besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

appview: oauth: clean up router init

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi 0576f738 3efc5daf

verified
options
unified split
Changed files
+90 -78
appview
oauth
consts.go
handler
handler.go
oauth.go
state
router.go
state.go
+1 -1
appview/consts.go appview/oauth/consts.go
··· 1 - package appview 2 3 const ( 4 SessionName = "appview-session"
··· 1 + package oauth 2 3 const ( 4 SessionName = "appview-session"
+68 -46
appview/oauth/handler/handler.go
··· 29 ) 30 31 type OAuthHandler struct { 32 - Config *config.Config 33 - Pages *pages.Pages 34 - Idresolver *idresolver.Resolver 35 - Db *db.DB 36 - Store *sessions.CookieStore 37 - OAuth *oauth.OAuth 38 - Enforcer *rbac.Enforcer 39 - Posthog posthog.Client 40 } 41 42 func (o *OAuthHandler) Router() http.Handler { ··· 45 r.Get("/login", o.login) 46 r.Post("/login", o.login) 47 48 - r.With(middleware.AuthMiddleware(o.OAuth)).Post("/logout", o.logout) 49 50 r.Get("/oauth/client-metadata.json", o.clientMetadata) 51 r.Get("/oauth/jwks.json", o.jwks) ··· 56 func (o *OAuthHandler) clientMetadata(w http.ResponseWriter, r *http.Request) { 57 w.Header().Set("Content-Type", "application/json") 58 w.WriteHeader(http.StatusOK) 59 - json.NewEncoder(w).Encode(o.OAuth.ClientMetadata()) 60 } 61 62 func (o *OAuthHandler) jwks(w http.ResponseWriter, r *http.Request) { 63 - jwks := o.Config.OAuth.Jwks 64 pubKey, err := pubKeyFromJwk(jwks) 65 if err != nil { 66 log.Printf("error parsing public key: %v", err) ··· 78 func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) { 79 switch r.Method { 80 case http.MethodGet: 81 - o.Pages.Login(w, pages.LoginParams{}) 82 case http.MethodPost: 83 handle := strings.TrimPrefix(r.FormValue("handle"), "@") 84 85 - resolved, err := o.Idresolver.ResolveIdent(r.Context(), handle) 86 if err != nil { 87 log.Println("failed to resolve handle:", err) 88 - o.Pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle)) 89 return 90 } 91 - self := o.OAuth.ClientMetadata() 92 oauthClient, err := client.NewClient( 93 self.ClientID, 94 - o.Config.OAuth.Jwks, 95 self.RedirectURIs[0], 96 ) 97 98 if err != nil { 99 log.Println("failed to create oauth client:", err) 100 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 101 return 102 } 103 104 authServer, err := oauthClient.ResolvePdsAuthServer(r.Context(), resolved.PDSEndpoint()) 105 if err != nil { 106 log.Println("failed to resolve auth server:", err) 107 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 108 return 109 } 110 111 authMeta, err := oauthClient.FetchAuthServerMetadata(r.Context(), authServer) 112 if err != nil { 113 log.Println("failed to fetch auth server metadata:", err) 114 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 115 return 116 } 117 118 dpopKey, err := helpers.GenerateKey(nil) 119 if err != nil { 120 log.Println("failed to generate dpop key:", err) 121 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 122 return 123 } 124 125 dpopKeyJson, err := json.Marshal(dpopKey) 126 if err != nil { 127 log.Println("failed to marshal dpop key:", err) 128 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 129 return 130 } 131 132 parResp, err := oauthClient.SendParAuthRequest(r.Context(), authServer, authMeta, handle, oauthScope, dpopKey) 133 if err != nil { 134 log.Println("failed to send par auth request:", err) 135 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 136 return 137 } 138 139 - err = db.SaveOAuthRequest(o.Db, db.OAuthRequest{ 140 