mastodon api: return a fake application object for blocked apps

2019-05-30 00:54:11 +00:00 · 2019-05-30 00:54:11 +00:00 · cd13fe46e2
parent aac7c68e26
commit cd13fe46e2
4 changed files with 27 additions and 1 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -482,7 +482,10 @@ config :pleroma, :oauth2,
  token_expires_in: 600,
  issue_new_refresh_token: true,
  clean_expired_tokens: false,
-  clean_expired_tokens_interval: 86_400_000
+  clean_expired_tokens_interval: 86_400_000,
+  application_blocks: [
+    ~r/Tootdon/s
+  ]

 config :pleroma, :database, rum_enabled: false

--- a/docs/config.md
+++ b/docs/config.md
@ -555,6 +555,7 @@ Configure OAuth 2 provider capabilities:
 * `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
 * `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
 * `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours).
+* `application_blocks` - A list of applications that should be blocked (regular expressions).  This setting should not be modified unless you know what you're doing.

 ## :emoji
 * `shortcode_globs`: Location of custom emoji files. `*` can be used as a wildcard. Example `["/emoji/custom/**/*.png"]`
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -70,10 +70,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do

    with cs <- App.register_changeset(%App{}, app_attrs),
         false <- cs.changes[:client_name] == @local_mastodon_name,
+         blocks <- Config.get([:oauth2, :application_blocks]),
+         {:blocked, false} <-
+           {:blocked,
+            true in Enum.map(blocks, fn block ->
+              String.match?(cs.changes[:client_name], block)
+            end)},
         {:ok, app} <- Repo.insert(cs) do
      conn
      |> put_view(AppView)
      |> render("show.json", %{app: app})
+    else
+      {:blocked, true} ->
+        conn
+        |> put_view(AppView)
+        |> render("show.json", %{app: nil})
    end
  end

--- a/lib/pleroma/web/mastodon_api/views/app_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/app_view.ex
@ -23,6 +23,17 @@ defmodule Pleroma.Web.MastodonAPI.AppView do
    |> with_vapid_key()
  end

+  def render("show.json", %{app: nil}) do
+    %{
+      id: "0",
+      name: "Blocked Application",
+      client_id: "pleroma:blocked",
+      client_secret: "pleroma:blocked",
+      redirect_uri: "pleroma:blocked",
+      website: "pleroma:blocked"
+    }
+  end
+
  def render("short.json", %{app: %App{website: webiste, client_name: name}}) do
    %{
      name: name,