GET /api/v1/pleroma/apps endpoint See merge request pleroma/pleroma!3517merge-requests/3517/merge
@@ -6,6 +6,7 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do | |||
alias OpenApiSpex.Operation | |||
alias OpenApiSpex.Schema | |||
alias Pleroma.Web.ApiSpec.Helpers | |||
alias Pleroma.Web.ApiSpec.Schemas.App | |||
@spec open_api_operation(atom) :: Operation.t() | |||
def open_api_operation(action) do | |||
@@ -22,7 +23,7 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do | |||
operationId: "AppController.create", | |||
requestBody: Helpers.request_body("Parameters", create_request(), required: true), | |||
responses: %{ | |||
200 => Operation.response("App", "application/json", create_response()), | |||
200 => Operation.response("App", "application/json", App), | |||
422 => | |||
Operation.response( | |||
"Unprocessable Entity", | |||
@@ -119,30 +120,4 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do | |||
} | |||
} | |||
end | |||
defp create_response do | |||
%Schema{ | |||
title: "AppCreateResponse", | |||
description: "Response schema for an app", | |||
type: :object, | |||
properties: %{ | |||
id: %Schema{type: :string}, | |||
name: %Schema{type: :string}, | |||
client_id: %Schema{type: :string}, | |||
client_secret: %Schema{type: :string}, | |||
redirect_uri: %Schema{type: :string}, | |||
vapid_key: %Schema{type: :string}, | |||
website: %Schema{type: :string, nullable: true} | |||
}, | |||
example: %{ | |||
"id" => "123", | |||
"name" => "My App", | |||
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM", | |||
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw", | |||
"vapid_key" => | |||
"BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=", | |||
"website" => "https://myapp.com/" | |||
} | |||
} | |||
end | |||
end |
@@ -0,0 +1,31 @@ | |||
# Pleroma: A lightweight social networking server | |||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> | |||
# SPDX-License-Identifier: AGPL-3.0-only | |||
defmodule Pleroma.Web.ApiSpec.PleromaAppOperation do | |||
alias OpenApiSpex.Operation | |||
alias OpenApiSpex.Schema | |||
alias Pleroma.Web.ApiSpec.Schemas.App | |||
def open_api_operation(action) do | |||
operation = String.to_existing_atom("#{action}_operation") | |||
apply(__MODULE__, operation, []) | |||
end | |||
@spec index_operation() :: Operation.t() | |||
def index_operation do | |||
%Operation{ | |||
tags: ["Applications"], | |||
summary: "List applications", | |||
description: "List the OAuth applications for the current user", | |||
operationId: "AppController.index", | |||
responses: %{ | |||
200 => Operation.response("Array of App", "application/json", array_of_apps()) | |||
} | |||
} | |||
end | |||
defp array_of_apps do | |||
%Schema{type: :array, items: App, example: [App.schema().example]} | |||
end | |||
end |
@@ -0,0 +1,33 @@ | |||
# Pleroma: A lightweight social networking server | |||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> | |||
# SPDX-License-Identifier: AGPL-3.0-only | |||
defmodule Pleroma.Web.ApiSpec.Schemas.App do | |||
alias OpenApiSpex.Schema | |||
require OpenApiSpex | |||
OpenApiSpex.schema(%{ | |||
title: "App", | |||
description: "Response schema for an app", | |||
type: :object, | |||
properties: %{ | |||
id: %Schema{type: :string}, | |||
name: %Schema{type: :string}, | |||
client_id: %Schema{type: :string}, | |||
client_secret: %Schema{type: :string}, | |||
redirect_uri: %Schema{type: :string}, | |||
vapid_key: %Schema{type: :string}, | |||
website: %Schema{type: :string, nullable: true} | |||
}, | |||
example: %{ | |||
"id" => "123", | |||
"name" => "My App", | |||
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM", | |||
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw", | |||
"vapid_key" => | |||
"BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=", | |||
"website" => "https://myapp.com/" | |||
} | |||
}) | |||
end |
@@ -10,11 +10,15 @@ defmodule Pleroma.Web.MastodonAPI.AppController do | |||
use Pleroma.Web, :controller | |||
alias Pleroma.Maps | |||
alias Pleroma.Repo | |||
alias Pleroma.User | |||
alias Pleroma.Web.OAuth.App | |||
alias Pleroma.Web.OAuth.Scopes | |||
alias Pleroma.Web.OAuth.Token | |||
require Logger | |||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) | |||
plug(:skip_auth when action in [:create, :verify_credentials]) | |||
@@ -24,13 +28,21 @@ defmodule Pleroma.Web.MastodonAPI.AppController do | |||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AppOperation | |||
@doc "POST /api/v1/apps" | |||
def create(%{body_params: params} = conn, _params) do | |||
def create(%{assigns: %{user: user}, body_params: params} = conn, _params) do | |||
scopes = Scopes.fetch_scopes(params, ["read"]) | |||
user_id = | |||
with %User{id: id} <- user do | |||
id | |||
else | |||
_ -> nil | |||
end | |||
app_attrs = | |||
params | |||
|> Map.take([:client_name, :redirect_uris, :website]) | |||
|> Map.put(:scopes, scopes) | |||
