versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(api): 🐛 Fix incorrect OAuth changes

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-06 08:40:26 +00:00
parent d5076590c6
commit ddab167018
No known key found for this signature in database
5 changed files with 26 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/api/api/v2/filters/:id/index.ts
View file

@ -1,4 +1,4 @@
import { applyConfig, auth, qs } from "@api"; import { applyConfig, auth, handleZodError, qs } from "@api";
import { zValidator } from "@hono/zod-validator"; import { zValidator } from "@hono/zod-validator";
import { errorResponse, jsonResponse } from "@response"; import { errorResponse, jsonResponse } from "@response";
import { and, eq, inArray } from "drizzle-orm"; import { and, eq, inArray } from "drizzle-orm";
@ -71,8 +71,8 @@ export default (app: Hono) =>
meta.allowedMethods, meta.allowedMethods,
meta.route, meta.route,
qs(), qs(),
zValidator("param", schemas.param), zValidator("param", schemas.param, handleZodError),
zValidator("form", schemas.form), zValidator("form", schemas.form, handleZodError),
auth(meta.auth), auth(meta.auth),
async (context) => { async (context) => {
const { user } = context.req.valid("header"); const { user } = context.req.valid("header");

4
server/api/api/v2/media/index.ts
View file

@ -1,4 +1,4 @@
import { applyConfig, auth } from "@api"; import { applyConfig, auth, handleZodError } from "@api";
import { zValidator } from "@hono/zod-validator"; import { zValidator } from "@hono/zod-validator";
import { errorResponse, jsonResponse } from "@response"; import { errorResponse, jsonResponse } from "@response";
import { encode } from "blurhash"; import { encode } from "blurhash";
@ -42,7 +42,7 @@ export default (app: Hono) =>
app.on( app.on(
meta.allowedMethods, meta.allowedMethods,
meta.route, meta.route,
zValidator("form", schemas.form), zValidator("form", schemas.form, handleZodError),
auth(meta.auth), auth(meta.auth),
async (context) => { async (context) => {
const { file, thumbnail, description, focus } = const { file, thumbnail, description, focus } =

4
server/api/api/v2/search/index.ts
View file

@ -1,4 +1,4 @@
import { applyConfig, auth } from "@api"; import { applyConfig, auth, handleZodError } from "@api";
import { zValidator } from "@hono/zod-validator"; import { zValidator } from "@hono/zod-validator";
import { dualLogger } from "@loggers"; import { dualLogger } from "@loggers";
import { MeiliIndexType, meilisearch } from "@meilisearch"; import { MeiliIndexType, meilisearch } from "@meilisearch";
@ -45,7 +45,7 @@ export default (app: Hono) =>
app.on( app.on(
meta.allowedMethods, meta.allowedMethods,
meta.route, meta.route,
zValidator("query", schemas.query), zValidator("query", schemas.query, handleZodError),
auth(meta.auth), auth(meta.auth),
async (context) => { async (context) => {
const { user: self } = context.req.valid("header"); const { user: self } = context.req.valid("header");

8
server/api/oauth/authorize/index.ts
View file

@ -34,6 +34,8 @@ export const schemas = {
.int() .int()
.optional() .optional()
.default(60 * 60 * 24 * 7), .default(60 * 60 * 24 * 7),
}),
form: z.object({
scope: z.string().optional(), scope: z.string().optional(),
redirect_uri: z.string().url().optional(), redirect_uri: z.string().url().optional(),
response_type: z.enum([ response_type: z.enum([
@ -75,6 +77,7 @@ export default (app: Hono) =>
meta.allowedMethods, meta.allowedMethods,
meta.route, meta.route,
zValidator("query", schemas.query, handleZodError), zValidator("query", schemas.query, handleZodError),
zValidator("form", schemas.form, handleZodError),
async (context) => { async (context) => {
const { const {
scope, scope,
@ -84,8 +87,9 @@ export default (app: Hono) =>
state, state,
code_challenge, code_challenge,
code_challenge_method, code_challenge_method,
} = context.req.valid("query"); } = context.req.valid("form");
const body = context.req.valid("query");
const body = context.req.valid("form");
const cookie = context.req.header("Cookie"); const cookie = context.req.header("Cookie");

31
tests/oauth.test.ts
View file

@ -112,25 +112,20 @@ describe("POST /api/auth/login/", () => {
describe("GET /oauth/authorize/", () => { describe("GET /oauth/authorize/", () => {
test("should get a code", async () => { test("should get a code", async () => {
const response = await sendTestRequest( const response = await sendTestRequest(
new Request( new Request(new URL(`/oauth/authorize`, base_url), {
new URL( method: "POST",
`/oauth/authorize?${new URLSearchParams({ headers: {
client_id, Cookie: `jwt=${jwt}`,
client_secret,
redirect_uri: "https://example.com",
response_type: "code",
scope: "read write",
max_age: "604800",
})}`,
base_url,
),
{
method: "POST",
headers: {
Cookie: `jwt=${jwt}`,
},
}, },
), body: new URLSearchParams({
client_id,
client_secret,
redirect_uri: "https://example.com",
response_type: "code",
scope: "read write",
max_age: "604800",
}),
}),
); );
expect(response.status).toBe(302); expect(response.status).toBe(302);