From cd13fe46e2ed0c976c10b846fa075e0ee2502fc2 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Thu, 30 May 2019 00:54:11 +0000
Subject: [PATCH] mastodon api: return a fake application object for blocked
 apps

---
 config/config.exs                                     |  5 ++++-
 docs/config.md                                        |  1 +
 .../web/mastodon_api/mastodon_api_controller.ex       | 11 +++++++++++
 lib/pleroma/web/mastodon_api/views/app_view.ex        | 11 +++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/config/config.exs b/config/config.exs
index 68168b279..7c72b0d12 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -482,7 +482,10 @@ config :pleroma, :oauth2,
   token_expires_in: 600,
   issue_new_refresh_token: true,
   clean_expired_tokens: false,
-  clean_expired_tokens_interval: 86_400_000
+  clean_expired_tokens_interval: 86_400_000,
+  application_blocks: [
+    ~r/Tootdon/s
+  ]
 
 config :pleroma, :database, rum_enabled: false
 
diff --git a/docs/config.md b/docs/config.md
index 67b062fe9..579c2095e 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -555,6 +555,7 @@ Configure OAuth 2 provider capabilities:
 * `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
 * `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
 * `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours).
+* `application_blocks` - A list of applications that should be blocked (regular expressions).  This setting should not be modified unless you know what you're doing.
 
 ## :emoji
 * `shortcode_globs`: Location of custom emoji files. `*` can be used as a wildcard. Example `["/emoji/custom/**/*.png"]`
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 2110027c3..f20dbb4d5 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -70,10 +70,21 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
 
     with cs <- App.register_changeset(%App{}, app_attrs),
          false <- cs.changes[:client_name] == @local_mastodon_name,
+         blocks <- Config.get([:oauth2, :application_blocks]),
+         {:blocked, false} <-
+           {:blocked,
+            true in Enum.map(blocks, fn block ->
+              String.match?(cs.changes[:client_name], block)
+            end)},
          {:ok, app} <- Repo.insert(cs) do
       conn
       |> put_view(AppView)
       |> render("show.json", %{app: app})
+    else
+      {:blocked, true} ->
+        conn
+        |> put_view(AppView)
+        |> render("show.json", %{app: nil})
     end
   end
 
diff --git a/lib/pleroma/web/mastodon_api/views/app_view.ex b/lib/pleroma/web/mastodon_api/views/app_view.ex
index f52b693a6..5ba1c193a 100644
--- a/lib/pleroma/web/mastodon_api/views/app_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/app_view.ex
@@ -23,6 +23,17 @@ defmodule Pleroma.Web.MastodonAPI.AppView do
     |> with_vapid_key()
   end
 
+  def render("show.json", %{app: nil}) do
+    %{
+      id: "0",
+      name: "Blocked Application",
+      client_id: "pleroma:blocked",
+      client_secret: "pleroma:blocked",
+      redirect_uri: "pleroma:blocked",
+      website: "pleroma:blocked"
+    }
+  end
+
   def render("short.json", %{app: %App{website: webiste, client_name: name}}) do
     %{
       name: name,