about summary refs log tree commit diff
path: root/app/lib
diff options
context:
space:
mode:
Diffstat (limited to 'app/lib')
-rw-r--r--app/lib/access_token_extension.rb4
-rw-r--r--app/lib/application_extension.rb4
-rw-r--r--app/lib/scope_parser.rb10
-rw-r--r--app/lib/scope_transformer.rb40
4 files changed, 58 insertions, 0 deletions
diff --git a/app/lib/access_token_extension.rb b/app/lib/access_token_extension.rb
index 3e184e775..2cafaaa20 100644
--- a/app/lib/access_token_extension.rb
+++ b/app/lib/access_token_extension.rb
@@ -11,6 +11,10 @@ module AccessTokenExtension
     update(revoked_at: clock.now.utc)
   end
 
+  def update_last_used(request, clock = Time)
+    update(last_used_at: clock.now.utc, last_used_ip: request.remote_ip)
+  end
+
   def push_to_streaming_api
     Redis.current.publish("timeline:access_token:#{id}", Oj.dump(event: :kill)) if revoked? || destroyed?
   end
diff --git a/app/lib/application_extension.rb b/app/lib/application_extension.rb
index e61cd0721..a1fea6430 100644
--- a/app/lib/application_extension.rb
+++ b/app/lib/application_extension.rb
@@ -8,4 +8,8 @@ module ApplicationExtension
     validates :website, url: true, length: { maximum: 2_000 }, if: :website?
     validates :redirect_uri, length: { maximum: 2_000 }
   end
+
+  def most_recently_used_access_token
+    @most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
+  end
 end
diff --git a/app/lib/scope_parser.rb b/app/lib/scope_parser.rb
new file mode 100644
index 000000000..d268688c8
--- /dev/null
+++ b/app/lib/scope_parser.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class ScopeParser < Parslet::Parser
+  rule(:term)      { match('[a-z]').repeat(1).as(:term) }
+  rule(:colon)     { str(':') }
+  rule(:access)    { (str('write') | str('read')).as(:access) }
+  rule(:namespace) { str('admin').as(:namespace) }
+  rule(:scope)     { ((namespace >> colon).maybe >> ((access >> colon >> term) | access | term)).as(:scope) }
+  root(:scope)
+end
diff --git a/app/lib/scope_transformer.rb b/app/lib/scope_transformer.rb
new file mode 100644
index 000000000..fdfc6cf13
--- /dev/null
+++ b/app/lib/scope_transformer.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+class ScopeTransformer < Parslet::Transform
+  class Scope
+    DEFAULT_TERM   = 'all'
+    DEFAULT_ACCESS = %w(read write).freeze
+
+    attr_reader :namespace, :term
+
+    def initialize(scope)
+      @namespace = scope[:namespace]&.to_s
+      @access    = scope[:access] ? [scope[:access].to_s] : DEFAULT_ACCESS.dup
+      @term      = scope[:term]&.to_s || DEFAULT_TERM
+    end
+
+    def key
+      @key ||= [@namespace, @term].compact.join('/')
+    end
+
+    def access
+      @access.join('/')
+    end
+
+    def merge(other_scope)
+      clone.merge!(other_scope)
+    end
+
+    def merge!(other_scope)
+      raise ArgumentError unless other_scope.namespace == namespace && other_scope.term == term
+
+      @access.concat(other_scope.instance_variable_get('@access'))
+      @access.uniq!
+      @access.sort!
+
+      self
+    end
+  end
+
+  rule(scope: subtree(:scope)) { Scope.new(scope) }
+end