Did: resolved.DID.String(), 141 PdsUrl: resolved.PDSEndpoint(), 142 Handle: handle, ··· 148 }) 149 if err != nil { 150 log.Println("failed to save oauth request:", err) 151 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 152 return 153 } 154 ··· 157 query.Add("client_id", self.ClientID) 158 query.Add("request_uri", parResp.RequestUri) 159 u.RawQuery = query.Encode() 160 - o.Pages.HxRedirect(w, u.String()) 161 } 162 } 163 164 func (o *OAuthHandler) callback(w http.ResponseWriter, r *http.Request) { 165 state := r.FormValue("state") 166 167 - oauthRequest, err := db.GetOAuthRequestByState(o.Db, state) 168 if err != nil { 169 log.Println("failed to get oauth request:", err) 170 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 171 return 172 } 173 174 defer func() { 175 - err := db.DeleteOAuthRequestByState(o.Db, state) 176 if err != nil { 177 log.Println("failed to delete oauth request for state:", state, err) 178 } ··· 182 errorDescription := r.FormValue("error_description") 183 if error != "" || errorDescription != "" { 184 log.Printf("error: %s, %s", error, errorDescription) 185 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 186 return 187 } 188 189 code := r.FormValue("code") 190 if code == "" { 191 log.Println("missing code for state: ", state) 192 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 193 return 194 } 195 196 iss := r.FormValue("iss") 197 if iss == "" { 198 log.Println("missing iss for state: ", state) 199 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 200 return 201 } 202 203 - self := o.OAuth.ClientMetadata() 204 205 oauthClient, err := client.NewClient( 206 self.ClientID, 207 - o.Config.OAuth.Jwks, 208 self.RedirectURIs[0], 209 ) 210 211 if err != nil { 212 log.Println("failed to create oauth client:", err) 213 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 214 return 215 } 216 217 jwk, err := helpers.ParseJWKFromBytes([]byte(oauthRequest.DpopPrivateJwk)) 218 if err != nil { 219 log.Println("failed to parse jwk:", err) 220 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 221 return 222 } 223 ··· 231 ) 232 if err != nil { 233 log.Println("failed to get token:", err) 234 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 235 return 236 } 237 238 if tokenResp.Scope != oauthScope { 239 log.Println("scope doesn't match:", tokenResp.Scope) 240 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 241 return 242 } 243 244 - err = o.OAuth.SaveSession(w, r, oauthRequest, tokenResp) 245 if err != nil { 246 log.Println("failed to save session:", err) 247 - o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 248 return 249 } 250 251 log.Println("session saved successfully") 252 go o.addToDefaultKnot(oauthRequest.Did) 253 254 - if !o.Config.Core.Dev { 255 - err = o.Posthog.Enqueue(posthog.Capture{ 256 DistinctId: oauthRequest.Did, 257 Event: "signin", 258 }) ··· 265 } 266 267 func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) { 268 - err := o.OAuth.ClearSession(r, w) 269 if err != nil { 270 log.Println("failed to clear session:", err) 271 http.Redirect(w, r, "/", http.StatusFound) ··· 292 defaultKnot := "knot1.tangled.sh" 293 294 log.Printf("adding %s to default knot", did) 295 - err := o.Enforcer.AddMember(defaultKnot, did) 296 if err != nil { 297 log.Println("failed to add user to knot1.tangled.sh: ", err) 298 return 299 } 300 - err = o.Enforcer.E.SavePolicy() 301 if err != nil { 302 log.Println("failed to add user to knot1.tangled.sh: ", err) 303 return 304 } 305 306 - secret, err := db.GetRegistrationKey(o.Db, defaultKnot) 307 if err != nil { 308 log.Println("failed to get registration key for knot1.tangled.sh") 309 return 310 } 311 - signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.Config.Core.Dev) 312 resp, err := signedClient.AddMember(did) 313 if err != nil { 314 log.Println("failed to add user to knot1.tangled.sh: ", err)
