Merge pull request 'Don’t litter tokens and Iceshrimp.NET support' (#452) from Oneric/akkoma-fe:frugal-tokens-and-iceshrimp.net into develop

Reviewed-on: #452
2025-10-13 12:22:33 +00:00 · 2025-10-13 12:22:33 +00:00 · 57a809946c
commit 57a809946c
parent 2f64931d5b 877dde80c9
10 changed files with 44 additions and 32 deletions
--- a/package.json
+++ b/package.json
@ -128,5 +128,6 @@
  "engines": {
    "node": ">= 16.0.0",
    "npm": ">= 3.0.0"
-  }
+  },
+  "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
 }
--- a/src/boot/after_store.js
+++ b/src/boot/after_store.js
@ -12,7 +12,6 @@ import routes from './routes'
 import VBodyScrollLock from 'src/directives/body_scroll_lock'

 import { windowWidth, windowHeight } from '../services/window_utils/window_utils'
-import { getOrCreateApp, getClientToken } from '../services/new_api/oauth.js'
 import backendInteractorService from '../services/backend_interactor_service/backend_interactor_service.js'
 import { CURRENT_VERSION } from '../services/theme_data/theme_data.service.js'
 import { applyTheme } from '../services/style_setter/style_setter.js'
@ -253,17 +252,6 @@ const getStickers = async ({ store }) => {
  }
 }

-const getAppSecret = async ({ store }) => {
-  const { state, commit } = store
-  const { oauth, instance } = state
-  return getOrCreateApp({ ...oauth, instance: instance.server, commit })
-    .then((app) => getClientToken({ ...app, instance: instance.server }))
-    .then((token) => {
-      commit('setAppToken', token.access_token)
-      commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
-    })
-}
-
 const resolveStaffAccounts = ({ store, accounts }) => {
  const nicknames = accounts.map(uri => uri.split('/').pop())
  store.dispatch('setInstanceOption', { name: 'staffAccounts', value: nicknames })
@ -351,7 +339,7 @@ const setConfig = async ({ store }) => {
  const apiConfig = configInfos[0]
  const staticConfig = configInfos[1]

-  await setSettings({ store, apiConfig, staticConfig }).then(getAppSecret({ store }))
+  await setSettings({ store, apiConfig, staticConfig })
 }

 const checkOAuthToken = async ({ store }) => {
--- a/src/components/login_form/login_form.js
+++ b/src/components/login_form/login_form.js
@ -43,7 +43,7 @@ const LoginForm = {
      }

      oauthApi.getOrCreateApp(data)
-        .then((app) => { oauthApi.login({ ...app, ...data }) })
+        .then((app) => { oauthApi.login({ ...data, ...app }) })
    },
    submitPassword () {
      const { clientId } = this.oauth
--- a/src/components/post_status_form/post_status_form.js
+++ b/src/components/post_status_form/post_status_form.js
@ -150,7 +150,7 @@ const PostStatusForm = {
    const preset = this.$route.query.message
    let statusText = preset || ''

-    if (this.replyTo || this.quoteId) {
+    if (this.replyTo || this.quoteId || this.repliedUser) {
      const currentUser = this.$store.state.users.currentUser
      statusText = buildMentionsString({ user: this.repliedUser, attentions: this.attentions }, currentUser)
    }
--- a/src/components/user_card/user_card.js
+++ b/src/components/user_card/user_card.js
@ -197,7 +197,7 @@ export default {
      this.$store.dispatch('setCurrentMedia', attachment)
    },
    mentionUser () {
-      this.$store.dispatch('openPostStatusModal', { replyTo: true, repliedUser: this.user })
+      this.$store.dispatch('openPostStatusModal', { repliedUser: this.user })
    }
  }
 }
--- a/src/lib/persisted_state.js
+++ b/src/lib/persisted_state.js
@ -19,7 +19,7 @@ const saveImmedeatelyActions = [
  'setOption',
  'setClientData',
  'setToken',
-  'clearToken',
+  'clearTokens',
  'emojiUsed',
 ]

