mirror of
https://codeberg.org/superseriousbusiness/gotosocial.git
synced 2024-12-21 08:31:53 +03:00
fc3741365c
* Add Swagger spec test script * Fix Swagger spec errors not related to statuses with polls * Add API tests that post a status with a poll * Fix creating a status with a poll from form params * Fix Swagger spec errors related to statuses with polls (this is the last error) * Fix Swagger spec warnings not related to unused definitions * Suppress a duplicate list update params definition that was somehow causing wrong param names * Add Swagger test to CI - updates Drone config - vendorizes go-swagger - fixes a file extension issue that caused the test script to generate JSON instead of YAML with the vendorized version * Put `Sample: ` on its own line everywhere * Remove unused id param from emojiCategoriesGet * Add 5 more pairs of profile fields to account update API Swagger * Remove Swagger prefix from dummy fields It makes the generated code look weird * Manually annotate params for statusCreate operation * Fix all remaining Swagger spec warnings - Change some models into operation parameters - Ignore models that already correspond to manually documented operation parameters but can't be trivially changed (those with file fields) * Documented that creating a status with scheduled_at isn't implemented yet * sign drone.yml * Fix filter API Swagger errors * fixup! Fix filter API Swagger errors --------- Co-authored-by: tobi <tobi.smethurst@protonmail.com>
122 lines
3.5 KiB
Go
122 lines
3.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"net/http"
|
|
"path"
|
|
"text/template"
|
|
)
|
|
|
|
func SwaggerUIOAuth2Callback(opts SwaggerUIOpts, next http.Handler) http.Handler {
|
|
opts.EnsureDefaults()
|
|
|
|
pth := opts.OAuthCallbackURL
|
|
tmpl := template.Must(template.New("swaggeroauth").Parse(swaggerOAuthTemplate))
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
_ = tmpl.Execute(buf, &opts)
|
|
b := buf.Bytes()
|
|
|
|
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
if path.Join(r.URL.Path) == pth {
|
|
rw.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
rw.WriteHeader(http.StatusOK)
|
|
|
|
_, _ = rw.Write(b)
|
|
return
|
|
}
|
|
|
|
if next == nil {
|
|
rw.Header().Set("Content-Type", "text/plain")
|
|
rw.WriteHeader(http.StatusNotFound)
|
|
_, _ = rw.Write([]byte(fmt.Sprintf("%q not found", pth)))
|
|
return
|
|
}
|
|
next.ServeHTTP(rw, r)
|
|
})
|
|
}
|
|
|
|
const (
|
|
swaggerOAuthTemplate = `
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<title>{{ .Title }}</title>
|
|
</head>
|
|
<body>
|
|
<script>
|
|
'use strict';
|
|
function run () {
|
|
var oauth2 = window.opener.swaggerUIRedirectOauth2;
|
|
var sentState = oauth2.state;
|
|
var redirectUrl = oauth2.redirectUrl;
|
|
var isValid, qp, arr;
|
|
|
|
if (/code|token|error/.test(window.location.hash)) {
|
|
qp = window.location.hash.substring(1).replace('?', '&');
|
|
} else {
|
|
qp = location.search.substring(1);
|
|
}
|
|
|
|
arr = qp.split("&");
|
|
arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
|
|
qp = qp ? JSON.parse('{' + arr.join() + '}',
|
|
function (key, value) {
|
|
return key === "" ? value : decodeURIComponent(value);
|
|
}
|
|
) : {};
|
|
|
|
isValid = qp.state === sentState;
|
|
|
|
if ((
|
|
oauth2.auth.schema.get("flow") === "accessCode" ||
|
|
oauth2.auth.schema.get("flow") === "authorizationCode" ||
|
|
oauth2.auth.schema.get("flow") === "authorization_code"
|
|
) && !oauth2.auth.code) {
|
|
if (!isValid) {
|
|
oauth2.errCb({
|
|
authId: oauth2.auth.name,
|
|
source: "auth",
|
|
level: "warning",
|
|
message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
|
|
});
|
|
}
|
|
|
|
if (qp.code) {
|
|
delete oauth2.state;
|
|
oauth2.auth.code = qp.code;
|
|
oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
|
|
} else {
|
|
let oauthErrorMsg;
|
|
if (qp.error) {
|
|
oauthErrorMsg = "["+qp.error+"]: " +
|
|
(qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
|
|
(qp.error_uri ? "More info: "+qp.error_uri : "");
|
|
}
|
|
|
|
oauth2.errCb({
|
|
authId: oauth2.auth.name,
|
|
source: "auth",
|
|
level: "error",
|
|
message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
|
|
});
|
|
}
|
|
} else {
|
|
oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
|
|
}
|
|
window.close();
|
|
}
|
|
|
|
if (document.readyState !== 'loading') {
|
|
run();
|
|
} else {
|
|
document.addEventListener('DOMContentLoaded', function () {
|
|
run();
|
|
});
|
|
}
|
|
</script>
|
|
</body>
|
|
</html>
|
|
`
|
|
)
|