to the APIclosed-social-glitch-2
@ -1,14 +1,60 @@ | |||||
Rails: | Rails: | ||||
Enabled: true | Enabled: true | ||||
Metrics/LineLength: | |||||
Enabled: false | |||||
Style/PerlBackrefs: | Style/PerlBackrefs: | ||||
AutoCorrect: false | AutoCorrect: false | ||||
Style/ClassAndModuleChildren: | Style/ClassAndModuleChildren: | ||||
Enabled: false | Enabled: false | ||||
Documentation: | |||||
Metrics/BlockNesting: | |||||
Max: 2 | |||||
Metrics/LineLength: | |||||
AllowURI: true | |||||
Enabled: false | |||||
Metrics/MethodLength: | |||||
CountComments: false | |||||
Max: 10 | |||||
Metrics/ModuleLength: | |||||
Max: 100 | |||||
Metrics/ParameterLists: | |||||
Max: 4 | |||||
CountKeywordArgs: true | |||||
Style/AccessModifierIndentation: | |||||
EnforcedStyle: indent | |||||
Style/CollectionMethods: | |||||
Enabled: true | |||||
PreferredMethods: | |||||
find_all: 'select' | |||||
Style/Documentation: | |||||
Enabled: false | |||||
Style/DoubleNegation: | |||||
Enabled: false | |||||
Style/FrozenStringLiteralComment: | |||||
Enabled: false | Enabled: false | ||||
Style/SpaceInsideHashLiteralBraces: | |||||
EnforcedStyle: space | |||||
Style/TrailingCommaInLiteral: | |||||
EnforcedStyleForMultiline: 'comma' | |||||
Style/RegexpLiteral: | |||||
Enabled: false | |||||
AllCops: | |||||
TargetRubyVersion: 2.2 | |||||
Exclude: | |||||
- 'spec/**/*' | |||||
- 'db/**/*' | |||||
- 'app/views/**/*' | |||||
- 'config/**/*' |
@ -0,0 +1,9 @@ | |||||
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController | |||||
before_action :store_current_location | |||||
private | |||||
def store_current_location | |||||
store_location_for(:user, request.url) | |||||
end | |||||
end |
@ -1,4 +0,0 @@ | |||||
.prompt= t('doorkeeper.authorizations.error.title') | |||||
#error_explanation | |||||
= @pre_auth.error_response.body[:error_description] |
@ -1,26 +0,0 @@ | |||||
.prompt= raw t('.prompt', client_name: "<strong class=\"prompt-highlight\">#{ @pre_auth.client.name }</strong>") | |||||
/- if @pre_auth.scopes.count > 0 | |||||
/ .scope-permission-prompt | |||||
/ %p= t('.able_to') | |||||
/ %ul.scope-permissions | |||||
/ - @pre_auth.scopes.each do |scope| | |||||
/ %li= t scope, scope: [:doorkeeper, :scopes] | |||||
.actions | |||||
= form_tag oauth_authorization_path, method: :post do | |||||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||||
= hidden_field_tag :state, @pre_auth.state | |||||
= hidden_field_tag :response_type, @pre_auth.response_type | |||||
= hidden_field_tag :scope, @pre_auth.scope | |||||
= button_tag t('doorkeeper.authorizations.buttons.authorize'), type: :submit | |||||
= form_tag oauth_authorization_path, method: :delete do | |||||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||||
= hidden_field_tag :state, @pre_auth.state | |||||
= hidden_field_tag :response_type, @pre_auth.response_type | |||||
= hidden_field_tag :scope, @pre_auth.scope | |||||
= button_tag t('doorkeeper.authorizations.buttons.deny'), type: :submit, class: 'negative' |
@ -1,2 +0,0 @@ | |||||
.prompt= t('.title') | |||||
%code.copypasteable= params[:code] |
@ -0,0 +1,2 @@ | |||||
.flash-message#error_explanation | |||||
= @pre_auth.error_response.body[:error_description] |
@ -0,0 +1,25 @@ | |||||
.oauth-prompt | |||||
%h2 | |||||
Application | |||||
%strong=@pre_auth.client.name | |||||
requests access to your account | |||||
%p | |||||
It will be able to | |||||
= @pre_auth.scopes.map { |scope| t(scope, scope: [:doorkeeper, :scopes]) }.map { |s| "<strong>#{s}</strong>"}.to_sentence.html_safe | |||||
= form_tag oauth_authorization_path, method: :post, class: 'simple_form' do | |||||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||||
= hidden_field_tag :state, @pre_auth.state | |||||
= hidden_field_tag :response_type, @pre_auth.response_type | |||||
= hidden_field_tag :scope, @pre_auth.scope | |||||
= button_tag t('doorkeeper.authorizations.buttons.authorize'), type: :submit | |||||
= form_tag oauth_authorization_path, method: :delete, class: 'simple_form' do | |||||
= hidden_field_tag :client_id, @pre_auth.client.uid | |||||
= hidden_field_tag :redirect_uri, @pre_auth.redirect_uri | |||||
= hidden_field_tag :state, @pre_auth.state | |||||
= hidden_field_tag :response_type, @pre_auth.response_type | |||||
= hidden_field_tag :scope, @pre_auth.scope | |||||
= button_tag t('doorkeeper.authorizations.buttons.deny'), type: :submit, class: 'negative' |
@ -0,0 +1 @@ | |||||
%code= params[:code] |
@ -1,5 +1,5 @@ | |||||
Rabl.configure do |config| | Rabl.configure do |config| | ||||
config.cache_all_output = true | |||||
config.cache_all_output = false | |||||
config.cache_sources = !!Rails.env.production? | config.cache_sources = !!Rails.env.production? | ||||
config.include_json_root = false | config.include_json_root = false | ||||
config.view_paths = [Rails.root.join('app/views')] | config.view_paths = [Rails.root.join('app/views')] | ||||
@ -1,9 +1,19 @@ | |||||
class Rack::Attack | class Rack::Attack | ||||
throttle('get-req/ip', limit: 300, period: 5.minutes) do |req| | |||||
req.ip if req.get? | |||||
# Rate limits for the API | |||||
throttle('api', limit: 150, period: 5.minutes) do |req| | |||||
req.ip if req.path.match(/\A\/api\//) | |||||
end | end | ||||
throttle('post-req/ip', limit: 100, period: 5.minutes) do |req| | |||||
req.ip if req.post? | |||||
self.throttled_response = lambda do |env| | |||||
now = Time.now.utc | |||||
match_data = env['rack.attack.match_data'] | |||||
headers = { | |||||
'X-RateLimit-Limit' => match_data[:limit].to_s, | |||||
'X-RateLimit-Remaining' => '0', | |||||
'X-RateLimit-Reset' => (now + (match_data[:period] - now.to_i % match_data[:period])).to_s | |||||
} | |||||
[429, headers, [{ error: 'Throttled' }.to_json]] | |||||
end | end | ||||
end | end |
@ -1,2 +1,2 @@ | |||||
web_app = Doorkeeper::Application.new(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri) | |||||
web_app = Doorkeeper::Application.new(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow') | |||||
web_app.save! | web_app.save! |