Merge branch 'apps-api-endpoint' into 'develop'

Apps API endpoint

See merge request pleroma/pleroma!3583
This commit is contained in:
Alex Gleason 2021-12-28 14:38:02 +00:00
commit de7f84deb3
13 changed files with 243 additions and 28 deletions

View File

@ -6,6 +6,7 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do
alias OpenApiSpex.Operation alias OpenApiSpex.Operation
alias OpenApiSpex.Schema alias OpenApiSpex.Schema
alias Pleroma.Web.ApiSpec.Helpers alias Pleroma.Web.ApiSpec.Helpers
alias Pleroma.Web.ApiSpec.Schemas.App
@spec open_api_operation(atom) :: Operation.t() @spec open_api_operation(atom) :: Operation.t()
def open_api_operation(action) do def open_api_operation(action) do
@ -22,7 +23,7 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do
operationId: "AppController.create", operationId: "AppController.create",
requestBody: Helpers.request_body("Parameters", create_request(), required: true), requestBody: Helpers.request_body("Parameters", create_request(), required: true),
responses: %{ responses: %{
200 => Operation.response("App", "application/json", create_response()), 200 => Operation.response("App", "application/json", App),
422 => 422 =>
Operation.response( Operation.response(
"Unprocessable Entity", "Unprocessable Entity",
@ -119,30 +120,4 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do
} }
} }
end end
defp create_response do
%Schema{
title: "AppCreateResponse",
description: "Response schema for an app",
type: :object,
properties: %{
id: %Schema{type: :string},
name: %Schema{type: :string},
client_id: %Schema{type: :string},
client_secret: %Schema{type: :string},
redirect_uri: %Schema{type: :string},
vapid_key: %Schema{type: :string},
website: %Schema{type: :string, nullable: true}
},
example: %{
"id" => "123",
"name" => "My App",
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
"vapid_key" =>
"BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=",
"website" => "https://myapp.com/"
}
}
end
end end

View File

@ -0,0 +1,31 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.PleromaAppOperation do
alias OpenApiSpex.Operation
alias OpenApiSpex.Schema
alias Pleroma.Web.ApiSpec.Schemas.App
def open_api_operation(action) do
operation = String.to_existing_atom("#{action}_operation")
apply(__MODULE__, operation, [])
end
@spec index_operation() :: Operation.t()
def index_operation do
%Operation{
tags: ["Applications"],
summary: "List applications",
description: "List the OAuth applications for the current user",
operationId: "AppController.index",
responses: %{
200 => Operation.response("Array of App", "application/json", array_of_apps())
}
}
end
defp array_of_apps do
%Schema{type: :array, items: App, example: [App.schema().example]}
end
end

View File

@ -0,0 +1,33 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ApiSpec.Schemas.App do
alias OpenApiSpex.Schema
require OpenApiSpex
OpenApiSpex.schema(%{
title: "App",
description: "Response schema for an app",
type: :object,
properties: %{
id: %Schema{type: :string},
name: %Schema{type: :string},
client_id: %Schema{type: :string},
client_secret: %Schema{type: :string},
redirect_uri: %Schema{type: :string},
vapid_key: %Schema{type: :string},
website: %Schema{type: :string, nullable: true}
},
example: %{
"id" => "123",
"name" => "My App",
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
"vapid_key" =>
"BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M=",
"website" => "https://myapp.com/"
}
})
end