··· 29 ) 30 31 type OAuthHandler struct { 32 + config *config.Config 33 + pages *pages.Pages 34 + idResolver *idresolver.Resolver 35 + db *db.DB 36 + store *sessions.CookieStore 37 + oauth *oauth.OAuth 38 + enforcer *rbac.Enforcer 39 + posthog posthog.Client 40 + } 41 + 42 + func New( 43 + config *config.Config, 44 + pages *pages.Pages, 45 + idResolver *idresolver.Resolver, 46 + db *db.DB, 47 + store *sessions.CookieStore, 48 + oauth *oauth.OAuth, 49 + enforcer *rbac.Enforcer, 50 + posthog posthog.Client, 51 + ) *OAuthHandler { 52 + return &OAuthHandler{ 53 + config: config, 54 + pages: pages, 55 + idResolver: idResolver, 56 + db: db, 57 + store: store, 58 + oauth: oauth, 59 + enforcer: enforcer, 60 + posthog: posthog, 61 + } 62 } 63 64 func (o *OAuthHandler) Router() http.Handler { ··· 67 r.Get("/login", o.login) 68 r.Post("/login", o.login) 69 70 + r.With(middleware.AuthMiddleware(o.oauth)).Post("/logout", o.logout) 71 72 r.Get("/oauth/client-metadata.json", o.clientMetadata) 73 r.Get("/oauth/jwks.json", o.jwks) ··· 78 func (o *OAuthHandler) clientMetadata(w http.ResponseWriter, r *http.Request) { 79 w.Header().Set("Content-Type", "application/json") 80 w.WriteHeader(http.StatusOK) 81 + json.NewEncoder(w).Encode(o.oauth.ClientMetadata()) 82 } 83 84 func (o *OAuthHandler) jwks(w http.ResponseWriter, r *http.Request) { 85 + jwks := o.config.OAuth.Jwks 86 pubKey, err := pubKeyFromJwk(jwks) 87 if err != nil { 88 log.Printf("error parsing public key: %v", err) ··· 100 func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) { 101 switch r.Method { 102 case http.MethodGet: 103 + o.pages.Login(w, pages.LoginParams{}) 104 case http.MethodPost: 105 handle := strings.TrimPrefix(r.FormValue("handle"), "@") 106 107 + resolved, err := o.idResolver.ResolveIdent(r.Context(), handle) 108 if err != nil { 109 log.Println("failed to resolve handle:", err) 110 + o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle)) 111 return 112 } 113 + self := o.oauth.ClientMetadata() 114 oauthClient, err := client.NewClient( 115 self.ClientID, 116 + o.config.OAuth.Jwks, 117 self.RedirectURIs[0], 118 ) 119 120 if err != nil { 121 log.Println("failed to create oauth client:", err) 122 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 123 return 124 } 125 126 authServer, err := oauthClient.ResolvePdsAuthServer(r.Context(), resolved.PDSEndpoint()) 127 if err != nil { 128 log.Println("failed to resolve auth server:", err) 129 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 130 return 131 } 132 133 authMeta, err := oauthClient.FetchAuthServerMetadata(r.Context(), authServer) 134 if err != nil { 135 log.Println("failed to fetch auth server metadata:", err) 136 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 137 return 138 } 139 140 dpopKey, err := helpers.GenerateKey(nil) 141 if err != nil { 142 log.Println("failed to generate dpop key:", err) 143 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 144 return 145 } 146 147 dpopKeyJson, err := json.Marshal(dpopKey) 148 if err != nil { 149 log.Println("failed to marshal dpop key:", err) 150 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 151 return 152 } 153 