1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-23 09:02:41 +00:00

Complete IndieAuth authorizer

This commit is contained in:
J. King 2019-09-10 17:48:38 -04:00
parent d8c484d387
commit dd3e143212
2 changed files with 39 additions and 1 deletions

View file

@ -6,10 +6,18 @@
declare(strict_types=1);
namespace JKingWeb\Arsse\Misc;
use function GuzzleHttp\Psr7\parse_header;
/**
* A collection of functions for manipulating URLs
*/
class URL {
/** Returns whether a URL is absolute i.e. has a scheme */
public static function absolute(string $url): bool {
return (bool) strlen((string) parse_url($url, \PHP_URL_SCHEME));
}
/** Normalizes a URL
*
* Normalizations performed are:
@ -137,4 +145,24 @@ class URL {
$out = ($absolute ? "/" : "").$out.($index ? "/" : "");
return str_replace("//", "/", $out);
}
/** Appends data to a URL's query component
*
* @param string $url The input URL
* @param string $data The data to append. This should already be escaped where necessary and not start with any delimiter
* @param string $glue The query subcomponent delimiter, usually "&". If the URL has no query, "?" will be prepended instead
*/
public function queryAppend(string $url, string $data, string $glue = "&"): string {
$insPos = strpos($url, "#");
$insPos = $insPos === false ? strlen($url) : $insPos;
$hasQuery = strpos($url, "?") !== false;
$glue = $hasQuery ? $glue : "?";
if ($hasQuery && $insPos > 0) {
if ($url[$insPos - 1] === $glue) {
// if the URL already has excess glue, use it
$glue = "";
}
}
return substr($url, 0, $insPos).$glue.$data.substr($url, $insPos);
}
}

View file

@ -8,6 +8,7 @@ namespace JKingWeb\Arsse\REST\Microsub;
use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\Misc\URL;
use JKingWeb\Arsse\Misc\Date;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Zend\Diactoros\Response\HtmlResponse as Response;
@ -75,7 +76,16 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler {
if ($user !== $id || URL::normalize($query['me']) !== $url) {
return new EmptyResponse(403);
} else {
// redirect
$redir = URL::normalize(rawurldecode($query['redirect_uri']));
$state = $query['state'] ?? "";
// check that the redirect URL is an absolute one
if (!URL::absolute($redir)) {
return new EmptyResponse(400);
}
// issue an authorization code and build the redirect URL
$code = Arsse::$db->tokenCreate($id, "microsub.auth", null, Date::add("PT2M"));
$next = URL::queryAppend($redir, "code=$code&state=$state");
return new EmptyResponse(302, ["Location: $next"]);
}
}
}