mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-23 09:02:41 +00:00
Complete IndieAuth authorizer
This commit is contained in:
parent
d8c484d387
commit
dd3e143212
2 changed files with 39 additions and 1 deletions
|
@ -6,10 +6,18 @@
|
||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
namespace JKingWeb\Arsse\Misc;
|
namespace JKingWeb\Arsse\Misc;
|
||||||
|
|
||||||
|
use function GuzzleHttp\Psr7\parse_header;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A collection of functions for manipulating URLs
|
* A collection of functions for manipulating URLs
|
||||||
*/
|
*/
|
||||||
class URL {
|
class URL {
|
||||||
|
|
||||||
|
/** Returns whether a URL is absolute i.e. has a scheme */
|
||||||
|
public static function absolute(string $url): bool {
|
||||||
|
return (bool) strlen((string) parse_url($url, \PHP_URL_SCHEME));
|
||||||
|
}
|
||||||
|
|
||||||
/** Normalizes a URL
|
/** Normalizes a URL
|
||||||
*
|
*
|
||||||
* Normalizations performed are:
|
* Normalizations performed are:
|
||||||
|
@ -137,4 +145,24 @@ class URL {
|
||||||
$out = ($absolute ? "/" : "").$out.($index ? "/" : "");
|
$out = ($absolute ? "/" : "").$out.($index ? "/" : "");
|
||||||
return str_replace("//", "/", $out);
|
return str_replace("//", "/", $out);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Appends data to a URL's query component
|
||||||
|
*
|
||||||
|
* @param string $url The input URL
|
||||||
|
* @param string $data The data to append. This should already be escaped where necessary and not start with any delimiter
|
||||||
|
* @param string $glue The query subcomponent delimiter, usually "&". If the URL has no query, "?" will be prepended instead
|
||||||
|
*/
|
||||||
|
public function queryAppend(string $url, string $data, string $glue = "&"): string {
|
||||||
|
$insPos = strpos($url, "#");
|
||||||
|
$insPos = $insPos === false ? strlen($url) : $insPos;
|
||||||
|
$hasQuery = strpos($url, "?") !== false;
|
||||||
|
$glue = $hasQuery ? $glue : "?";
|
||||||
|
if ($hasQuery && $insPos > 0) {
|
||||||
|
if ($url[$insPos - 1] === $glue) {
|
||||||
|
// if the URL already has excess glue, use it
|
||||||
|
$glue = "";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return substr($url, 0, $insPos).$glue.$data.substr($url, $insPos);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ namespace JKingWeb\Arsse\REST\Microsub;
|
||||||
|
|
||||||
use JKingWeb\Arsse\Arsse;
|
use JKingWeb\Arsse\Arsse;
|
||||||
use JKingWeb\Arsse\Misc\URL;
|
use JKingWeb\Arsse\Misc\URL;
|
||||||
|
use JKingWeb\Arsse\Misc\Date;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Zend\Diactoros\Response\HtmlResponse as Response;
|
use Zend\Diactoros\Response\HtmlResponse as Response;
|
||||||
|
@ -75,7 +76,16 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
|
||||||
if ($user !== $id || URL::normalize($query['me']) !== $url) {
|
if ($user !== $id || URL::normalize($query['me']) !== $url) {
|
||||||
return new EmptyResponse(403);
|
return new EmptyResponse(403);
|
||||||
} else {
|
} else {
|
||||||
// redirect
|
$redir = URL::normalize(rawurldecode($query['redirect_uri']));
|
||||||
|
$state = $query['state'] ?? "";
|
||||||
|
// check that the redirect URL is an absolute one
|
||||||
|
if (!URL::absolute($redir)) {
|
||||||
|
return new EmptyResponse(400);
|
||||||
|
}
|
||||||
|
// issue an authorization code and build the redirect URL
|
||||||
|
$code = Arsse::$db->tokenCreate($id, "microsub.auth", null, Date::add("PT2M"));
|
||||||
|
$next = URL::queryAppend($redir, "code=$code&state=$state");
|
||||||
|
return new EmptyResponse(302, ["Location: $next"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue