comparing ae1d95bfe6ff3a39390309504d54dc18b96d5814 and main on veryroundbird.house/smallbird-social

+73 -72

index.php

···

       19
       19
        
       use Matrix\Async;

     

       20
       20
        
       use GuzzleHttp\Psr7\HttpFactory;

     

       21
       21
        
       use chillerlan\OAuth\OAuthOptions;

     

       22
       22
       +
       use chillerlan\OAuth\Storage\SessionStorage;

     

       22
       23
        
       use DateTimeImmutable;

     

       23
       24
        
       use Lcobucci\JWT\Token\Builder;

     

       24
       25
        
       use Lcobucci\JWT\Encoding\ChainedFormatter;

     
···

       27
       28
        
       use Lcobucci\JWT\Signer\Ecdsa\Sha256;

     

       28
       29
        
       use Smallnest\Bsky\BskyProvider;

     

       29
       30
        
       

     

       31
       31
       +
       session_start();

     

       30
       32
        
       $bskyToucher = new BskyToucher();

     

       31
       33
        
       

     

       32
       34
        
       $favoriteFeeds = array_map(function ($feed) use ($bskyToucher) {

     
···

       65
       67
        
       Flight::set('publicApi', PUBLIC_API);

     

       66
       68
        
       Flight::set('frontpageFeed', FRONTPAGE_FEED);

     

       67
       69
        
       Flight::set('defaultRelay', DEFAULT_RELAY);

     

       68
       68
       -
       Flight::set('userAuth', null);

     

       70
       70
       +
       Flight::set('userAuth', array_key_exists('sbs_'.SITE_DOMAIN, $_SESSION) ? $_SESSION['sbs_'.SITE_DOMAIN] : null);

     

       71
       71
       +
       Flight::set('userPds', array_key_exists('sbs_'.SITE_DOMAIN.'_pds', $_SESSION) ? $_SESSION['sbs_'.SITE_DOMAIN.'_pds'] : null);

     

       72
       72
       +
       Flight::set('userInfo', array_key_exists('sbs_'.SITE_DOMAIN.'_userinfo', $_SESSION) ? $_SESSION['sbs_'.SITE_DOMAIN.'_userinfo'] : null);

     

       69
       73
        
       Flight::set('flight.log_errors', false);

     

       70
       74
        
       Flight::set('flight.handle_errors', false);

     

       71
       75
        
       Flight::set('flight.content_length', false);

     
···

       77
       81
        
         'setTheme' => array_key_exists('sbs_theme', $_COOKIE) ? $_COOKIE['sbs_theme'] : DEFAULT_THEME,

     

       78
       82
        
         'setFont' => array_key_exists('sbs_font', $_COOKIE) ? $_COOKIE['sbs_font'] : DEFAULT_FONT,

     

       79
       83
        
         'userAuth' => Flight::get('userAuth'),

     

       84
       84
       +
         'userPds' => Flight::get('userPds'),

     

       85
       85
       +
         'userInfo' => Flight::Get('userInfo'),

     

       80
       86
        
         'favFeeds' => $favoriteFeeds,

     

       81
       87
        
         'pages' => PAGES,

     

       82
       88
        
         'links' => LINKS,

     
···

       176
       182
        
       });

     

       177
       183
        
       

     

       178
       184
        
       Flight::route('/login', function(): void {

     

       179
       179
       -
         if (!array_key_exists('username', $_GET)) {

     

       185
       185
       +
         if (isset($_GET['username'])) {

     

       186
       186
       +
         $username = $_GET['username'];

     

       187
       187
       +
           $bskyToucher = new BskyToucher();

     

       188
       188
       +
           $userInfo = $bskyToucher->getUserInfo($username);

     

       189
       189
       +
           if (!$userInfo) die(1);

     

       190
       190
       +
           $pds = $userInfo->pds;

     

       191
       191
       +
           $options = new OAuthOptions([

     

       192
       192
       +
             'key'          => 'https://'.SITE_DOMAIN.CLIENT_ID,

     

       193
       193
       +
             'secret'       => CLIENT_SECRET,

     

       194
       194
       +
             'callbackURL'  => 'https://'.SITE_DOMAIN.'/login',

