1 files changed, 79 insertions, 16 deletions

diff --git a/mastoapi.c b/mastoapi.c
index 9f9de13..06a74cd 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -8,14 +8,40 @@
 
 #include "snac.h"
 
-int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+static xs_str *random_str(void)
+/* just what is says in the tin */
+{
+    unsigned int data[4] = {0};
+    FILE *f;
+
+    if ((f = fopen("/dev/random", "r")) != NULL) {
+        fread(data, sizeof(data), 1, f);
+        fclose(f);
+    }
+    else {
+        data[0] = random() % 0xffffffff;
+        data[1] = random() % 0xffffffff;
+        data[2] = random() % 0xffffffff;
+        data[3] = random() % 0xffffffff;
+    }
+
+    return xs_hex_enc((char *)data, sizeof(data));
+}
+
+
+int oauth_get_handler(const xs_dict *req, const char *q_path,
                       char **body, int *b_size, char **ctype)
 {
     if (!xs_startswith(q_path, "/oauth/"))
         return 0;
 
+    {
+        xs *j = xs_json_dumps_pp(req, 4);
+        printf("oauth:\n%s\n", j);
+    }
+
     int status   = 404;
-    xs_dict *msg = xs_dict_get(req, "p_vars");
+    xs_dict *msg = xs_dict_get(req, "q_vars");
     xs *cmd      = xs_replace(q_path, "/oauth", "");
 
     if (strcmp(cmd, "/authorize") == 0) {
@@ -25,11 +51,32 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
         const char *scope = xs_dict_get(msg, "scope");
 
         if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
+            /* redirect to an identification page */
+            status = 303;
+//            *body  = xs_fmt("%s/test1/admin?redir=%s", srv_baseurl, ruri);
+            *body  = xs_fmt("%s/test1/admin", srv_baseurl);
         }
         else
             status = 400;
     }
-    else
+
+    return status;
+}
+
+
+int oauth_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
+                      char **body, int *b_size, char **ctype)
+{
+    if (!xs_startswith(q_path, "/oauth/"))
+        return 0;
+
+    int status   = 404;
+    xs_dict *msg = xs_dict_get(req, "p_vars");
+    xs *cmd      = xs_replace(q_path, "/oauth", "");
+
+    printf("oauth: %s\n", q_path);
+
     if (strcmp(cmd, "/token") == 0) {
         const char *gtype = xs_dict_get(msg, "grant_type");
         const char *code  = xs_dict_get(msg, "code");
@@ -39,10 +86,11 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
         const char *scope = xs_dict_get(msg, "scope");
 
         if (gtype && code && cid && csec && ruri) {
-            xs *rsp = xs_dict_new();
-            xs *cat = xs_number_new(time(NULL));
+            xs *rsp   = xs_dict_new();
+            xs *cat   = xs_number_new(time(NULL));
+            xs *token = random_str();
 
-            rsp = xs_dict_append(rsp, "access_token", "abcde");
+            rsp = xs_dict_append(rsp, "access_token", token);
             rsp = xs_dict_append(rsp, "token_type",   "Bearer");
             rsp = xs_dict_append(rsp, "scope",        scope);
             rsp = xs_dict_append(rsp, "created_at",   cat);
@@ -56,13 +104,25 @@ int oauth_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
     }
     else
     if (strcmp(cmd, "/revoke") == 0) {
+        const char *cid   = xs_dict_get(msg, "client_id");
+        const char *csec  = xs_dict_get(msg, "client_secret");
+        const char *token = xs_dict_get(msg, "token");
+
+        if (cid && csec && token) {
+            *body  = xs_str_new("{}");
+            *ctype = "application/json";
+            status = 200;
+        }
+        else
+            status = 400;
     }
 
     return status;
 }
 
 
-int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
+int mastoapi_post_handler(const xs_dict *req, const char *q_path,
+                      const char *payload, int p_size,
                       char **body, int *b_size, char **ctype)
 {
     if (!xs_startswith(q_path, "/api/v1/"))
@@ -96,15 +156,18 @@ int mastoapi_post_handler(xs_dict *req, char *q_path, char *payload, int p_size,
         const char *ruri = xs_dict_get(msg, "redirect_uris");
 
         if (name && ruri) {
-            xs *app = xs_dict_new();
-            xs *id  = xs_replace_i(tid(0), ".", "");
-
-            app = xs_dict_append(app, "name", name);
-            app = xs_dict_append(app, "redirect_uri", ruri);
-            app = xs_dict_append(app, "client_id", "abcde");
-            app = xs_dict_append(app, "client_secret", "abcde");
-            app = xs_dict_append(app, "vapid_key", "abcde");
-            app = xs_dict_append(app, "id", id);
+            xs *app  = xs_dict_new();
+            xs *id   = xs_replace_i(tid(0), ".", "");
+            xs *cid  = random_str();
+            xs *csec = random_str();
+            xs *vkey = random_str();
+
+            app = xs_dict_append(app, "name",          name);
+            app = xs_dict_append(app, "redirect_uri",  ruri);
+            app = xs_dict_append(app, "client_id",     cid);
+            app = xs_dict_append(app, "client_secret", csec);
+            app = xs_dict_append(app, "vapid_key",     vkey);
+            app = xs_dict_append(app, "id",            id);
 
             *body  = xs_json_dumps_pp(app, 4);
             *ctype = "application/json";