✨ Better apps list, app detail page, including suggesting a more secure allowed redirect URIs list

Author: gwennlbh

src/lib/SensitiveValue.svelte

@@ -0,0 +1,23 @@
+<script lang="ts">
+	import type { Snippet } from 'svelte';
+
+	const { children }: { children: Snippet<[]> } = $props();
+
+	let shown = $state(false);
+</script>
+
+<div class="sensitive-value">
+	<button
+		onclick={() => {
+			shown = !shown;
+		}}
+		>{#if shown}cacher{:else}montrer{/if}</button
+	>
+	{#if shown}
+		{@render children?.()}
+	{:else}
+		{Array.from({ length: 20 })
+			.map(() => '*')
+			.join('')}
+	{/if}
+</div>

src/lib/server/oauth.ts

@@ -2,9 +2,8 @@ import { env } from '$env/dynamic/public';
 import { env as secrets } from '$env/dynamic/private';
 import { Authentik } from 'arctic';
 
-const domain = 'auth.inpt.fr';
 export const authentik = new Authentik(
-	domain,
+	env.PUBLIC_AUTHENTIK_INSTANCE,
 	env.PUBLIC_OAUTH2_ID,
 	secrets.PRIVATE_OAUTH2_SECRET,
 	'http://localhost:5173/login/callback'

src/routes/+page.gql

@@ -2,14 +2,13 @@ query PageHome {
 	me {
 		uid
 	}
-	application(slug: "aedopte") {
-		... on Application {
-			name
-			metaIcon
-			groupSlug
-			churrosGroup {
+	applications {
+		... on PaginatedApplicationList {
+			results {
+				metaIcon
+				metaPublisher
 				name
-				pictureURL
+				slug
 			}
 		}
 	}

src/routes/+page.svelte

@@ -11,19 +11,18 @@
 
 	const { data, form }: Props = $props();
 	const { PageHome } = $derived(data);
-	const apps = $derived.by(() => {
-		if (!$PageHome) return [];
-		if ($PageHome.data?.application?.__typename === 'Application') {
-			return [$PageHome.data.application];
-		}
-		return [];
-	});
+
+	const apps = $derived(
+		$PageHome.data?.applications?.__typename === 'PaginatedApplicationList'
+			? $PageHome.data.applications.results.filter((app) => app !== null)
+			: []
+	);
 
 	$effect(() => console.log($PageHome));
 
 	onMount(async () => {
 		if (form?.appSlug) {
-			await goto(`/app/${form.appSlug}`);
+			await goto(`/apps/${form.appSlug}`);
 		}
 	});
 </script>
@@ -45,13 +44,28 @@
 	</section>
 </form>
 
-<div>
-	{$PageHome?.errors?.map((e) => e.message).join('\n') ?? ''}
-</div>
 <ul>
 	{#each apps as app}
 		<li>
-			{JSON.stringify(app)}
+			<a href="/apps/{app.slug}">
+				<img src={app.metaIcon} alt="Icone" />
+				{app.name} by {app?.metaPublisher}
+			</a>
 		</li>
 	{/each}
 </ul>
+
+<style>
+	ul {
+		list-style: none;
+		padding-left: 0;
+	}
+	li > a {
+		display: flex;
+		align-items: center;
+		gap: 0 1ch;
+	}
+	li img {
+		height: 1.5rem;
+	}
+</style>

src/routes/app/[slug]/+page.svelte

@@ -1,19 +1,17 @@
 query PageApplication($slug: String!) {
 	application(slug: $slug) {
 		... on Application {
+			name
+			slug
 			metaIcon
+			metaDescription
+			launchUrl
 			churrosGroup {
 				uid
 			}
-			# providerObj {
-			# 	application {
-			# 		... on Application {
-			# 			pk
-			# 		}
-			# 	}
-			# }
 			oauth2Provider {
 				... on OAuth2Provider {
+					pk
 					clientId
 					clientSecret
 					clientType

src/routes/app/[slug]/+page.gql renamed to src/routes/apps/[slug]/+page.gql

@@ -0,0 +1,37 @@
+import { graphql } from '$houdini';
+import { error } from '@sveltejs/kit';
+
+export const actions = {
+	async editAllowedURIs(event) {
+		const formdata = [...(await event.request.formData()).entries()];
+		const uris = formdata
+			.filter(([k]) => k.startsWith('uri:'))
+			.sort(([a], [b]) => b - a)
+			.map(([_, v]) => v)
+			.filter(Boolean)
+			.join('\n');
+		const providerId = parseInt(Object.fromEntries(formdata).providerid);
+
+		const { data, errors } = await graphql(`
+			mutation EditAllowedURIs($providerId: Int!, $uris: String!) {
+				providersOauth2PartialUpdate(id: $providerId, input: { redirectUris: $uris }) {
+					__typename
+				}
+			}
+		`).mutate(
+			{
+				providerId,
+				uris
+			},
+			{ event }
+		);
+
+		if (errors) {
+			error(400, {
+				message: errors.map((e) => e.message).join('\n')
+			});
+		}
+
+		return {};
+	}
+};

