gnu-social/plugins/OAuth2/OAuth2.php

115 lines
4.2 KiB
PHP
Raw Permalink Normal View History

<?php
declare(strict_types = 1);
// {{{ License
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
// }}}
/**
* ActivityPub implementation for GNU social
*
* @package GNUsocial
* @category API
*
* @author Diogo Peralta Cordeiro <mail@diogo.site>
* @author Hugo Sales <hugo@hsal.es>
* @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
namespace Plugin\OAuth2;
use App\Core\Event;
use App\Core\Modules\Plugin;
use App\Core\Router\RouteLoader;
use App\Core\Router\Router;
use App\Util\Common;
use DateInterval;
use Exception;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use Plugin\OAuth2\Controller as C;
use Plugin\OAuth2\Util\ExpandedBearerTokenResponse;
use XML_XRD_Element_Link;
/**
* Adds OAuth2 support to GNU social when enabled
*
* @copyright 2022 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class OAuth2 extends Plugin
{
public const OAUTH_REQUEST_TOKEN_REL = 'http://apinamespace.org/oauth/request_token';
public const OAUTH_ACCESS_TOKEN_REL = 'http://apinamespace.org/oauth/access_token';
public const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
public static ?AuthorizationServer $authorization_server = null;
public function version(): string
{
return '3.0.0';
}
/**
* @throws Exception
*/
public function onInitializePlugin()
{
self::$authorization_server = new AuthorizationServer(
new Repository\Client,
new Repository\AccessToken,
new Repository\Scope,
privateKey: new CryptKey(keyPath: Common::config('oauth2', 'private_key'), passPhrase: Common::config('oauth2', 'private_key_password')),
encryptionKey: Common::config('oauth2', 'encryption_key'),
responseType: new ExpandedBearerTokenResponse(),
);
self::$authorization_server->enableGrantType(
new AuthCodeGrant(
new Repository\AuthCode,
new Repository\RefreshToken,
new DateInterval('PT10M'), // ???
),
new DateInterval('PT1H'),
);
}
/**
* This code executes when GNU social creates the page routing, and we hook
* on this event to add our Inbox and Outbox handler for ActivityPub.
*
* @param RouteLoader $r the router that was initialized
*/
public function onAddRoute(RouteLoader $r): bool
{
$r->connect('oauth2_mastodon_api_apps', '/api/v1/apps', C\Client::class, ['http-methods' => ['POST']]);
$r->connect('oauth2_client', '/oauth/client', C\Client::class, ['http-methods' => ['POST']]);
$r->connect('oauth2_authorize', '/oauth/authorize', C\Authorize::class);
$r->connect('oauth2_token', '/oauth/token', C\Token::class);
return Event::next;
}
public function onEndHostMetaLinks(array &$links): bool
{
$links[] = new XML_XRD_Element_Link(self::OAUTH_REQUEST_TOKEN_REL, Router::url('oauth2_client', type: Router::ABSOLUTE_URL));
$links[] = new XML_XRD_Element_Link(self::OAUTH_AUTHORIZE_REL, Router::url('oauth2_authorize', type: Router::ABSOLUTE_URL));
$links[] = new XML_XRD_Element_Link(self::OAUTH_ACCESS_TOKEN_REL, Router::url('oauth2_token', type: Router::ABSOLUTE_URL));
return Event::next;
}
}