     

       195
       195
       +
             'sessionStart' => true,

     

       196
       196
       +
             'sessionStorageVar' => 'sbs_'.SITE_DOMAIN

     

       197
       197
       +
           ]);

     

       198
       198
       +
           $storage = new SessionStorage($options);

     

       199
       199
       +
           $connector = new React\Socket\Connector([

     

       200
       200
       +
             'dns' => '1.1.1.1'

     

       201
       201
       +
           ]);

     

       202
       202
       +
           $http = new React\Http\Browser($connector);

     

       203
       203
       +
           $httpFactory = new HttpFactory();

     

       204
       204
       +
           $token_builder = Builder::new(new JoseEncoder(), ChainedFormatter::default());

     

       205
       205
       +
           $algorithm    = new Sha256();

     

       206
       206
       +
           $signing_key   = InMemory::file(CERT_PATH);

     

       207
       207
       +
           $now   = new DateTimeImmutable();

     

       208
       208
       +
           $token = $token_builder

     

       209
       209
       +
             ->withHeader('alg', 'ES256')

     

       210
       210
       +
             ->withHeader('typ', 'JWT')

     

       211
       211
       +
             ->withHeader('kid', 'ocwgKj_O7H9at1sL6yWf9ZZ82NOM7D0xlN8HGIyWH6M')

     

       212
       212
       +
             ->issuedBy('https://'.SITE_DOMAIN.CLIENT_ID)

     

       213
       213
       +
             ->identifiedBy(uniqid())

     

       214
       214
       +
             ->relatedTo('https://'.SITE_DOMAIN.CLIENT_ID)

     

       215
       215
       +
             ->permittedFor($pds)

     

       216
       216
       +
             ->issuedAt($now->modify('-5 seconds'))

     

       217
       217
       +
             ->getToken($algorithm, $signing_key);

     

       218
       218
       +
           $client = new GuzzleHttp\Client([

     

       219
       219
       +
             'verify' => true,

     

       220
       220
       +
             'headers' => [

     

       221
       221
       +
               'User-Agent' => USER_AGENT_STR,

     

       222
       222
       +
               'Authorization' => 'Bearer: '.$token->toString()

     

       223
       223
       +
             ]

     

       224
       224
       +
           ]);

     

       225
       225
       +
           $provider = new BskyProvider($options, $client, $httpFactory, $httpFactory, $httpFactory);

     

       226
       226
       +
           $provider->setPds($pds);

     

       227
       227
       +
           $name = $provider->getName();

     

       228
       228
       +
           if (isset($_GET['login']) && $_GET['login'] === $name) {

     

       229
       229
       +
             $auth_url = $provider->getAuthorizationUrl([

     

       230
       230
       +
               'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',

     

       231
       231
       +
               'client_assertion' => $token->toString()

     

       232
       232
       +
             ]);

     

       233
       233
       +
             Flight::redirect($auth_url);

     

       234
       234
       +
             die(1);

     

       235
       235
       +
           } else if (isset($_GET['code'], $_GET['iss'])) {

     

       236
       236
       +
             $storage->storeAccessToken($_GET['code'], $name);

     

       237
       237
       +
             $_SESSION['sbs_'.SITE_DOMAIN.'_pds'] = $_GET['iss'];

     

       238
       238
       +
             $_SESSION['sbs_'.SITE_DOMAIN.'_userinfo'] = $bskyToucher->getUserInfo();

     

       239
       239
       +
             Flight::redirect('/');

     

       240
       240
       +
             die(1);

     

       241
       241
       +
           } else if (isset($_GET['error'])) {

     

       242
       242
       +
             die(1);

     

       243
       243
       +
           }

     

       244
       244
       +
         } else {

     

       180
       245
        
           $latte = new Latte\Engine;

     

       181
       246
        
           $latte->render('./templates/login.latte', array_merge(Flight::get('standardParams'), [

     

       182
       247
        
             'mainClass' => 'form',

     
···

       185
       250
        
             'ogimage' => '',

     

       186
       251
        
             'ogurl' => 'https://'.SITE_DOMAIN.'/login'

     

