gnu-social/plugins/OAuth2/OAuth2.php

<?php

declare(strict_types = 1);

// {{{ License
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
// }}}

/**
 * ActivityPub implementation for GNU social
 *
 * @package   GNUsocial
 * @category  API
 *
 * @author    Diogo Peralta Cordeiro <mail@diogo.site>
 * @author    Hugo Sales <hugo@hsal.es>
 * @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */

namespace Plugin\OAuth2;

use App\Core\Event;
use App\Core\Modules\Plugin;
use App\Core\Router;
use App\Util\Common;
use DateInterval;
use EventResult;
use Exception;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use Plugin\OAuth2\Controller as C;
use Plugin\OAuth2\Util\ExpandedBearerTokenResponse;
use XML_XRD_Element_Link;

/**
 * Adds OAuth2 support to GNU social when enabled
 *
 * @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
 * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
 */
class OAuth2 extends Plugin
{
    public const OAUTH_REQUEST_TOKEN_REL                     = 'http://apinamespace.org/oauth/request_token';
    public const OAUTH_ACCESS_TOKEN_REL                      = 'http://apinamespace.org/oauth/access_token';
    public const OAUTH_AUTHORIZE_REL                         = 'http://apinamespace.org/oauth/authorize';
    public static ?AuthorizationServer $authorization_server = null;

    public static function version(): string
    {
        return '3.0.0';
    }

    /**
     * @throws Exception
     */
    public function onInitializePlugin(): EventResult
    {
        self::$authorization_server = new AuthorizationServer(
            new Repository\Client,
            new Repository\AccessToken,
            new Repository\Scope,
            privateKey: new CryptKey(keyPath: Common::config('oauth2', 'private_key'), passPhrase: Common::config('oauth2', 'private_key_password')),
            encryptionKey: Common::config('oauth2', 'encryption_key'),
            responseType: new ExpandedBearerTokenResponse(),
        );

        self::$authorization_server->enableGrantType(
            new AuthCodeGrant(
                new Repository\AuthCode,
                new Repository\RefreshToken,
                new DateInterval('PT10M'), // ???
            ),
            new DateInterval('PT1H'),
        );
        return Event::next;
    }

    /**
     * This code executes when GNU social creates the page routing, and we hook
     * on this event to add our Inbox and Outbox handler for ActivityPub.
     *
     * @param Router $r the router that was initialized
     */
    public function onAddRoute(Router $r): EventResult
    {
        $r->connect('oauth2_mastodon_api_apps', '/api/v1/apps', C\Client::class, ['http-methods' => ['POST']]);
        $r->connect('oauth2_client', '/oauth/client', C\Client::class, ['http-methods' => ['POST']]);
        $r->connect('oauth2_authorize', '/oauth/authorize', C\Authorize::class);
        $r->connect('oauth2_token', '/oauth/token', C\Token::class);
        return Event::next;
    }

    public function onEndHostMetaLinks(array &$links): EventResult
    {
        $links[] = new XML_XRD_Element_Link(self::OAUTH_REQUEST_TOKEN_REL, Router::url('oauth2_client', type: Router::ABSOLUTE_URL));
        $links[] = new XML_XRD_Element_Link(self::OAUTH_AUTHORIZE_REL, Router::url('oauth2_authorize', type: Router::ABSOLUTE_URL));
        $links[] = new XML_XRD_Element_Link(self::OAUTH_ACCESS_TOKEN_REL, Router::url('oauth2_token', type: Router::ABSOLUTE_URL));
        return Event::next;
    }
}
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`<?php`

			`declare(strict_types = 1);`

			`// {{{ License`
			`// This file is part of GNU social - https://www.gnu.org/software/social`
			`//`
			`// GNU social is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// GNU social is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with GNU social. If not, see <http://www.gnu.org/licenses/>.`
			`// }}}`

			`/**`
			`* ActivityPub implementation for GNU social`
			`*`
			`* @package GNUsocial`
			`* @category API`
			`*`
			`* @author Diogo Peralta Cordeiro <mail@diogo.site>`
			`* @author Hugo Sales <hugo@hsal.es>`
			`* @copyright 2022 Free Software Foundation, Inc http://www.fsf.org`
			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
			`*/`

			`namespace Plugin\OAuth2;`

			`use App\Core\Event;`
			`use App\Core\Modules\Plugin;`
[CORE][Router] Rename \App\Core\Router\Router to \App\Core\Router and merge \App\Core\Router\RouteLoader with \App\Core\Router 2022-03-27 16:43:59 +01:00			`use App\Core\Router;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`use App\Util\Common;`
			`use DateInterval;`
[CORE][Event] Make all events return \EventResult, enforced at container build time 2022-04-03 21:40:32 +01:00			`use EventResult;`
[PLUGIN][OAuth2] Fix some static issues 2022-02-04 18:34:08 +00:00			`use Exception;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`use League\OAuth2\Server\AuthorizationServer;`
			`use League\OAuth2\Server\CryptKey;`
			`use League\OAuth2\Server\Grant\AuthCodeGrant;`
			`use Plugin\OAuth2\Controller as C;`
[PLUGIN][OAuth2] Add 'me' field to token responses 2022-01-25 16:07:39 +00:00			`use Plugin\OAuth2\Util\ExpandedBearerTokenResponse;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`use XML_XRD_Element_Link;`