src/routes/apps/[slug]/+page.server.ts

@@ -0,0 +1,149 @@
+<script lang="ts">
+	import { env } from '$env/dynamic/public';
+	import SensitiveValue from '$lib/SensitiveValue.svelte';
+	import type { PageData } from './$houdini';
+	interface Props {
+		data: PageData;
+	}
+	const { data }: Props = $props();
+	const { PageApplication } = $derived(data);
+
+	function enumerate<T>(a: T[]): Array<[number, T]> {
+		return Object.entries(a).map(([k, v]) => [parseInt(k), v]);
+	}
+
+	function uris(allUris?: string | null): string[] {
+		if (!allUris) return [];
+		return allUris.split('\n');
+	}
+</script>
+
+{#if $PageApplication?.errors}
+	<section class="errors">
+		<h2>Oops!</h2>
+		<p>Il y a eu des erreurs</p>
+		<ul>
+			{#each $PageApplication.errors as { message }}
+				<li>{message}</li>
+			{/each}
+		</ul>
+	</section>
+{/if}
+
+{#if $PageApplication?.data?.application?.__typename === 'GenericError'}
+	<section class="errors">
+		<h1>Ooops</h1>
+		<p>{$PageApplication.data.application.detail}</p>
+		<a href="/login">Connexion</a>
+	</section>
+{/if}
+
+{#snippet copyable(value: string, sensitive = false)}
+	<dd>
+		<button
+			onclick={() => {
+				const clipboard = new Clipboard();
+				clipboard.writeText(value);
+			}}>copier</button
+		>
+		{#if sensitive}
+			<SensitiveValue>{value}</SensitiveValue>
+		{:else}
+			{value}
+		{/if}
+	</dd>
+{/snippet}
+
+{#if $PageApplication?.data?.application && $PageApplication.data.application.__typename === 'Application'}
+	{@const app = $PageApplication.data.application}
+	<h1>
+		<img src={app.metaIcon} alt="Icone" class="logo" />
+		{app.name}
+	</h1>
+	{#if app.launchUrl}
+		<a href={app.launchUrl}>https://{new URL(app.launchUrl).hostname}</a>
+	{/if}
+	<p class="desc">{app.metaDescription}</p>
+	{#if app.oauth2Provider?.__typename === 'OAuth2Provider'}
+		{@const authorizedUris = uris(app.oauth2Provider.redirectUris)}
+		<dl>
+			<dt>Client ID</dt>
+			{@render copyable(app.oauth2Provider.clientId)}
+			<dt>Client secret</dt>
+			{@render copyable(app.oauth2Provider.clientSecret, true)}
+			<dt>Allowed redirect URIs</dt>
+			<dd class="redirecturis">
+				<small>Peut être un motif Regex d'URIs</small>
+				{#if authorizedUris.includes('.*') && app.launchUrl}
+					<p class="warn">
+						Attention: utiliser <code>.*</code> est dangereux,
+						<button
+							onclick={() => {
+								document.querySelectorAll('.redirecturis input').forEach((node) => {
+									if (!(node instanceof HTMLInputElement)) return;
+									if (!app.launchUrl) return;
+									if (node.value !== '.*') return;
+									node.value = `https?://(localhost|${new URL(app.launchUrl).hostname}).*`;
+								});
+							}}>utiliser localhost et {new URL(app.launchUrl).hostname}</button
+						>
+					</p>
+				{/if}
+				<form method="post" action="?/editAllowedURIs">
+					<ul>
+						{#each enumerate(authorizedUris) as [i, uri]}
+							<li>
+								<input type="text" name="uri:{i}" value={uri} />
+							</li>
+						{/each}
+						<li class="new">
+							<input
+								placeholder="Ajouter une URI"
+								type="text"
+								name="uri:{uris(app.oauth2Provider.redirectUris).length}"
+							/>
+						</li>
+					</ul>
+					<input type="hidden" name="providerid" value={app.oauth2Provider.pk} />
+					<button type="submit">enregistrer</button>
+				</form>
+			</dd>
+			<p><em>Ne pas oublier le <code>/</code> à la fin des URLs 🙃</em></p>
+			<dt>Authorize URL</dt>
+			{@render copyable(`https://${env.PUBLIC_AUTHENTIK_INSTANCE}/o/authorize/`)}
+			<dt>Token URL</dt>
+			{@render copyable(`https://${env.PUBLIC_AUTHENTIK_INSTANCE}/o/token/`)}
+			<dt>User-info URL</dt>
+			{@render copyable(`https://${env.PUBLIC_AUTHENTIK_INSTANCE}/o/userinfo/`)}
+			<dt>Logout URL</dt>
+			{@render copyable(`https://${env.PUBLIC_AUTHENTIK_INSTANCE}/o/${app.slug}/end-session/`)}
+		</dl>
+	{/if}
+{/if}
+
+<style>
+	section.errors {
+		color: red;
+		background-color: lightpink;
+	}
+
+	.logo {
+		height: 1.2em;
+	}
+
+	h1 {
+		display: flex;
+		align-items: center;
+		gap: 0 1ch;
+	}
+
+	dd:not(.redirecturis) {
+		display: flex;
+		align-items: center;
+		gap: 0 1ch;
+	}
+
+	.redirecturis input {
+		width: 40ch;
+	}
+</style>