       187
       252
        
           ]));

     

       188
       188
       -
           die(1);

     

       189
       253
        
         }

     

       190
       190
       -
         $username = $_GET['username'];

     

       191
       191
       -
         $bskyToucher = new BskyToucher();

     

       192
       192
       -
         $userInfo = $bskyToucher->getUserInfo($username);

     

       193
       193
       -
         if (!$userInfo) die(1);

     

       194
       194
       -
         $pds = $userInfo->pds;

     

       195
       195
       -
         $options = new OAuthOptions([

     

       196
       196
       -
         	'key'          => 'https://'.SITE_DOMAIN.CLIENT_ID,

     

       197
       197
       -
         	'secret'       => CLIENT_SECRET,

     

       198
       198
       -
         	'callbackURL'  => 'http://127.0.0.1/login',

     

       199
       199
       -
         	'sessionStart' => true,

     

       200
       200
       -
         ]);

     

       201
       201
       -
         $connector = new React\Socket\Connector([

     

       202
       202
       -
           'dns' => '1.1.1.1'

     

       203
       203
       -
         ]);

     

       204
       204
       -
         $http = new React\Http\Browser($connector);

     

       205
       205
       -
         $httpFactory = new HttpFactory();

     

       206
       206
       -
         $token_builder = Builder::new(new JoseEncoder(), ChainedFormatter::default());

     

       207
       207
       -
         $algorithm    = new Sha256();

     

       208
       208
       -
         $signing_key   = InMemory::file(CERT_PATH);

     

       209
       209
       -
         $now   = new DateTimeImmutable();

     

       210
       210
       -
         $token = $token_builder

     

       211
       211
       -
           ->withHeader('alg', 'ES256')

     

       212
       212
       -
           ->withHeader('typ', 'JWT')

     

       213
       213
       -
           ->issuedBy($userInfo->did)

     

       214
       214
       -
           ->relatedTo('https://'.SITE_DOMAIN.CLIENT_ID)

     

       215
       215
       -
           ->permittedFor('did:web:'.str_replace("/", "", str_replace("https://", "", $pds)))

     

       216
       216
       -
           ->issuedAt($now)

     

       217
       217
       -
           ->getToken($algorithm, $signing_key);

     

       218
       218
       -
         $client = new GuzzleHttp\Client([

     

       219
       219
       -
           'verify' => true,

     

       220
       220
       -
           'headers' => [

     

       221
       221
       -
             'User-Agent' => USER_AGENT_STR,

     

       222
       222
       -
             'Authorization' => 'Bearer: '.$token->toString()

     

       223
       223
       -
           ]

     

       224
       224
       -
         ]);

     

       225
       225
       -
         $provider = new BskyProvider($options, $client, $httpFactory, $httpFactory, $httpFactory);

     

       226
       226
       -
         $provider->setPds($pds);

     

       227
       227
       -
         $name = $provider->getName();

     

       228
       228
       -
         

     

       229
       229
       -
         if (isset($_GET['login']) && $_GET['login'] === $name) {

     

       230
       230
       -
           $auth_url = $provider->getAuthorizationUrl([

     

       231
       231
       -
             'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',

     

       232
       232
       -
             'client_assertion' => $token->toString()

     

       233
       233
       -
           ]);

     

       234
       234
       -
           header('Location: '.$auth_url);

     

       235
       235
       -
           die(1);

     

       236
       236
       -
         } else if (isset($_GET['code'], $_GET['state'])) {

     

       237
       237
       -
           $token = $provider->getAccessToken($_GET['code'], $_GET['state']);

     

       254
       254
       +
       });

     

       238
       255
        
       

     

       239
       239
       -
         	// save the token in a permanent storage

     

       240
       240
       -
         	// [...]

