Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature] Add review + invalidation of tokens in the api, settings panel #3845

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
+2,124 −554
Draft

[feature] Add review + invalidation of tokens in the api, settings panel #3845

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0c694a5
[feature] Refactor tokens, allow multiple app redirect_uris
tsmethurst Mar 1, 2025
f090d20
[feature] Add token review / delete to backend + settings panel
tsmethurst Mar 1, 2025
f0c91b0
readd token functions in processor (whoops)
tsmethurst Mar 1, 2025
9b88232
make it a bit prettier, link to docs (still need to write..)
tsmethurst Mar 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/gotosocial/action/server/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ var Start action.GTSAction = func(ctx context.Context) error {

// Build handlers used in later initializations.
mediaManager := media.NewManager(state)
oauthServer := oauth.New(ctx, dbService)
oauthServer := oauth.New(ctx, state, apiutil.GetClientScopeHandler(ctx, state))
typeConverter := typeutils.NewConverter(state)
visFilter := visibility.NewFilter(state)
intFilter := interaction.NewFilter(state)
Expand Down
169 changes: 166 additions & 3 deletions docs/api/swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -843,6 +843,19 @@ definitions:
example: https://example.org/callback?some=query
type: string
x-go-name: RedirectURI
redirect_uris:
description: Post-authorization redirect URIs for the application (OAuth2).
example: '[https://example.org/callback?some=query]'
items:
type: string
type: array
x-go-name: RedirectURIs
scopes:
description: OAuth scopes for this application.
items:
type: string
type: array
x-go-name: Scopes
vapid_key:
description: Push API key for this application.
type: string
Expand Down Expand Up @@ -3356,6 +3369,37 @@ definitions:
type: object
x-go-name: ThreadContext
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
tokenInfo:
description: The actual access token itself will never be sent via the API.
properties:
application:
$ref: '#/definitions/application'
created_at:
description: When the token was created (ISO 8601 Datetime).
example: "2021-07-30T09:20:25+00:00"
type: string
x-go-name: CreatedAt
id:
description: Database ID of this token.
example: 01JMW7QBAZYZ8T8H73PCEX12XG
type: string
x-go-name: ID
last_used:
description: |-
Approximate time (accurate to within an hour) when the token was last used (ISO 8601 Datetime).
Omitted if token has never been used, or it is not known when it was last used (eg., it was last used before tracking "last_used" became a thing).
example: "2021-07-30T09:20:25+00:00"
type: string
x-go-name: LastUsed
scope:
description: OAuth scopes granted by the token, space-separated.
example: read write admin
type: string
x-go-name: Scope
title: TokenInfo represents metadata about one user-level access token.
type: object
x-go-name: TokenInfo
x-go-package: github.com/superseriousbusiness/gotosocial/internal/api/model
user:
properties:
admin:
Expand Down Expand Up @@ -7442,16 +7486,17 @@ paths:
type: string
x-go-name: ClientName
- description: |-
Where the user should be redirected after authorization.
Single redirect URI or newline-separated list of redirect URIs (optional).

To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter.

If no redirect URIs are provided, defaults to `urn:ietf:wg:oauth:2.0:oob`.
in: formData
name: redirect_uris
required: true
type: string
x-go-name: RedirectURIs
- description: |-
Space separated list of scopes.
Space separated list of scopes (optional).

If no scopes are provided, defaults to `read`.
in: formData
Expand Down Expand Up @@ -11628,6 +11673,124 @@ paths:
summary: See public statuses that use the given hashtag (case insensitive).
tags:
- timelines
/api/v1/tokens:
get:
description: |-
The items will be returned in descending chronological order (newest first), with sequential IDs (bigger = newer).

The returned Link header can be used to generate the previous and next queries when paging up or down.

Example:

```
<https://example.org/api/v1/tokens?limit=20&max_id=01FC3GSQ8A3MMJ43BPZSGEG29M>; rel="next", <https://example.org/api/v1/tokens?limit=20&min_id=01FC3KJW2GYXSDDRA6RWNDM46M>; rel="prev"
````
operationId: tokensInfoGet
parameters:
- description: Return only items *OLDER* than the given max status ID. The item with the specified ID will not be included in the response.
in: query
name: max_id
type: string
- description: Return only items *newer* than the given since status ID. The item with the specified ID will not be included in the response.
in: query
name: since_id
type: string
- description: Return only items *immediately newer* than the given since status ID. The item with the specified ID will not be included in the response.
in: query
name: min_id
type: string
- default: 20
description: Number of items to return.
in: query
name: limit
type: integer
produces:
- application/json
responses:
"200":
description: Array of token info entries.
headers:
Link:
description: Links to the next and previous queries.
type: string
schema:
items:
$ref: '#/definitions/tokenInfo'
type: array
"400":
description: bad request
"401":
description: unauthorized
security:
- OAuth2 Bearer:
- read:accounts
summary: See info about tokens created for/by your account.
tags:
- tokens
/api/v1/tokens/{id}:
get:
operationId: tokenInfoGet
parameters:
- description: The id of the requested token.
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: The requested token.
schema:
$ref: '#/definitions/tokenInfo'
"400":
description: bad request
"401":
description: unauthorized
"404":
description: not found
"406":
description: not acceptable
"500":
description: internal server error
security:
- OAuth2 Bearer:
- read:accounts
summary: Get information about a single token.
tags:
- tokens
/api/v1/tokens/{id}/invalidate:
post:
operationId: tokenInvalidatePost
parameters:
- description: The id of the target token.
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Info about the invalidated token.
schema:
$ref: '#/definitions/tokenInfo'
"400":
description: bad request
"401":
description: unauthorized
"404":
description: not found
"406":
description: not acceptable
"500":
description: internal server error
security:
- OAuth2 Bearer:
- write:accounts
summary: Invalidate the target token, removing it from the database and making it unusable.
tags:
- tokens
/api/v1/user:
get:
operationId: getUser
Expand Down
2 changes: 0 additions & 2 deletions internal/api/activitypub/users/user_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ type UserStandardTestSuite struct {

// standard suite models
testTokens map[string]*gtsmodel.Token
testClients map[string]*gtsmodel.Client
testApplications map[string]*gtsmodel.Application
testUsers map[string]*gtsmodel.User
testAccounts map[string]*gtsmodel.Account
Expand All @@ -67,7 +66,6 @@ type UserStandardTestSuite struct {

func (suite *UserStandardTestSuite) SetupSuite() {
suite.testTokens = testrig.NewTestTokens()
suite.testClients = testrig.NewTestClients()
suite.testApplications = testrig.NewTestApplications()
suite.testUsers = testrig.NewTestUsers()
suite.testAccounts = testrig.NewTestAccounts()
Expand Down
2 changes: 0 additions & 2 deletions internal/api/auth/auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ type AuthStandardTestSuite struct {

// standard suite models
testTokens map[string]*gtsmodel.Token
testClients map[string]*gtsmodel.Client
testApplications map[string]*gtsmodel.Application
testUsers map[string]*gtsmodel.User
testAccounts map[string]*gtsmodel.Account
Expand All @@ -71,7 +70,6 @@ const (

func (suite *AuthStandardTestSuite) SetupSuite() {
suite.testTokens = testrig.NewTestTokens()
suite.testClients = testrig.NewTestClients()
suite.testApplications = testrig.NewTestApplications()
suite.testUsers = testrig.NewTestUsers()
suite.testAccounts = testrig.NewTestAccounts()
Expand Down
Loading