154 parResp, err := oauthClient.SendParAuthRequest(r.Context(), authServer, authMeta, handle, oauthScope, dpopKey) 155 if err != nil { 156 log.Println("failed to send par auth request:", err) 157 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 158 return 159 } 160 161 + err = db.SaveOAuthRequest(o.db, db.OAuthRequest{ 162 Did: resolved.DID.String(), 163 PdsUrl: resolved.PDSEndpoint(), 164 Handle: handle, ··· 170 }) 171 if err != nil { 172 log.Println("failed to save oauth request:", err) 173 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 174 return 175 } 176 ··· 179 query.Add("client_id", self.ClientID) 180 query.Add("request_uri", parResp.RequestUri) 181 u.RawQuery = query.Encode() 182 + o.pages.HxRedirect(w, u.String()) 183 } 184 } 185 186 func (o *OAuthHandler) callback(w http.ResponseWriter, r *http.Request) { 187 state := r.FormValue("state") 188 189 + oauthRequest, err := db.GetOAuthRequestByState(o.db, state) 190 if err != nil { 191 log.Println("failed to get oauth request:", err) 192 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 193 return 194 } 195 196 defer func() { 197 + err := db.DeleteOAuthRequestByState(o.db, state) 198 if err != nil { 199 log.Println("failed to delete oauth request for state:", state, err) 200 } ··· 204 errorDescription := r.FormValue("error_description") 205 if error != "" || errorDescription != "" { 206 log.Printf("error: %s, %s", error, errorDescription) 207 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 208 return 209 } 210 211 code := r.FormValue("code") 212 if code == "" { 213 log.Println("missing code for state: ", state) 214 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 215 return 216 } 217 218 iss := r.FormValue("iss") 219 if iss == "" { 220 log.Println("missing iss for state: ", state) 221 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 222 return 223 } 224 225 + self := o.oauth.ClientMetadata() 226 227 oauthClient, err := client.NewClient( 228 self.ClientID, 229 + o.config.OAuth.Jwks, 230 self.RedirectURIs[0], 231 ) 232 233 if err != nil { 234 log.Println("failed to create oauth client:", err) 235 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 236 return 237 } 238 239 jwk, err := helpers.ParseJWKFromBytes([]byte(oauthRequest.DpopPrivateJwk)) 240 if err != nil { 241 log.Println("failed to parse jwk:", err) 242 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 243 return 244 } 245 ··· 253 ) 254 if err != nil { 255 log.Println("failed to get token:", err) 256 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 257 return 258 } 259 260 if tokenResp.Scope != oauthScope { 261 log.Println("scope doesn't match:", tokenResp.Scope) 262 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 263 return 264 } 265 266 + err = o.oauth.SaveSession(w, r, oauthRequest, tokenResp) 267 if err != nil { 268 log.Println("failed to save session:", err) 269 + o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.") 270 return 271 } 272 273 log.Println("session saved successfully") 274 go o.addToDefaultKnot(oauthRequest.Did) 275 276 + if !o.config.Core.Dev { 277 + err = o.posthog.Enqueue(posthog.Capture{ 278 DistinctId: oauthRequest.Did, 279 Event: "signin", 280 }) ··· 287 } 288 289 func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) { 290 + err := o.oauth.ClearSession(r, w) 291 if err != nil { 292 log.Println("failed to clear session:", err) 293 http.Redirect(w, r, "/", http.StatusFound) ··· 314 defaultKnot := "knot1.tangled.sh" 315 316 log.Printf("adding %s to default