     

       241
       241
       -
       

     

       242
       242
       -
         	// access granted, redirect

     

       243
       243
       -
         	header('Location: ?granted='.$name);

     

       244
       244
       -
           die(1);

     

       245
       245
       -
         } else if (isset($_GET['granted']) && $_GET['granted'] === $name) {

     

       246
       246
       -
           die(1);

     

       247
       247
       -
         } else if (isset($_GET['error'])) {

     

       248
       248
       -
           die(1);

     

       249
       249
       -
         }

     

       250
       250
       -
         $latte = new Latte\Engine;

     

       251
       251
       -
         $latte->render('./templates/login.latte', array_merge(Flight::get('standardParams'), [

     

       252
       252
       -
           'mainClass' => 'form',

     

       253
       253
       -
           'ogtitle' => SITE_TITLE." | login",

     

       254
       254
       -
           'ogdesc' => SITE_DESC,

     

       255
       255
       -
           'ogimage' => '',

     

       256
       256
       -
           'ogurl' => 'https://'.SITE_DOMAIN.'/login'

     

       257
       257
       -
         ]));

     

       256
       256
       +
       Flight::route('/logout', function(): void {

     

       257
       257
       +
         unset($_SESSION['sbs_'.SITE_DOMAIN]);

     

       258
       258
       +
         unset($_SESSION['sbs_'.SITE_DOMAIN.'_pds']);

     

       259
       259
       +
         unset($_SESSION['sbs_'.SITE_DOMAIN.'_userinfo']);

     

       260
       260
       +
         Flight::redirect('/');

     

       258
       261
        
       });

     

       259
       259
       -
       

     

       260
       260
       -
       // https://shimaenaga.veryroundbird.house/oauth/authorize?client_id=https%3A%2F%2Ftangled.org%2Foauth%2Fclient-metadata.json&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3Areq-2399ff42af66498132ebf8de809254b7

     

       261
       262
        
       

     

       262
       263
        
       Flight::route('/createaccount', function(): void {

     

       263
       264
        
         $latte = new Latte\Engine;

+40 -2

lib/bskyProvider.php

···

       6
       6
        
       

     

       7
       7
        
       use chillerlan\OAuth\Core\OAuth2Interface;

     

       8
       8
        
       use chillerlan\OAuth\Core\OAuth2Provider;

     

       9
       9
       -
       use chillerlan\OAuth\Core\PARTrait;

     

       10
       9
        
       use chillerlan\OAuth\Core\PKCETrait;

     

       11
       10
        
       use chillerlan\OAuth\OAuthOptions;

     

       12
       11
        
       use chillerlan\OAuth\Storage\SessionStorage;

     

       12
       12
       +
       use chillerlan\HTTP\Utils\MessageUtil;

     

       13
       13
       +
       use chillerlan\HTTP\Utils\QueryUtil;

     

       14
       14
       +
       use chillerlan\OAuth\Providers\ProviderException;

     

       13
       15
        
       use GuzzleHttp\Client;

     

       14
       16
        
       use GuzzleHttp\Psr7\HttpFactory;

     

       17
       17
       +
       use Psr\Http\Message\UriInterface;

     

       18
       18
       +
       use function sprintf;

     

       15
       19
        
       

     

       16
       20
        
       class BskyProvider extends OAuth2Provider implements \chillerlan\OAuth\Core\PAR, \chillerlan\OAuth\Core\PKCE {

     

       17
       17
       -
         use \chillerlan\OAuth\Core\PARTrait;

     

       18
       21
        
         use \chillerlan\OAuth\Core\PKCETrait;

     

       19
       22
        
         

     

       20
       23
        
       	public const IDENTIFIER               = 'BSKYPROVIDER';

     
···

       52
       55
        
           $this->parAuthorizationURL = (string)$pds->withPath('/oauth/par');

     

       53
       56
        
           

     

       54
       57
        
       		return $this;

     

       58
       58
       +
       	}

     

       59
       59
       +
         

     

       60
       60
       +
       	public function getParRequestUri(array $body):UriInterface{

     

       61
       61
       +
       		// send the request with the same method and parameters as the token requests

     

       62
       62
       +
       		// @link https://datatracker.ietf.org/doc/html/rfc9126#name-request

     

       63
       63
       +
       		$response = $this->sendAccessTokenRequest($this->parAuthorizationURL, $body);

     

       64
       64
       +
       		$status   = $response->getStatusCode();

     

       65
       65
       +
       		$json     = MessageUtil::decodeJSON($response, true);

     

       66
       66
       +
       

     

