diff options
| author | Hazelnoot <acomputerdog@gmail.com> | 2025-05-06 13:08:40 -0400 |
|---|---|---|
| committer | Hazelnoot <acomputerdog@gmail.com> | 2025-05-08 11:23:20 -0400 |
| commit | 7cd181df71ebac46c1c6a0ffb00ad81f82b62f3a (patch) | |
| tree | 3c71d51abe1d0d6ee9191fdc61f67aa037e37757 /packages/backend/src/server/api | |
| parent | temporary: add recursive error handler to MastodonApiServerService.ts (diff) | |
| download | sharkey-7cd181df71ebac46c1c6a0ffb00ad81f82b62f3a.tar.gz sharkey-7cd181df71ebac46c1c6a0ffb00ad81f82b62f3a.tar.bz2 sharkey-7cd181df71ebac46c1c6a0ffb00ad81f82b62f3a.zip | |
improve type checks in POST /api/v1/apps endpoint
Diffstat (limited to 'packages/backend/src/server/api')
| -rw-r--r-- | packages/backend/src/server/api/mastodon/endpoints/apps.ts | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/packages/backend/src/server/api/mastodon/endpoints/apps.ts b/packages/backend/src/server/api/mastodon/endpoints/apps.ts index ec08600e53..aae6103146 100644 --- a/packages/backend/src/server/api/mastodon/endpoints/apps.ts +++ b/packages/backend/src/server/api/mastodon/endpoints/apps.ts @@ -47,9 +47,9 @@ const writeScope = [ export interface AuthPayload { scopes?: string | string[], - redirect_uris?: string, - client_name?: string, - website?: string, + redirect_uris?: string | string[], + client_name?: string | string[], + website?: string | string[], } // Not entirely right, but it gets TypeScript to work so *shrug* @@ -66,7 +66,10 @@ export class ApiAppsMastodon { const body = _request.body ?? _request.query; if (!body.scopes) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "scopes"' }); if (!body.redirect_uris) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "redirect_uris"' }); + if (Array.isArray(body.redirect_uris)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "redirect_uris": only one value is allowed' }); if (!body.client_name) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Missing required payload "client_name"' }); + if (Array.isArray(body.client_name)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "client_name": only one value is allowed' }); + if (Array.isArray(body.website)) return reply.code(400).send({ error: 'BAD_REQUEST', error_description: 'Invalid payload "website": only one value is allowed' }); let scope = body.scopes; if (typeof scope === 'string') { @@ -87,12 +90,10 @@ export class ApiAppsMastodon { } } - const red = body.redirect_uris; - const client = this.clientService.getClient(_request); const appData = await client.registerApp(body.client_name, { scopes: Array.from(pushScope), - redirect_uris: red, + redirect_uri: body.redirect_uris, website: body.website, }); @@ -100,7 +101,7 @@ export class ApiAppsMastodon { id: Math.floor(Math.random() * 100).toString(), name: appData.name, website: body.website, - redirect_uri: red, + redirect_uri: body.redirect_uris, client_id: Buffer.from(appData.url || '').toString('base64'), client_secret: appData.clientSecret, }; |