From ddab167018e77e89ba4f7ee6d9100f9100ed6e35 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Mon, 6 May 2024 08:40:26 +0000
Subject: [PATCH] fix(api): :bug: Fix incorrect OAuth changes

---
 server/api/api/v2/filters/:id/index.ts |  6 ++---
 server/api/api/v2/media/index.ts       |  4 ++--
 server/api/api/v2/search/index.ts      |  4 ++--
 server/api/oauth/authorize/index.ts    |  8 +++++--
 tests/oauth.test.ts                    | 31 +++++++++++---------------
 5 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/server/api/api/v2/filters/:id/index.ts b/server/api/api/v2/filters/:id/index.ts
index e40f6616..6b3cd9ec 100644
--- a/server/api/api/v2/filters/:id/index.ts
+++ b/server/api/api/v2/filters/:id/index.ts
@@ -1,4 +1,4 @@
-import { applyConfig, auth, qs } from "@api";
+import { applyConfig, auth, handleZodError, qs } from "@api";
 import { zValidator } from "@hono/zod-validator";
 import { errorResponse, jsonResponse } from "@response";
 import { and, eq, inArray } from "drizzle-orm";
@@ -71,8 +71,8 @@ export default (app: Hono) =>
         meta.allowedMethods,
         meta.route,
         qs(),
-        zValidator("param", schemas.param),
-        zValidator("form", schemas.form),
+        zValidator("param", schemas.param, handleZodError),
+        zValidator("form", schemas.form, handleZodError),
         auth(meta.auth),
         async (context) => {
             const { user } = context.req.valid("header");
diff --git a/server/api/api/v2/media/index.ts b/server/api/api/v2/media/index.ts
index 5aa640f9..ed348edf 100644
--- a/server/api/api/v2/media/index.ts
+++ b/server/api/api/v2/media/index.ts
@@ -1,4 +1,4 @@
-import { applyConfig, auth } from "@api";
+import { applyConfig, auth, handleZodError } from "@api";
 import { zValidator } from "@hono/zod-validator";
 import { errorResponse, jsonResponse } from "@response";
 import { encode } from "blurhash";
@@ -42,7 +42,7 @@ export default (app: Hono) =>
     app.on(
         meta.allowedMethods,
         meta.route,
-        zValidator("form", schemas.form),
+        zValidator("form", schemas.form, handleZodError),
         auth(meta.auth),
         async (context) => {
             const { file, thumbnail, description, focus } =
diff --git a/server/api/api/v2/search/index.ts b/server/api/api/v2/search/index.ts
index 22953abf..58c97612 100644
--- a/server/api/api/v2/search/index.ts
+++ b/server/api/api/v2/search/index.ts
@@ -1,4 +1,4 @@
-import { applyConfig, auth } from "@api";
+import { applyConfig, auth, handleZodError } from "@api";
 import { zValidator } from "@hono/zod-validator";
 import { dualLogger } from "@loggers";
 import { MeiliIndexType, meilisearch } from "@meilisearch";
@@ -45,7 +45,7 @@ export default (app: Hono) =>
     app.on(
         meta.allowedMethods,
         meta.route,
-        zValidator("query", schemas.query),
+        zValidator("query", schemas.query, handleZodError),
         auth(meta.auth),
         async (context) => {
             const { user: self } = context.req.valid("header");
diff --git a/server/api/oauth/authorize/index.ts b/server/api/oauth/authorize/index.ts
index 34668f52..29b4f7ed 100644
--- a/server/api/oauth/authorize/index.ts
+++ b/server/api/oauth/authorize/index.ts
@@ -34,6 +34,8 @@ export const schemas = {
             .int()
             .optional()
             .default(60 * 60 * 24 * 7),
+    }),
+    form: z.object({
         scope: z.string().optional(),
         redirect_uri: z.string().url().optional(),
         response_type: z.enum([
@@ -75,6 +77,7 @@ export default (app: Hono) =>
         meta.allowedMethods,
         meta.route,
         zValidator("query", schemas.query, handleZodError),
+        zValidator("form", schemas.form, handleZodError),
         async (context) => {
             const {
                 scope,
@@ -84,8 +87,9 @@ export default (app: Hono) =>
                 state,
                 code_challenge,
                 code_challenge_method,
-            } = context.req.valid("query");
-            const body = context.req.valid("query");
+            } = context.req.valid("form");
+
+            const body = context.req.valid("form");
 
             const cookie = context.req.header("Cookie");
 
diff --git a/tests/oauth.test.ts b/tests/oauth.test.ts
index ba3bf95b..010850fb 100644
--- a/tests/oauth.test.ts
+++ b/tests/oauth.test.ts
@@ -112,25 +112,20 @@ describe("POST /api/auth/login/", () => {
 describe("GET /oauth/authorize/", () => {
     test("should get a code", async () => {
         const response = await sendTestRequest(
-            new Request(
-                new URL(
-                    `/oauth/authorize?${new URLSearchParams({
-                        client_id,
-                        client_secret,
-                        redirect_uri: "https://example.com",
-                        response_type: "code",
-                        scope: "read write",
-                        max_age: "604800",
-                    })}`,
-                    base_url,
-                ),
-                {
-                    method: "POST",
-                    headers: {
-                        Cookie: `jwt=${jwt}`,
-                    },
+            new Request(new URL(`/oauth/authorize`, base_url), {
+                method: "POST",
+                headers: {
+                    Cookie: `jwt=${jwt}`,
                 },
-            ),
+                body: new URLSearchParams({
+                    client_id,
+                    client_secret,
+                    redirect_uri: "https://example.com",
+                    response_type: "code",
+                    scope: "read write",
+                    max_age: "604800",
+                }),
+            }),
         );
 
         expect(response.status).toBe(302);