summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/web/mastodon_api/controllers/app_controller.ex2
-rw-r--r--lib/pleroma/web/o_auth/app.ex26
-rw-r--r--lib/pleroma/web/o_auth/o_auth_controller.ex2
-rw-r--r--lib/pleroma/workers/cron/app_cleanup_worker.ex21
4 files changed, 51 insertions, 0 deletions
diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
index 844673ae0..6cfeb712e 100644
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@@ -19,6 +19,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
+ plug(Pleroma.Web.Plugs.RateLimiter, [name: :oauth_app_creation] when action == :create)
+
plug(:skip_auth when action in [:create, :verify_credentials])
plug(Pleroma.Web.ApiSpec.CastAndValidate)
diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex
index d1bf6dd18..7661c2566 100644
--- a/lib/pleroma/web/o_auth/app.ex
+++ b/lib/pleroma/web/o_auth/app.ex
@@ -8,6 +8,7 @@ defmodule Pleroma.Web.OAuth.App do
import Ecto.Query
alias Pleroma.Repo
alias Pleroma.User
+ alias Pleroma.Web.OAuth.Token
@type t :: %__MODULE__{}
@@ -155,4 +156,29 @@ defmodule Pleroma.Web.OAuth.App do
Map.put(acc, key, error)
end)
end
+
+ @spec maybe_update_owner(Token.t()) :: :ok
+ def maybe_update_owner(%Token{app_id: app_id, user_id: user_id}) when not is_nil(user_id) do
+ __MODULE__.update(app_id, %{user_id: user_id})
+
+ :ok
+ end
+
+ def maybe_update_owner(_), do: :ok
+
+ @spec remove_orphans(pos_integer()) :: :ok
+ def remove_orphans(limit \\ 100) do
+ fifteen_mins_ago = DateTime.add(DateTime.utc_now(), -900, :second)
+
+ Repo.transaction(fn ->
+ from(a in __MODULE__,
+ where: is_nil(a.user_id) and a.inserted_at < ^fifteen_mins_ago,
+ limit: ^limit
+ )
+ |> Repo.all()
+ |> Enum.each(&Repo.delete(&1))
+ end)
+
+ :ok
+ end
end
diff --git a/lib/pleroma/web/o_auth/o_auth_controller.ex b/lib/pleroma/web/o_auth/o_auth_controller.ex
index 47b03215f..0b3de5481 100644
--- a/lib/pleroma/web/o_auth/o_auth_controller.ex
+++ b/lib/pleroma/web/o_auth/o_auth_controller.ex
@@ -318,6 +318,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
def token_exchange(%Plug.Conn{} = conn, params), do: bad_request(conn, params)
def after_token_exchange(%Plug.Conn{} = conn, %{token: token} = view_params) do
+ App.maybe_update_owner(token)
+
conn
|> AuthHelper.put_session_token(token.token)
|> json(OAuthView.render("token.json", view_params))
diff --git a/lib/pleroma/workers/cron/app_cleanup_worker.ex b/lib/pleroma/workers/cron/app_cleanup_worker.ex
new file mode 100644
index 000000000..ee71cd7b6
--- /dev/null
+++ b/lib/pleroma/workers/cron/app_cleanup_worker.ex
@@ -0,0 +1,21 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Workers.Cron.AppCleanupWorker do
+ @moduledoc """
+ Cleans up registered apps that were never associated with a user.
+ """
+
+ use Oban.Worker, queue: "background"
+
+ alias Pleroma.Web.OAuth.App
+
+ @impl true
+ def perform(_job) do
+ App.remove_orphans()
+ end
+
+ @impl true
+ def timeout(_job), do: :timer.seconds(30)
+end
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 06:57:49 +0000