       67
       67
       +
       		// something went horribly wrong

     

       68
       68
       +
       		if($status !== 201){

     

       69
       69
       +
       

     

       70
       70
       +
       			// @link https://datatracker.ietf.org/doc/html/rfc9126#section-2.3

     

       71
       71
       +
       			if(isset($json['error'], $json['error_description'])){

     

       72
       72
       +
       				throw new ProviderException(sprintf('PAR error: "%s" (%s)', $json['error'], $json['error_description']));

     

       73
       73
       +
       			}

     

       74
       74
       +
       

     

       75
       75
       +
       			throw new ProviderException(sprintf('PAR request error: (HTTP/%s)', $status)); // @codeCoverageIgnore

     

       76
       76
       +
       		}

     

       77
       77
       +
       

     

       78
       78
       +
       		$url = QueryUtil::merge($this->authorizationURL, $this->getParAuthorizationURLRequestParams($json));

     

       79
       79
       +
       

     

       80
       80
       +
       		return $this->uriFactory->createUri($url);

     

       81
       81
       +
       	}

     

       82
       82
       +
         

     

       83
       83
       +
       	protected function getParAuthorizationURLRequestParams(array $response):array{

     

       84
       84
       +
       

     

       85
       85
       +
       		if(!isset($response['request_uri'])){

     

       86
       86
       +
       			throw new ProviderException('PAR response error: "request_uri" missing');

     

       87
       87
       +
       		}

     

       88
       88
       +
       

     

       89
       89
       +
       		return [

     

       90
       90
       +
       			'client_id'   => $this->options->key,

     

       91
       91
       +
       			'request_uri' => $response['request_uri'],

     

       92
       92
       +
       		];

     

       55
       93
        
       	}

     

       56
       94
        
       }

     

       57
       95
        
       ?>

lib/bskyToucher.php

···

       25
       25
        
       use Psr\Http\Message\RequestInterface;

     

       26
       26
        
       use Psr\Http\Message\ResponseInterface;

     

       27
       27
        
       use Fusonic\OpenGraph\Consumer;

     

       28
       28
       +
       use chillerlan\OAuth\Storage\SessionStorage;

     

       28
       29
        
       

     

       29
       30
        
       class BskyToucher {

     

       30
       31
        
         private $bskyApiBase = 'https://public.api.bsky.app/xrpc/';

+2 -1

templates/_partials/nav.latte

···

       1
       1
        
       <nav>

     

       2
       2
        
         <ul>

     

       3
       3
        
           {if $userAuth}

     

       4
       4
       +
             <li><a href="/u/{$userInfo->handle}">profile</a></li>

     

       4
       5
        
             <li><a href="/settings">settings</a></li>

     

       5
       5
       -
             <li><a href="#">log out</a></li>

     

       6
       6
       +
             <li><a href="/logout">log out</a></li>

     

       6
       7
        
           {else}

     

       7
       8
        
             <li><a href="/createaccount">create</a></li>

     

       8
       9
        
             <li><a href="/login">log in</a></li>

templates/layout.latte

···

       24
       24
        
           data-theme="{$setTheme}"

     

       25
       25
        
           data-font="{$setFont}"

     

       26
       26
        
         >

     

       27
       27
       +
           <!--

     

       28
       28
       +
             {print_r($_SESSION)}

     

       29
       29
       +
             {print_r(PHP_SESSION_DISABLED)}

     

       30
       30
       +
           -->

     

       27
       31
        
           <div id="page">

     

       28
       32
        
             <header>

     

       29
       33
        
               <h1><a href="/">{include '_partials/logo.latte'}{$siteTitle}</a></h1>

vendor/chillerlan/php-oauth/src/Core/PARTrait.php

···

       41
       41
        
       

     

       42
       42
        
       		// something went horribly wrong

     

       43
       43
        
       		if($status !== 200){

     

       44
       44
       +
             print_r($json);

     

       44
       45
        
       

     

       45
       46
        
       			// @link https://datatracker.ietf.org/doc/html/rfc9126#section-2.3

     

       46
       47
        
       			if(isset($json['error'], $json['error_description'])){

Compare changes