			`/**`
			`* Adds OAuth2 support to GNU social when enabled`
			`*`
			`* @copyright 2022 Free Software Foundation, Inc http://www.fsf.org`
			`* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later`
			`*/`
			`class OAuth2 extends Plugin`
			`{`
[PLUGIN][OAuth2] Fix some static issues 2022-02-04 18:34:08 +00:00			`public const OAUTH_REQUEST_TOKEN_REL = 'http://apinamespace.org/oauth/request_token';`
			`public const OAUTH_ACCESS_TOKEN_REL = 'http://apinamespace.org/oauth/access_token';`
			`public const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';`
			`public static ?AuthorizationServer $authorization_server = null;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00
[CORE][Modules][Plugin] version should be static 2022-03-28 21:18:44 +01:00			`public static function version(): string`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
			`return '3.0.0';`
			`}`

[PLUGIN][OAuth2] Fix some static issues 2022-02-04 18:34:08 +00:00			`/**`
			`* @throws Exception`
			`*/`
[CORE][Event] Make all events return \EventResult, enforced at container build time 2022-04-03 21:40:32 +01:00			`public function onInitializePlugin(): EventResult`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
			`self::$authorization_server = new AuthorizationServer(`
			`new Repository\Client,`
			`new Repository\AccessToken,`
			`new Repository\Scope,`
			`privateKey: new CryptKey(keyPath: Common::config('oauth2', 'private_key'), passPhrase: Common::config('oauth2', 'private_key_password')),`
			`encryptionKey: Common::config('oauth2', 'encryption_key'),`
[PLUGIN][OAuth2] Add 'me' field to token responses 2022-01-25 16:07:39 +00:00			`responseType: new ExpandedBearerTokenResponse(),`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`);`

			`self::$authorization_server->enableGrantType(`
			`new AuthCodeGrant(`
			`new Repository\AuthCode,`
			`new Repository\RefreshToken,`
			`new DateInterval('PT10M'), // ???`
			`),`
			`new DateInterval('PT1H'),`
			`);`
[CORE][Event] Make all events return \EventResult, enforced at container build time 2022-04-03 21:40:32 +01:00			`return Event::next;`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`}`

			`/**`
			`* This code executes when GNU social creates the page routing, and we hook`
			`* on this event to add our Inbox and Outbox handler for ActivityPub.`
			`*`
[CORE][Router] Rename \App\Core\Router\Router to \App\Core\Router and merge \App\Core\Router\RouteLoader with \App\Core\Router 2022-03-27 16:43:59 +01:00			`* @param Router $r the router that was initialized`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`*/`
[CORE][Event] Make all events return \EventResult, enforced at container build time 2022-04-03 21:40:32 +01:00			`public function onAddRoute(Router $r): EventResult`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
			`$r->connect('oauth2_mastodon_api_apps', '/api/v1/apps', C\Client::class, ['http-methods' => ['POST']]);`
			`$r->connect('oauth2_client', '/oauth/client', C\Client::class, ['http-methods' => ['POST']]);`
			`$r->connect('oauth2_authorize', '/oauth/authorize', C\Authorize::class);`
			`$r->connect('oauth2_token', '/oauth/token', C\Token::class);`
			`return Event::next;`
			`}`

[CORE][Event] Make all events return \EventResult, enforced at container build time 2022-04-03 21:40:32 +01:00			`public function onEndHostMetaLinks(array &$links): EventResult`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`{`
[PLUGIN][OAuth2] Fix some static issues 2022-02-04 18:34:08 +00:00			`$links[] = new XML_XRD_Element_Link(self::OAUTH_REQUEST_TOKEN_REL, Router::url('oauth2_client', type: Router::ABSOLUTE_URL));`
			`$links[] = new XML_XRD_Element_Link(self::OAUTH_AUTHORIZE_REL, Router::url('oauth2_authorize', type: Router::ABSOLUTE_URL));`
			`$links[] = new XML_XRD_Element_Link(self::OAUTH_ACCESS_TOKEN_REL, Router::url('oauth2_token', type: Router::ABSOLUTE_URL));`
[PLUGIN][OAuth2] Start adding OAuth2 support with client registration This hardcodes the user, and has some other issues, so it is not yet complete. We follow mastodon's spec for automatic client registration, available at both `/api/v1/apps` and a more reasonable `/oauth/client`. This accepts a JSON POST with the client info and returns JSON with a `client_id` and a `client_secret`, to be used with `/oauth/authorize` and `/oauth/token`. It also, seemingly, requires returning an `id` with unclear purpose. The `/oauth/token` endpoint doesn't currently return a `me` field. 2022-01-25 12:17:32 +00:00			`return Event::next;`
			`}`
			`}`