|> Maps.put_if_present(:user_id, user_id) | |||
with cs <- App.register_changeset(%App{}, app_attrs), | |||
{:ok, app} <- Repo.insert(cs) do | |||
@@ -7,6 +7,7 @@ defmodule Pleroma.Web.OAuth.App do | |||
import Ecto.Changeset | |||
import Ecto.Query | |||
alias Pleroma.Repo | |||
alias Pleroma.User | |||
@type t :: %__MODULE__{} | |||
@@ -19,6 +20,8 @@ defmodule Pleroma.Web.OAuth.App do | |||
field(:client_secret, :string) | |||
field(:trusted, :boolean, default: false) | |||
belongs_to(:user, User, type: FlakeId.Ecto.CompatType) | |||
has_many(:oauth_authorizations, Pleroma.Web.OAuth.Authorization, on_delete: :delete_all) | |||
has_many(:oauth_tokens, Pleroma.Web.OAuth.Token, on_delete: :delete_all) | |||
@@ -27,7 +30,7 @@ defmodule Pleroma.Web.OAuth.App do | |||
@spec changeset(t(), map()) :: Ecto.Changeset.t() | |||
def changeset(struct, params) do | |||
cast(struct, params, [:client_name, :redirect_uris, :scopes, :website, :trusted]) | |||
cast(struct, params, [:client_name, :redirect_uris, :scopes, :website, :trusted, :user_id]) | |||
end | |||
@spec register_changeset(t(), map()) :: Ecto.Changeset.t() | |||
@@ -129,6 +132,12 @@ defmodule Pleroma.Web.OAuth.App do | |||
{:ok, Repo.all(query), count} | |||
end | |||
@spec get_user_apps(User.t()) :: {:ok, [t()], non_neg_integer()} | |||
def get_user_apps(%User{id: user_id}) do | |||
from(a in __MODULE__, where: a.user_id == ^user_id) | |||
|> Repo.all() | |||
end | |||
@spec destroy(pos_integer()) :: {:ok, t()} | {:error, Ecto.Changeset.t()} | |||
def destroy(id) do | |||
with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do | |||
@@ -0,0 +1,23 @@ | |||
# Pleroma: A lightweight social networking server | |||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> | |||
# SPDX-License-Identifier: AGPL-3.0-only | |||
defmodule Pleroma.Web.PleromaAPI.AppController do | |||
use Pleroma.Web, :controller | |||
alias Pleroma.Web.OAuth.App | |||
alias Pleroma.Web.Plugs.OAuthScopesPlug | |||
plug(OAuthScopesPlug, %{scopes: ["follow", "read"]} when action in [:index]) | |||
plug(Pleroma.Web.ApiSpec.CastAndValidate) | |||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaAppOperation | |||
@doc "GET /api/v1/pleroma/apps" | |||
def index(%{assigns: %{user: user}} = conn, _params) do | |||
with apps <- App.get_user_apps(user) do | |||
render(conn, "index.json", %{apps: apps}) | |||
end | |||
end | |||
end |
@@ -0,0 +1,11 @@ | |||
# Pleroma: A lightweight social networking server | |||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> | |||
# SPDX-License-Identifier: AGPL-3.0-only | |||
defmodule Pleroma.Web.PleromaAPI.AppView do | |||
use Pleroma.Web, :view | |||
def render("index.json", %{apps: apps}) do | |||
render_many(apps, Pleroma.Web.MastodonAPI.AppView, "show.json") | |||
end | |||
end |
@@ -366,6 +366,7 @@ defmodule Pleroma.Web.Router do | |||
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do | |||
pipe_through(:api) | |||
get("/apps", AppController, :index) | |||
get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index) | |||
get("/statuses/:id/reactions", EmojiReactionController, :index) | |||
end | |||
@@ -0,0 +1,9 @@ | |||
defmodule Pleroma.Repo.Migrations.AddUserIdToApps do | |||
use Ecto.Migration | |||
def change do | |||
alter table(:apps) do | |||
add(:user_id, references(:users, type: :uuid, on_delete: :delete_all)) | |||
end | |||
end | |||
end |
@@ -0,0 +1,53 @@ | |||
# Pleroma: A lightweight social networking server | |||
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> | |||
# SPDX-License-Identifier: AGPL-3.0-only | |||
defmodule Pleroma.Web.PleromaAPI.AppControllerTest do | |||
use Pleroma.Web.ConnCase, async: true | |||
alias Pleroma.Web.OAuth.App | |||
alias Pleroma.Web.Push | |||
import Pleroma.Factory | |||
test "apps", %{conn: conn} do | |||
user = insert(:user) | |||
app_attrs = build(:oauth_app) | |||
creation = | |||
conn | |||
|> put_req_header("content-type", "application/json") | |||
|> assign(:user, user) | |||
|> post("/api/v1/apps", %{ | |||
client_name: app_attrs.client_name, | |||
redirect_uris: app_attrs.redirect_uris | |||
}) | |||
[app] = App.get_user_apps(user) | |||
expected = %{ | |||
"name" => app.client_name, | |||
"website" => app.website, | |||
"client_id" => app.client_id, | |||
"client_secret" => app.client_secret, | |||
"id" => app.id |> to_string(), | |||
"redirect_uri" => app.redirect_uris, | |||
"vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) | |||
} | |||
assert expected == json_response_and_validate_schema(creation, 200) | |||
response = | |||
conn | |||
|> put_req_header("content-type", "application/json") | |||
|> assign(:user, user) | |||
|> assign(:token, insert(:oauth_token, user: user, scopes: ["read", "follow"])) | |||
|> get("/api/v1/pleroma/apps") | |||
|> json_response_and_validate_schema(200) | |||
[apps] = response | |||
assert length(response) == 1 | |||
assert apps["client_id"] == app.client_id | |||
end | |||
end |