View File

@ -10,7 +10,9 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Maps
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.App
alias Pleroma.Web.OAuth.Scopes alias Pleroma.Web.OAuth.Scopes
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
@ -26,11 +28,13 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
@doc "POST /api/v1/apps" @doc "POST /api/v1/apps"
def create(%{body_params: params} = conn, _params) do def create(%{body_params: params} = conn, _params) do
scopes = Scopes.fetch_scopes(params, ["read"]) scopes = Scopes.fetch_scopes(params, ["read"])
user_id = get_user_id(conn)
app_attrs = app_attrs =
params params
|> Map.take([:client_name, :redirect_uris, :website]) |> Map.take([:client_name, :redirect_uris, :website])
|> Map.put(:scopes, scopes) |> Map.put(:scopes, scopes)
|> Maps.put_if_present(:user_id, user_id)
with cs <- App.register_changeset(%App{}, app_attrs), with cs <- App.register_changeset(%App{}, app_attrs),
{:ok, app} <- Repo.insert(cs) do {:ok, app} <- Repo.insert(cs) do
@ -38,6 +42,9 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
end end
end end
defp get_user_id(%{assigns: %{user: %User{id: user_id}}}), do: user_id
defp get_user_id(_conn), do: nil
@doc """ @doc """
GET /api/v1/apps/verify_credentials GET /api/v1/apps/verify_credentials
Gets compact non-secret representation of the app. Supports app tokens and user tokens. Gets compact non-secret representation of the app. Supports app tokens and user tokens.

View File

@ -7,6 +7,7 @@ defmodule Pleroma.Web.OAuth.App do
import Ecto.Changeset import Ecto.Changeset
import Ecto.Query import Ecto.Query
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.User
@type t :: %__MODULE__{} @type t :: %__MODULE__{}
@ -19,6 +20,8 @@ defmodule Pleroma.Web.OAuth.App do
field(:client_secret, :string) field(:client_secret, :string)
field(:trusted, :boolean, default: false) field(:trusted, :boolean, default: false)
belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
has_many(:oauth_authorizations, Pleroma.Web.OAuth.Authorization, on_delete: :delete_all) has_many(:oauth_authorizations, Pleroma.Web.OAuth.Authorization, on_delete: :delete_all)
has_many(:oauth_tokens, Pleroma.Web.OAuth.Token, on_delete: :delete_all) has_many(:oauth_tokens, Pleroma.Web.OAuth.Token, on_delete: :delete_all)
@ -27,7 +30,7 @@ defmodule Pleroma.Web.OAuth.App do
@spec changeset(t(), map()) :: Ecto.Changeset.t() @spec changeset(t(), map()) :: Ecto.Changeset.t()
def changeset(struct, params) do def changeset(struct, params) do
cast(struct, params, [:client_name, :redirect_uris, :scopes, :website, :trusted]) cast(struct, params, [:client_name, :redirect_uris, :scopes, :website, :trusted, :user_id])
end end
@spec register_changeset(t(), map()) :: Ecto.Changeset.t() @spec register_changeset(t(), map()) :: Ecto.Changeset.t()
@ -129,6 +132,12 @@ defmodule Pleroma.Web.OAuth.App do
{:ok, Repo.all(query), count} {:ok, Repo.all(query), count}
end end
@spec get_user_apps(User.t()) :: {:ok, [t()], non_neg_integer()}
def get_user_apps(%User{id: user_id}) do
from(a in __MODULE__, where: a.user_id == ^user_id)
|> Repo.all()
end
@spec destroy(pos_integer()) :: {:ok, t()} | {:error, Ecto.Changeset.t()} @spec destroy(pos_integer()) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
def destroy(id) do def destroy(id) do
with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do

View File

@ -0,0 +1,23 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.AppController do
use Pleroma.Web, :controller
alias Pleroma.Web.OAuth.App
alias Pleroma.Web.Plugs.OAuthScopesPlug
plug(OAuthScopesPlug, %{scopes: ["follow", "read"]} when action in [:index])
plug(Pleroma.Web.ApiSpec.CastAndValidate)
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaAppOperation
@doc "GET /api/v1/pleroma/apps"
def index(%{assigns: %{user: user}} = conn, _params) do
with apps <- App.get_user_apps(user) do
render(conn, "index.json", %{apps: apps})
end
end
end

View File

@ -0,0 +1,11 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.AppView do
use Pleroma.Web, :view
def render("index.json", %{apps: apps}) do
render_many(apps, Pleroma.Web.MastodonAPI.AppView, "show.json")
end
end

