to the APIclosed-social-glitch-2
@ -1,14 +1,60 @@ | |||
Rails: | |||
Enabled: true | |||
Metrics/LineLength: | |||
Enabled: false | |||
Style/PerlBackrefs: | |||
AutoCorrect: false | |||
Style/ClassAndModuleChildren: | |||
Enabled: false | |||
Documentation: | |||
Metrics/BlockNesting: | |||
Max: 2 | |||
Metrics/LineLength: | |||
AllowURI: true | |||
Enabled: false | |||
Metrics/MethodLength: | |||
CountComments: false | |||
Max: 10 | |||
Metrics/ModuleLength: | |||
Max: 100 | |||
Metrics/ParameterLists: | |||
Max: 4 | |||
CountKeywordArgs: true | |||
Style/AccessModifierIndentation: | |||
EnforcedStyle: indent | |||
Style/CollectionMethods: | |||
Enabled: true | |||
PreferredMethods: | |||
find_all: 'select' | |||
Style/Documentation: | |||
Enabled: false | |||
Style/DoubleNegation: | |||
Enabled: false | |||
Style/FrozenStringLiteralComment: | |||
Enabled: false | |||
Style/SpaceInsideHashLiteralBraces: | |||
EnforcedStyle: space | |||
Style/TrailingCommaInLiteral: | |||
EnforcedStyleForMultiline: 'comma' | |||
Style/RegexpLiteral: | |||
Enabled: false | |||
AllCops: | |||
TargetRubyVersion: 2.2 | |||
Exclude: | |||
- 'spec/**/*' | |||
- 'db/**/*' | |||
- 'app/views/**/*' | |||
- 'config/**/*' |
@ -0,0 +1,9 @@ | |||
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController | |||
before_action :store_current_location | |||
private | |||
def store_current_location | |||
store_location_for(:user, request.url) | |||
end | |||
end |
@ -1,4 +0,0 @@ | |||
.prompt= t('doorkeeper.authorizations.error.title') | |||
#error_explanation | |||
= @pre_auth.error_response.body[:error_description] |
@ -1,26 +0,0 @@ | |||
.prompt= raw t('.prompt', client_name: "<strong class=\"prompt-highlight\">#{ @pre_auth.client.name }</strong>") | |||
/- if @pre_auth.scopes.count > 0 | |||
/ .scope-permission-prompt | |||
/ %p= t('.able_to') | |||
/ %ul.scope-permissions | |||
/ - @pre_auth.scopes.each do |scope| | |||
/ %li= t scope, scope: [:doorkeeper, :scopes] | |||
.actions | |||
= form_tag oauth_authorization_path, method: :post do | |||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||
= hidden_field_tag :state, @pre_auth.state | |||
= hidden_field_tag :response_type, @pre_auth.response_type | |||
= hidden_field_tag :scope, @pre_auth.scope | |||
= button_tag t('doorkeeper.authorizations.buttons.authorize'), type: :submit | |||
= form_tag oauth_authorization_path, method: :delete do | |||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||
= hidden_field_tag :state, @pre_auth.state | |||
= hidden_field_tag :response_type, @pre_auth.response_type | |||
= hidden_field_tag :scope, @pre_auth.scope | |||
= button_tag t('doorkeeper.authorizations.buttons.deny'), type: :submit, class: 'negative' |
@ -1,2 +0,0 @@ | |||
.prompt= t('.title') | |||
%code.copypasteable= params[:code] |
@ -0,0 +1,2 @@ | |||
.flash-message#error_explanation | |||
= @pre_auth.error_response.body[:error_description] |
@ -0,0 +1,25 @@ | |||
.oauth-prompt | |||
%h2 | |||
Application | |||
%strong=@pre_auth.client.name | |||
requests access to your account | |||
%p | |||
It will be able to | |||
= @pre_auth.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.map { |s| "<strong>#{s}</strong>"}.to_sentence.html_safe | |||
= form_tag oauth_authorization_path, method: :post, class: 'simple_form' do | |||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||
= hidden_field_tag :state, @pre_auth.state | |||
= hidden_field_tag :response_type, @pre_auth.response_type | |||
= hidden_field_tag :scope, @pre_auth.scope | |||
= button_tag t('doorkeeper.authorizations.buttons.authorize'), type: :submit | |||
= form_tag oauth_authorization_path, method: :delete, class: 'simple_form' do | |||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||
= hidden_field_tag :state, @pre_auth.state | |||
= hidden_field_tag :response_type, @pre_auth.response_type | |||
= hidden_field_tag :scope, @pre_auth.scope | |||
= button_tag t('doorkeeper.authorizations.buttons.deny'), type: :submit, class: 'negative' |
@ -0,0 +1 @@ | |||
%code= params[:code] |
@ -1,5 +1,5 @@ | |||
Rabl.configure do |config| | |||
config.cache_all_output = true | |||
config.cache_all_output = false | |||
config.cache_sources = !!Rails.env.production? | |||
config.include_json_root = false | |||
config.view_paths = [Rails.root.join('app/views')] | |||
@ -1,9 +1,19 @@ | |||
class Rack::Attack | |||
throttle('get-req/ip', limit: 300, period: 5.minutes) do |req| | |||
req.ip if req.get? | |||
# Rate limits for the API | |||
throttle('api', limit: 150, period: 5.minutes) do |req| | |||
req.ip if req.path.match(/\A\/api\//) | |||
end | |||
throttle('post-req/ip', limit: 100, period: 5.minutes) do |req| | |||
req.ip if req.post? | |||
self.throttled_response = lambda do |env| | |||
now = Time.now.utc | |||
match_data = env['rack.attack.match_data'] | |||
headers = { | |||
'X-RateLimit-Limit' => match_data[:limit].to_s, | |||
'X-RateLimit-Remaining' => '0', | |||
'X-RateLimit-Reset' => (now + (match_data[:period] - now.to_i % match_data[:period])).to_s | |||
} | |||
[429, headers, [{ error: 'Throttled' }.to_json]] | |||
end | |||
end |
@ -1,2 +1,2 @@ | |||
web_app = Doorkeeper::Application.new(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri) | |||
web_app = Doorkeeper::Application.new(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow') | |||
web_app.save! |