OAuth form improvements, support NIP-07
This commit is contained in:
parent
5f296bcad1
commit
8f65939f1c
|
@ -1,4 +1,4 @@
|
||||||
import { z } from '@/deps.ts';
|
import { lodash, nip19, nip21, z } from '@/deps.ts';
|
||||||
import { AppController } from '@/app.ts';
|
import { AppController } from '@/app.ts';
|
||||||
import { parseBody } from '@/utils.ts';
|
import { parseBody } from '@/utils.ts';
|
||||||
|
|
||||||
|
@ -48,26 +48,32 @@ const oauthController: AppController = (c) => {
|
||||||
|
|
||||||
const redirectUri = decodeURIComponent(encodedUri);
|
const redirectUri = decodeURIComponent(encodedUri);
|
||||||
|
|
||||||
// Poor man's XSS check.
|
c.res.headers.set(
|
||||||
// TODO: Render form with JSX.
|
'content-security-policy',
|
||||||
try {
|
'default-src \'self\' \'sha256-m2qD6rbE2Ixbo2Bjy2dgQebcotRIAawW7zbmXItIYAM=\'',
|
||||||
new URL(redirectUri);
|
);
|
||||||
} catch (_e) {
|
|
||||||
return c.text('Invalid `redirect_uri`.', 422);
|
|
||||||
}
|
|
||||||
|
|
||||||
c.res.headers.set('content-security-policy', 'default-src \'self\'');
|
|
||||||
|
|
||||||
// TODO: Login with `window.nostr` (NIP-07).
|
|
||||||
return c.html(`<!DOCTYPE html>
|
return c.html(`<!DOCTYPE html>
|
||||||
<html>
|
<html lang="en">
|
||||||
<head>
|
<head>
|
||||||
<title>Log in with Ditto</title>
|
<title>Log in with Ditto</title>
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
|
||||||
|
<script>
|
||||||
|
window.addEventListener('load', function() {
|
||||||
|
if ('nostr' in window) {
|
||||||
|
nostr.getPublicKey().then(function(pubkey) {
|
||||||
|
document.getElementById('pubkey').value = pubkey;
|
||||||
|
document.getElementById('oauth_form').submit();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<form action="/oauth/authorize" method="post">
|
<form id="oauth_form" action="/oauth/authorize" method="post">
|
||||||
<input type="text" placeholder="npub1... or nsec1..." name="nostr_id" autocomplete="off">
|
<input type="text" placeholder="npub1... or nsec1..." name="nip19" autocomplete="off">
|
||||||
<input type="hidden" name="redirect_uri" id="redirect_uri" value="${redirectUri}" autocomplete="off">
|
<input type="hidden" name="pubkey" id="pubkey" value="">
|
||||||
|
<input type="hidden" name="redirect_uri" id="redirect_uri" value="${lodash.escape(redirectUri)}">
|
||||||
<button type="submit">Authorize</button>
|
<button type="submit">Authorize</button>
|
||||||
</form>
|
</form>
|
||||||
</body>
|
</body>
|
||||||
|
@ -75,22 +81,49 @@ const oauthController: AppController = (c) => {
|
||||||
`);
|
`);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const oauthAuthorizeSchema = z.object({
|
||||||
|
pubkey: z.string().regex(/^[0-9a-f]{64}$/).optional().catch(undefined),
|
||||||
|
nip19: z.string().regex(new RegExp(`^${nip21.BECH32_REGEX.source}$`)).optional().catch(undefined),
|
||||||
|
redirect_uri: z.string().url(),
|
||||||
|
}).superRefine((data, ctx) => {
|
||||||
|
if (!data.pubkey && !data.nip19) {
|
||||||
|
ctx.addIssue({
|
||||||
|
code: z.ZodIssueCode.custom,
|
||||||
|
message: 'Missing `pubkey` or `nip19`.',
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
const oauthAuthorizeController: AppController = async (c) => {
|
const oauthAuthorizeController: AppController = async (c) => {
|
||||||
const formData = await c.req.formData();
|
const result = oauthAuthorizeSchema.safeParse(await parseBody(c.req.raw));
|
||||||
const nostrId = formData.get('nostr_id');
|
|
||||||
const redirectUri = formData.get('redirect_uri');
|
|
||||||
|
|
||||||
if (nostrId && redirectUri) {
|
if (!result.success) {
|
||||||
const url = new URL(redirectUri.toString());
|
return c.json(result.error, 422);
|
||||||
const q = new URLSearchParams();
|
|
||||||
|
|
||||||
q.set('code', nostrId.toString());
|
|
||||||
url.search = q.toString();
|
|
||||||
|
|
||||||
return c.redirect(url.toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.text('Missing `redirect_uri` or `nostr_id`.', 422);
|
const { pubkey, nip19: nip19id, redirect_uri: redirectUri } = result.data;
|
||||||
|
|
||||||
|
if (pubkey) {
|
||||||
|
const encoded = nip19.npubEncode(pubkey!);
|
||||||
|
const url = addCodeToRedirectUri(redirectUri, encoded);
|
||||||
|
return c.redirect(url);
|
||||||
|
} else if (nip19id) {
|
||||||
|
const url = addCodeToRedirectUri(redirectUri, nip19id);
|
||||||
|
return c.redirect(url);
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.text('The Nostr ID was not provided or invalid.', 422);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/** Append the given `code` as a query param to the `redirect_uri`. */
|
||||||
|
function addCodeToRedirectUri(redirectUri: string, code: string): string {
|
||||||
|
const url = new URL(redirectUri);
|
||||||
|
const q = new URLSearchParams();
|
||||||
|
|
||||||
|
q.set('code', code);
|
||||||
|
url.search = q.toString();
|
||||||
|
|
||||||
|
return url.toString();
|
||||||
|
}
|
||||||
|
|
||||||
export { createTokenController, oauthAuthorizeController, oauthController };
|
export { createTokenController, oauthAuthorizeController, oauthController };
|
||||||
|
|
Loading…
Reference in New Issue