From 88da6f16a9a0e4b7e795329666c63705791f30f7 Mon Sep 17 00:00:00 2001
From: Mar0xy <marie@kaifa.ch>
Date: Wed, 8 Nov 2023 21:11:54 +0100
Subject: [PATCH] upd: add oauth decision endpoint

---
 .../src/server/oauth/OAuth2ProviderService.ts        | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
index ad2657a97c..6d9cac2a17 100644
--- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts
+++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts
@@ -3,9 +3,9 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
+import querystring from 'querystring';
 import { Inject, Injectable } from '@nestjs/common';
 import megalodon, { MegalodonInterface } from 'megalodon';
-import querystring from 'querystring';
 import { v4 as uuid } from 'uuid';
 /* import { kinds } from '@/misc/api-permissions.js';
 import type { Config } from '@/config.js';
@@ -74,10 +74,18 @@ export class OAuth2ProviderService {
 			if (query.redirect_uri) param += `&redirect_uri=${query.redirect_uri}`;
 			const client = query.client_id ? query.client_id : "";
 			reply.redirect(
-				`${atob(client)}?${param}`,
+				`${Buffer.from(client.toString(), 'base64').toString()}?${param}`,
 			);
 		});
 
+		fastify.post('/oauth/decision', async (request, reply) => {
+			const body: any = request.body;
+			if (body.cancel) {
+				reply.send({ user: body.login_token, allow: false });
+			}
+			reply.send({ user: body.login_token, allow: true });
+		});
+
 		fastify.post('/oauth/token', async (request, reply) => {
 			const body: any = request.body || request.query;
 			if (body.grant_type === "client_credentials") {