Software /
code /
prosody-modules
File
mod_adhoc_oauth2_client/mod_adhoc_oauth2_client.lua @ 5001:cb19cb1c03d6
mod_rest: Update for mod_tokenauth API changes (backwards-compatible)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 13 Jul 2022 11:27:44 +0100 |
parent | 4268:871d140d61bb |
child | 5260:a9c1cc91d3d6 |
line wrap: on
line source
local adhoc = require "util.adhoc"; local dataforms = require "util.dataforms"; local errors = require "util.error"; local hashes = require "util.hashes"; local id = require "util.id"; local jid = require "util.jid"; local base64 = require"util.encodings".base64; local clients = module:open_store("oauth2_clients", "map"); local iteration_count = module:get_option_number("oauth2_client_iteration_count", 10000); local pepper = module:get_option_string("oauth2_client_pepper", ""); local new_client = dataforms.new({ title = "Create OAuth2 client"; {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#create"}; {name = "name"; type = "text-single"; label = "Client name"; required = true}; {name = "description"; type = "text-multi"; label = "Description"}; {name = "info_url"; type = "text-single"; label = "Informative URL"; desc = "Link to information about your client"; datatype = "xs:anyURI"}; { name = "redirect_uri"; type = "text-single"; label = "Redirection URI"; desc = "Where to redirect the user after authorizing."; datatype = "xs:anyURI"; required = true; }; }) local client_created = dataforms.new({ title = "New OAuth2 client created"; instructions = "Save these details, they will not be shown again"; {var = "FORM_TYPE"; type = "hidden"; value = "urn:uuid:ff0d55ed-2187-4ee0-820a-ab633a911c14#created"}; {name = "client_id"; type = "text-single"; label = "Client ID"}; {name = "client_secret"; type = "text-single"; label = "Client secret"}; }) local function create_client(client, formerr, data) if formerr then local errmsg = {"Error in form:"}; for field, err in pairs(formerr) do table.insert(errmsg, field .. ": " .. err); end return {status = "error"; error = {message = table.concat(errmsg, "\n")}}; end local creator = jid.split(data.from); local client_uid = id.short(); local client_id = jid.join(creator, module.host, client_uid); local client_secret = id.long(); local salt = id.medium(); local i = iteration_count; client.secret_hash = base64.encode(hashes.pbkdf2_hmac_sha256(client_secret, salt .. pepper, i)); client.iteration_count = i; client.salt = salt; local ok, err = errors.coerce(clients:set(creator, client_uid, client)); module:log("info", "OAuth2 client %q created by %s", client_id, data.from); if not ok then return {status = "canceled"; error = {message = err}}; end return {status = "completed"; result = {layout = client_created; values = {client_id = client_id; client_secret = client_secret}}}; end local handler = adhoc.new_simple_form(new_client, create_client); module:provides("adhoc", module:require "adhoc".new(new_client.title, new_client[1].value, handler, "local_user")); -- TODO list/manage/revoke clients