From 45cafa2b047df219c8b7ffd5daf395c9721f4190 Mon Sep 17 00:00:00 2001 From: Daniel Nitsikopoulos Date: Sat, 2 Dec 2023 10:34:03 +1100 Subject: [PATCH] Allow authentication with micro.blog --- config/settings.rb | 2 ++ slices/micropub/action.rb | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/config/settings.rb b/config/settings.rb index 263cd50..a87adb4 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -53,6 +53,8 @@ module Adamantium setting :micropub_authorization_endpoint setting :micropub_token_endpoint + setting :microblog_auth_endpoint, default: nil + setting :mastodon_token, default: nil setting :mastodon_server, default: nil diff --git a/slices/micropub/action.rb b/slices/micropub/action.rb index 338eb4f..c7e3b33 100644 --- a/slices/micropub/action.rb +++ b/slices/micropub/action.rb @@ -66,6 +66,7 @@ module Micropub return %i[create update delete undelete media] if settings.shortcut_key == access_token return %i[create update delete undelete media] if Hanami.env == :development || Hanami.env == :test + # Verify with IndieAuth resp = HTTParty.get(settings.micropub_token_endpoint, { headers: { "Accept" => "application/x-www-form-urlencoded", @@ -73,10 +74,18 @@ module Micropub } }) decoded_response = URI.decode_www_form(resp.body).to_h.transform_keys(&:to_sym) + indie_auth_verified = (decoded_response.include? :scope) && (decoded_response.include? :me) - logger.info({log: "verify_response", msg: decoded_response.inspect, token: access_token}) + # Verify with micro.blog + micro_blog_verified = if settings.microblog_auth_endpoint + resp = HTTParty.post(settings.microblog_auth_endpoint, body: { + token: access_token + }) + decoded_response = JSON.parse(resp.body).transform_keys(&:to_sym) + !decoded_response.include? :error + end - halt 401 unless (decoded_response.include? :scope) && (decoded_response.include? :me) + halt 401 unless indie_auth_verified || micro_blog_verified decoded_response[:scope].gsub("post", "create").split.map(&:to_sym) end