--- a/src/modules/instance.js
+++ b/src/modules/instance.js
@ -185,10 +185,13 @@ const instance = {
          const result = await res.json()
          const values = Array.isArray(result) ? Object.assign({}, ...result) : result
          const emoji = Object.entries(values).map(([key, value]) => {
-            const imageUrl = value.image_url
+            let imageUrl = value.image_url
+            if (typeof imageUrl == 'string' && imageUrl.startsWith('/'))
+              imageUrl = state.server + imageUrl;
+
            return {
              displayText: key,
-              imageUrl: imageUrl ? state.server + imageUrl : value,
+              imageUrl: imageUrl ? imageUrl : value,
              tags: imageUrl ? value.tags.sort((a, b) => a > b ? 1 : 0) : ['utf'],
              replacement: `:${key}: `
            }
--- a/src/modules/oauth.js
+++ b/src/modules/oauth.js
@ -3,8 +3,7 @@ const oauth = {
    clientId: false,
    clientSecret: false,
    /* App token is authentication for app without any user, used mostly for
-     * MastoAPI's registration of new users, stored so that we can fall back to
-     * it on logout
+     * MastoAPI's registration of new users and unnecessary otherwise
     */
    appToken: false,
    /* User token is authentication for app with user, this is for every calls
@ -23,8 +22,9 @@ const oauth = {
    setToken (state, token) {
      state.userToken = token
    },
-    clearToken (state) {
+    clearTokens (state) {
      state.userToken = false
+      state.appToken = false
      // state.token is userToken with older name, coming from persistent state
      // let's clear it as well, since it is being used as a fallback of state.userToken
      delete state.token
--- a/src/modules/users.js
+++ b/src/modules/users.js
@ -3,6 +3,7 @@ import { windowWidth, windowHeight } from '../services/window_utils/window_utils
 import oauthApi from '../services/new_api/oauth.js'
 import { compact, map, each, mergeWith, last, concat, uniq, isArray } from 'lodash'
 import { registerPushNotifications, unregisterPushNotifications } from '../services/push/push.js'
+import { getClientToken } from '../services/new_api/oauth.js'

 // TODO: Unify with mergeOrAdd in statuses.js
 export const mergeOrAdd = (arr, obj, item, key = 'id') => {
@ -112,6 +113,17 @@ const setNote = (store, { id, note }) => {
    .then((relationship) => store.commit('updateUserRelationship', [relationship]))
 }

+const getAppSecret = async ({ store }) => {
+  const { rootState, commit } = store
+  const { oauth, instance } = rootState
+  return oauthApi.getOrCreateApp({ ...oauth, instance: instance.server, commit })
+    .then((app) => getClientToken({ ...app, instance: instance.server }))
+    .then((token) => {
+      commit('setAppToken', token.access_token)
+      commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
+    })
+}
+
 export const mutations = {
  tagUser (state, { user: { id }, tag }) {
    const user = state.usersObject[id]
@ -568,6 +580,8 @@ const users = {
      let rootState = store.rootState

      try {
+        // registration can only be done with an app token
+        await getAppSecret({ store })
        let data = await rootState.api.backendInteractor.register(
          { params: { ...userInfo } }
        )
@ -603,18 +617,24 @@ const users = {

      return oauthApi.getOrCreateApp(data)
        .then((app) => {
-          const params = {
-            app,
-            instance: data.instance,
-            token: oauth.userToken
-          }
+          // Clear both OAuth token (used in every login session)
+          // and app token (only used by us during registration)
+          for (const token of [oauth.userToken, oauth.appToken]) {
+            if (!token) continue

-          return oauthApi.revokeToken(params)
+            const params = {
+              app,
+              instance: data.instance,
+              token: token
+            }
+
+            oauthApi.revokeToken(params)
+          }
        })
        .then(() => {
          store.commit('clearCurrentUser')
          store.dispatch('disconnectFromSocket')
-          store.commit('clearToken')
+          store.commit('clearTokens')
          store.dispatch('stopFetchingTimeline', 'friends')
          store.commit('setBackendInteractor', backendInteractorService(store.getters.getToken()))
          store.dispatch('stopFetchingNotifications')
--- a/src/services/api/api.service.js
+++ b/src/services/api/api.service.js
@ -1588,7 +1588,7 @@ const getFollowedHashtags = ({ credentials, pagination: savedPagination }) => {
  const url = `${MASTODON_FOLLOWED_TAGS_URL}?${queryParams.toString()}`
  let pagination = {};
  return fetch(url, {
-    credentials
+    headers: authHeaders(credentials),
  }).then((data) => {
    pagination = parseLinkHeaderPagination(data.headers.get('Link'), {
      flakeId: false
@ -1610,7 +1610,7 @@ const getFollowRequests = ({ credentials, pagination: savedPagination }) => {
  const url = `${MASTODON_FOLLOW_REQUESTS_URL}?${queryParams.toString()}`
  let pagination = {};
  return fetch(url, {
-    credentials
+    headers: authHeaders(credentials),
  }).then((data) => {
    pagination = parseLinkHeaderPagination(data.headers.get('Link'), { flakeId: true });
    return data.json()