View File

@ -395,6 +395,7 @@ defmodule Pleroma.Web.Router do
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
pipe_through(:api) pipe_through(:api)
get("/apps", AppController, :index)
get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index) get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index)
get("/statuses/:id/reactions", EmojiReactionController, :index) get("/statuses/:id/reactions", EmojiReactionController, :index)
end end

View File

@ -0,0 +1,11 @@
defmodule Pleroma.Repo.Migrations.AddUserIdToApps do
use Ecto.Migration
def change do
alter table(:apps) do
add(:user_id, references(:users, type: :uuid, on_delete: :delete_all))
end
create_if_not_exists(index(:apps, [:user_id]))
end
end

View File

@ -35,6 +35,33 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
end end
test "creates an oauth app", %{conn: conn} do test "creates an oauth app", %{conn: conn} do
app_attrs = build(:oauth_app)
conn =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: app_attrs.client_name,
redirect_uris: app_attrs.redirect_uris
})
[app] = Repo.all(App)
expected = %{
"name" => app.client_name,
"website" => app.website,
"client_id" => app.client_id,
"client_secret" => app.client_secret,
"id" => app.id |> to_string(),
"redirect_uri" => app.redirect_uris,
"vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
}
assert expected == json_response_and_validate_schema(conn, 200)
assert app.user_id == nil
end
test "creates an oauth app with a user", %{conn: conn} do
user = insert(:user) user = insert(:user)
app_attrs = build(:oauth_app) app_attrs = build(:oauth_app)
@ -60,5 +87,6 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
} }
assert expected == json_response_and_validate_schema(conn, 200) assert expected == json_response_and_validate_schema(conn, 200)
assert app.user_id == user.id
end end
end end

View File

@ -41,4 +41,16 @@ defmodule Pleroma.Web.OAuth.AppTest do
assert error.type == :unique assert error.type == :unique
end end
end end
test "get_user_apps/1" do
user = insert(:user)
apps = [
insert(:oauth_app, user_id: user.id),
insert(:oauth_app, user_id: user.id),
insert(:oauth_app, user_id: user.id)
]
assert App.get_user_apps(user) == apps
end
end end

View File

@ -0,0 +1,53 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.AppControllerTest do
use Pleroma.Web.ConnCase, async: true
alias Pleroma.Web.OAuth.App
alias Pleroma.Web.Push
import Pleroma.Factory
test "apps", %{conn: conn} do
user = insert(:user)
app_attrs = build(:oauth_app)
creation =
conn
|> put_req_header("content-type", "application/json")
|> assign(:user, user)
|> post("/api/v1/apps", %{
client_name: app_attrs.client_name,
redirect_uris: app_attrs.redirect_uris
})
[app] = App.get_user_apps(user)
expected = %{
"name" => app.client_name,
"website" => app.website,
"client_id" => app.client_id,
"client_secret" => app.client_secret,
"id" => app.id |> to_string(),
"redirect_uri" => app.redirect_uris,
"vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
}
assert expected == json_response_and_validate_schema(creation, 200)
response =
conn
|> put_req_header("content-type", "application/json")
|> assign(:user, user)
|> assign(:token, insert(:oauth_token, user: user, scopes: ["read", "follow"]))
|> get("/api/v1/pleroma/apps")
|> json_response_and_validate_schema(200)
[apps] = response
assert length(response) == 1
assert apps["client_id"] == app.client_id
end
end

View File

@ -0,0 +1,21 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.AppViewTest do
use Pleroma.DataCase, async: true
alias Pleroma.Web.PleromaAPI.AppView
import Pleroma.Factory
test "index.json" do
apps = [
insert(:oauth_app),
insert(:oauth_app),
insert(:oauth_app)
]
results = AppView.render("index.json", %{apps: apps})
assert [%{client_id: _, client_secret: _}, _, _] = results
end
end