adds API endpoints to manage OAuth2 Application (list/create/delete) (#10437)

* add API endpoint to create OAuth2 Application.

* move endpoint to /user. Add swagger documentations and proper response type.

* change json tags to snake_case. add CreateOAuth2ApplicationOptions to swagger docs.

* change response status to Created (201)

* add methods to list OAuth2 apps and delete an existing OAuth2 app by ID.

* add APIFormat convert method and file header

* fixed header

* hide secret on oauth2 application list

* add Created time to API response

* add API integration tests for create/list/delete OAuth2 applications.

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>

routers/api/v1/user/app.go

@@ -10,6 +10,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/convert"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/routers/api/v1/utils"
 )
@@ -135,3 +136,98 @@ func DeleteAccessToken(ctx *context.APIContext) {
 
 	ctx.Status(http.StatusNoContent)
 }
+
+// CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user
+func CreateOauth2Application(ctx *context.APIContext, data api.CreateOAuth2ApplicationOptions) {
+	// swagger:operation POST /user/applications/oauth2 user userCreateOAuth2Application
+	// ---
+	// summary: creates a new OAuth2 application
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   required: true
+	//   schema:
+	//     "$ref": "#/definitions/CreateOAuth2ApplicationOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/OAuth2Application"
+	app, err := models.CreateOAuth2Application(models.CreateOAuth2ApplicationOptions{
+		Name:         data.Name,
+		UserID:       ctx.User.ID,
+		RedirectURIs: data.RedirectURIs,
+	})
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "", "error creating oauth2 application")
+		return
+	}
+	secret, err := app.GenerateClientSecret()
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "", "error creating application secret")
+		return
+	}
+	app.ClientSecret = secret
+
+	ctx.JSON(http.StatusCreated, convert.ToOAuth2Application(app))
+}
+
+// ListOauth2Applications list all the Oauth2 application
+func ListOauth2Applications(ctx *context.APIContext) {
+	// swagger:operation GET /user/applications/oauth2 user userGetOauth2Application
+	// ---
+	// summary: List the authenticated user's oauth2 applications
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results, maximum page size is 50
+	//   type: integer
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/OAuth2ApplicationList"
+
+	apps, err := models.ListOAuth2Applications(ctx.User.ID, utils.GetListOptions(ctx))
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "ListOAuth2Applications", err)
+		return
+	}
+
+	apiApps := make([]*api.OAuth2Application, len(apps))
+	for i := range apps {
+		apiApps[i] = convert.ToOAuth2Application(apps[i])
+		apiApps[i].ClientSecret = "" // Hide secret on application list
+	}
+	ctx.JSON(http.StatusOK, &apiApps)
+}
+
+// DeleteOauth2Application delete OAuth2 Application
+func DeleteOauth2Application(ctx *context.APIContext) {
+	// swagger:operation DELETE /user/applications/oauth2/{id} user userDeleteOAuth2Application
+	// ---
+	// summary: delete an OAuth2 Application
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: id
+	//   in: path
+	//   description: token to be deleted
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	appID := ctx.ParamsInt64(":id")
+	if err := models.DeleteOAuth2Application(appID, ctx.User.ID); err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteOauth2ApplicationByID", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}