knot", did) 317 + err := o.enforcer.AddMember(defaultKnot, did) 318 if err != nil { 319 log.Println("failed to add user to knot1.tangled.sh: ", err) 320 return 321 } 322 + err = o.enforcer.E.SavePolicy() 323 if err != nil { 324 log.Println("failed to add user to knot1.tangled.sh: ", err) 325 return 326 } 327 328 + secret, err := db.GetRegistrationKey(o.db, defaultKnot) 329 if err != nil { 330 log.Println("failed to get registration key for knot1.tangled.sh") 331 return 332 } 333 + signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.config.Core.Dev) 334 resp, err := signedClient.AddMember(did) 335 if err != nil { 336 log.Println("failed to add user to knot1.tangled.sh: ", err)
+16 -17
appview/oauth/oauth.go
··· 10 "github.com/gorilla/sessions" 11 oauth "tangled.sh/icyphox.sh/atproto-oauth" 12 "tangled.sh/icyphox.sh/atproto-oauth/helpers" 13 - "tangled.sh/tangled.sh/core/appview" 14 "tangled.sh/tangled.sh/core/appview/config" 15 "tangled.sh/tangled.sh/core/appview/db" 16 "tangled.sh/tangled.sh/core/appview/oauth/client" ··· 44 45 func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, oreq db.OAuthRequest, oresp *oauth.TokenResponse) error { 46 // first we save the did in the user session 47 - userSession, err := o.Store.Get(r, appview.SessionName) 48 if err != nil { 49 return err 50 } 51 52 - userSession.Values[appview.SessionDid] = oreq.Did 53 - userSession.Values[appview.SessionHandle] = oreq.Handle 54 - userSession.Values[appview.SessionPds] = oreq.PdsUrl 55 - userSession.Values[appview.SessionAuthenticated] = true 56 err = userSession.Save(r, w) 57 if err != nil { 58 return fmt.Errorf("error saving user session: %w", err) ··· 75 } 76 77 func (o *OAuth) ClearSession(r *http.Request, w http.ResponseWriter) error { 78 - userSession, err := o.Store.Get(r, appview.SessionName) 79 if err != nil || userSession.IsNew { 80 return fmt.Errorf("error getting user session (or new session?): %w", err) 81 } 82 83 - did := userSession.Values[appview.SessionDid].(string) 84 85 err = db.DeleteOAuthSessionByDid(o.Db, did) 86 if err != nil { ··· 93 } 94 95 func (o *OAuth) GetSession(r *http.Request) (*db.OAuthSession, bool, error) { 96 - userSession, err := o.Store.Get(r, appview.SessionName) 97 if err != nil || userSession.IsNew { 98 return nil, false, fmt.Errorf("error getting user session (or new session?): %w", err) 99 } 100 101 - did := userSession.Values[appview.SessionDid].(string) 102 - auth := userSession.Values[appview.SessionAuthenticated].(bool) 103 104 session, err := db.GetOAuthSessionByDid(o.Db, did) 105 if err != nil { ··· 156 } 157 158 func (a *OAuth) GetUser(r *http.Request) *User { 159 - clientSession, err := a.Store.Get(r, appview.SessionName) 160 161 if err != nil || clientSession.IsNew { 162 return nil 163 } 164 165 return &User{ 166 - Handle: clientSession.Values[appview.SessionHandle].(string), 167 - Did: clientSession.Values[appview.SessionDid].(string), 168 - Pds: clientSession.Values[appview.SessionPds].(string), 169 } 170 } 171 172 func (a *OAuth) GetDid(r *http.Request) string { 173 - clientSession, err := a.Store.Get(r, appview.SessionName) 174 175 if err != nil || clientSession.IsNew { 176 return "" 177 } 178 179 - return clientSession.Values[appview.SessionDid].(string) 180 } 181 182 func (o *OAuth) AuthorizedClient(r *http.Request) (*xrpc.Client, error) {
