From 1017c71ba1d80a1690e357a938ad46f246a456ae Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Sat, 10 Dec 2022 21:03:14 -0700
Subject: Working start of an OAuth flow

---
 takahe/settings.py | 9 +++++++--
 takahe/urls.py     | 6 ++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

(limited to 'takahe')

diff --git a/takahe/settings.py b/takahe/settings.py
index 64a523a..e2e9b43 100644
--- a/takahe/settings.py
+++ b/takahe/settings.py
@@ -169,16 +169,19 @@ INSTALLED_APPS = [
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django_htmx",
+    "corsheaders",
     "core",
     "activities",
-    "users",
-    "stator",
+    "api",
     "mediaproxy",
+    "stator",
+    "users",
 ]
 
 MIDDLEWARE = [
     "core.middleware.SentryTaggingMiddleware",
     "django.middleware.security.SecurityMiddleware",
+    "corsheaders.middleware.CorsMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -278,6 +281,7 @@ AUTO_ADMIN_EMAIL = SETUP.AUTO_ADMIN_EMAIL
 
 STATOR_TOKEN = SETUP.STATOR_TOKEN
 
+CORS_ORIGIN_ALLOW_ALL = True  # Temporary
 CORS_ORIGIN_WHITELIST = SETUP.CORS_HOSTS
 CORS_ALLOW_CREDENTIALS = True
 CORS_PREFLIGHT_MAX_AGE = 604800
@@ -288,6 +292,7 @@ MEDIA_URL = SETUP.MEDIA_URL
 MEDIA_ROOT = SETUP.MEDIA_ROOT
 MAIN_DOMAIN = SETUP.MAIN_DOMAIN
 
+
 if SETUP.USE_PROXY_HEADERS:
     SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
diff --git a/takahe/urls.py b/takahe/urls.py
index 762e091..57af7a7 100644
--- a/takahe/urls.py
+++ b/takahe/urls.py
@@ -4,6 +4,7 @@ from django.urls import path, re_path
 from django.views.static import serve
 
 from activities.views import compose, explore, follows, posts, search, timelines
+from api.views import api, oauth
 from core import views as core
 from mediaproxy import views as mediaproxy
 from stator import views as stator
@@ -201,6 +202,11 @@ urlpatterns = [
     path("actor/", activitypub.SystemActorView.as_view()),
     path("actor/inbox/", activitypub.Inbox.as_view()),
     path("inbox/", activitypub.Inbox.as_view(), name="shared_inbox"),
+    # API/Oauth
+    path("api/", api.urls),
+    path("oauth/authorize", oauth.AuthorizationView.as_view()),
+    path("oauth/token", oauth.TokenView.as_view()),
+    path("oauth/revoke_token", oauth.RevokeTokenView.as_view()),
     # Stator
     path(".stator/", stator.RequestRunner.as_view()),
     # Django admin
-- 
cgit v1.2.3