misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

improve type checks in POST /api/v1/apps endpoint

Browse source
This commit is contained in:
Hazelnoot 2025-05-06 13:08:40 -04:00
parent 317f5602fe
commit 7cd181df71
2 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

15
packages/backend/src/server/api/mastodon/endpoints/apps.ts
View file

@ -47,9 +47,9 @@ const writeScope = [
export interface AuthPayload {
scopes?: string | string[],
redirect_uris?: string,
client_name?: string,
website?: string,
redirect_uris?: string | string[],
client_name?: string | string[],
website?: string | string[],
}
// Not entirely right, but it gets TypeScript to work so *shrug*
@ -66,7 +66,10 @@ export class ApiAppsMastodon {
const body = _request.body ?? _request.query;
if (!body.scopes) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "scopes"' });
if (!body.redirect_uris) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "redirect_uris"' });
if (Array.isArray(body.redirect_uris)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "redirect_uris": only one value is allowed' });
if (!body.client_name) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "client_name"' });
if (Array.isArray(body.client_name)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "client_name": only one value is allowed' });
if (Array.isArray(body.website)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "website": only one value is allowed' });
let scope = body.scopes;
if (typeof scope === 'string') {
@ -87,12 +90,10 @@ export class ApiAppsMastodon {
}
}
const red = body.redirect_uris;
const client = this.clientService.getClient(_request);
const appData = await client.registerApp(body.client_name, {
scopes: Array.from(pushScope),
redirect_uris: red,
redirect_uri: body.redirect_uris,
website: body.website,
});
@ -100,7 +101,7 @@ export class ApiAppsMastodon {
id: Math.floor(Math.random() * 100).toString(),
name: appData.name,
website: body.website,
redirect_uri: red,
redirect_uri: body.redirect_uris,
client_id: Buffer.from(appData.url || '').toString('base64'),
client_secret: appData.clientSecret,
};