastoapi work. 2023-04-08 10:09:43 +03:00			`int mastoapi_post_handler(const xs_dict req, const char q_path,`
			`const char *payload, int p_size,`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`char *body, int b_size, char **ctype)`
			`{`
New file mastoapi.c. 2023-04-08 07:09:05 +03:00			`if (!xs_startswith(q_path, "/api/v1/"))`
			`return 0;`

Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00			`int status = 404;`
			`xs *msg = NULL;`
			`char *i_ctype = xs_dict_get(req, "content-type");`

			`if (xs_startswith(i_ctype, "application/json"))`
			`msg = xs_json_loads(payload);`
			`else`
			`msg = xs_dup(xs_dict_get(req, "p_vars"));`

			`if (msg == NULL)`
			`return 400;`

			`{`
			`xs *j = xs_json_dumps_pp(req, 4);`
			`printf("%s\n", j);`
			`}`
			`{`
			`xs *j = xs_json_dumps_pp(msg, 4);`
			`printf("%s\n", j);`
			`}`

			`xs *cmd = xs_replace(q_path, "/api/v1", "");`

			`if (strcmp(cmd, "/apps") == 0) {`
			`const char *name = xs_dict_get(msg, "client_name");`
			`const char *ruri = xs_dict_get(msg, "redirect_uris");`

			`if (name && ruri) {`
More mastoapi work. 2023-04-08 10:09:43 +03:00			`xs *app = xs_dict_new();`
			`xs *id = xs_replace_i(tid(0), ".", "");`
			`xs *cid = random_str();`
			`xs *csec = random_str();`
			`xs *vkey = random_str();`

			`app = xs_dict_append(app, "name", name);`
			`app = xs_dict_append(app, "redirect_uri", ruri);`
			`app = xs_dict_append(app, "client_id", cid);`
			`app = xs_dict_append(app, "client_secret", csec);`
			`app = xs_dict_append(app, "vapid_key", vkey);`
			`app = xs_dict_append(app, "id", id);`
Added some OAuth scaffold code. 2023-04-08 08:04:40 +03:00
			`*body = xs_json_dumps_pp(app, 4);`
			`*ctype = "application/json";`
			`status = 200;`
			`}`
			`}`
New file mastoapi.c. 2023-04-08 07:09:05 +03:00
			`return status;`
			`}`