Conversation
github-actions
bot
added
packages/backend
Codecov Report
@@ Coverage Diff @@
## develop #11053 +/- ##
===========================================
- Coverage 78.58% 77.86% -0.72%
===========================================
Files 918 921 +3
Lines 97212 93229 -3983
Branches 7751 7836 +85
===========================================
- Hits 76390 72595 -3795
+ Misses 20822 20634 -188
|
saschanaz
commented
Jun 28, 2023
Member
Author
draftとready for review間の変更を続けたら全リビュアーにリクエストできるってこと?! |
Member
|
サンプルOAuthクライアント作って試してみる |
Member
|
知識がOAuth1.0で止まっているのとOAuth自体長らく触ってなかったから難航してる |
Member
|
NodejsのOAuth2.0クライアントについて調べると高確率でexpressとか出てくるんだけどクライアントにWebサーバーって必須じゃないよね?(このPRのものでは必須かもしれないけど) |
Contributor
|
ミリしらだけどリダイレクト先が必要=Webサーバーが必要なのでは |
Member
|
今までOAuthクライアント作ってたときわざわざWebサーバー建ててた記憶がない |
Member
|
でもリダイレクト必要なら建てるしかないか |
Member
|
例えば PC のネイティブアプリだとlocalhost にリダイレクト張りがち |
Member
Author
カスタムスキーマ使えるので必修ではありません(このPRでは必要ですが適当にGitHub Pagesとか使っていいと思います) |
Member
Author
|
カスタムスキーマのサポートはまだないと言いましたが実は問題なかったので説明を直しました(でもテストはちょっと混乱)
|
Member
Author
|
テスト用クライアントです (ローカルサーバーえのアクセスのためにクライアント側で import { AuthorizationCode } from 'simple-oauth2';
import pkceChallenge from 'pkce-challenge';
import Fastify from 'fastify';
const { code_challenge, code_verifier } = pkceChallenge.default(128);
const host = 'https://misskey.local';
const client = new AuthorizationCode({
client: {
id: 'http://localhost:3000/',
},
auth: {
tokenHost: host,
tokenPath: '/oauth/token',
authorizePath: '/oauth/authorize',
},
options: {
authorizationMethod: 'body',
},
});
const redirect_uri = 'http://localhost:3000/redirect';
console.log('Open this URL in your browser:', client.authorizeURL({
redirect_uri,
scope: 'write:notes',
state: 'state',
code_challenge,
code_challenge_method: 'S256',
}));
const fastify = Fastify();
let resolve;
let reject;
const promise = new Promise((res, rej) => {
resolve = res;
reject = rej;
});
fastify.get('/', async (request, reply) => {
reply.send(`
<!DOCTYPE html>
<link rel='redirect_uri' href='/redirect'>
<div class='h-app'><a href='/' class='p-name'>Misklient
`)
});
fastify.get('/redirect', async (request, reply) => {
if (request.query.error) {
reject(request.query.error);
return;
}
if (!request.query.code) {
reject('??');
return;
}
resolve(request.query.code);
});
fastify.listen({ port: 3000, host: '0.0.0.0' });
const code = await promise;
await fastify.close();
const token = await client.getToken({
code,
redirect_uri,
code_verifier,
});
const response = await fetch(new URL('api/notes/create', host), {
method: 'POST',
headers: {
Authorization: `Bearer ${token.token.access_token}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
text: 'oauth works!'
})
});
if (!response.ok) {
console.error(await response.json());
process.exit(1);
}
const id = (await response.json()).createdNote.id;
console.log('Successfully posted a note via OAuth!', new URL(`notes/${id}`, host).toString()); |
5 tasks
* refactor(backend): use @types/oauth2orize-pkce * Update package.json * Update pnpm-lock.yaml --------- Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
Member
|
fastifyExpress って使ってる? |
Member
Author
oauth2orizeに必要でして使ってます |
Member
|
👍👍👍 |
EbiseLutica
pushed a commit
to shrimpia/misskey
that referenced
this pull request
Jul 31, 2023
* feat(backend): support OAuth 2.0 authorization * secureRndstr fix * nanndekowareta * nanndekowareta2 * nanndekowareta3 * unref? * refactor to not close fastify * use microformats-parser * Update OAuth2ProviderService.ts * clarify the reason behind dns lookup * refactor(backend): use @types/oauth2orize-pkce (misskey-dev#11350) * refactor(backend): use @types/oauth2orize-pkce * Update package.json * Update pnpm-lock.yaml --------- Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com> --------- Co-authored-by: mtgto <hogerappa@gmail.com> Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Fixes #8262
Why
要望が多いそうです
Additional info (optional)
client_idのURLからアプリ情報を取得する。というわけでウェブページを持つ必要がある(そのページでローカルスキーマのredirect_urlを指定できる)code_challenge)機能が要求されるChecklist