··· 10 "github.com/gorilla/sessions" 11 oauth "tangled.sh/icyphox.sh/atproto-oauth" 12 "tangled.sh/icyphox.sh/atproto-oauth/helpers" 13 "tangled.sh/tangled.sh/core/appview/config" 14 "tangled.sh/tangled.sh/core/appview/db" 15 "tangled.sh/tangled.sh/core/appview/oauth/client" ··· 43 44 func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, oreq db.OAuthRequest, oresp *oauth.TokenResponse) error { 45 // first we save the did in the user session 46 + userSession, err := o.Store.Get(r, SessionName) 47 if err != nil { 48 return err 49 } 50 51 + userSession.Values[SessionDid] = oreq.Did 52 + userSession.Values[SessionHandle] = oreq.Handle 53 + userSession.Values[SessionPds] = oreq.PdsUrl 54 + userSession.Values[SessionAuthenticated] = true 55 err = userSession.Save(r, w) 56 if err != nil { 57 return fmt.Errorf("error saving user session: %w", err) ··· 74 } 75 76 func (o *OAuth) ClearSession(r *http.Request, w http.ResponseWriter) error { 77 + userSession, err := o.Store.Get(r, SessionName) 78 if err != nil || userSession.IsNew { 79 return fmt.Errorf("error getting user session (or new session?): %w", err) 80 } 81 82 + did := userSession.Values[SessionDid].(string) 83 84 err = db.DeleteOAuthSessionByDid(o.Db, did) 85 if err != nil { ··· 92 } 93 94 func (o *OAuth) GetSession(r *http.Request) (*db.OAuthSession, bool, error) { 95 + userSession, err := o.Store.Get(r, SessionName) 96 if err != nil || userSession.IsNew { 97 return nil, false, fmt.Errorf("error getting user session (or new session?): %w", err) 98 } 99 100 + did := userSession.Values[SessionDid].(string) 101 + auth := userSession.Values[SessionAuthenticated].(bool) 102 103 session, err := db.GetOAuthSessionByDid(o.Db, did) 104 if err != nil { ··· 155 } 156 157 func (a *OAuth) GetUser(r *http.Request) *User { 158 + clientSession, err := a.Store.Get(r, SessionName) 159 160 if err != nil || clientSession.IsNew { 161 return nil 162 } 163 164 return &User{ 165 + Handle: clientSession.Values[SessionHandle].(string), 166 + Did: clientSession.Values[SessionDid].(string), 167 + Pds: clientSession.Values[SessionPds].(string), 168 } 169 } 170 171 func (a *OAuth) GetDid(r *http.Request) string { 172 + clientSession, err := a.Store.Get(r, SessionName) 173 174 if err != nil || clientSession.IsNew { 175 return "" 176 } 177 178 + return clientSession.Values[SessionDid].(string) 179 } 180 181 func (o *OAuth) AuthorizedClient(r *http.Request) (*xrpc.Client, error) {
+3 -12
appview/state/router.go
··· 7 "github.com/go-chi/chi/v5" 8 "github.com/gorilla/sessions" 9 "tangled.sh/tangled.sh/core/appview/middleware" 10 - oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler" 11 "tangled.sh/tangled.sh/core/appview/pulls" 12 "tangled.sh/tangled.sh/core/appview/repo" 13 "tangled.sh/tangled.sh/core/appview/settings" ··· 154 } 155 156 func (s *State) OAuthRouter() http.Handler { 157 - oauth := &oauthhandler.OAuthHandler{ 158 - Config: s.config, 159 - Pages: s.pages, 160 - Idresolver: s.idResolver, 161 - Db: s.db, 162 - Store: sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)), 163 - OAuth: s.oauth, 164 - Enforcer: s.enforcer, 165 - Posthog: s.posthog, 166 - } 167 - 168 return oauth.Router() 169 } 170
··· 7 "github.com/go-chi/chi/v5" 8 "github.com/gorilla/sessions" 9 "tangled.sh/tangled.sh/core/appview/middleware" 10 + oauth "tangled.sh/tangled.sh/core/appview/oauth/handler" 11 "tangled.sh/tangled.sh/core/appview/pulls" 12 "tangled.sh/tangled.sh/core/appview/repo" 13 "tangled.sh/tangled.sh/core/appview/settings" ··· 154 } 155 156 func (s *State) OAuthRouter() http.Handler { 157 + store := sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)) 158 + oauth := oauth.New(s.config, s.pages, s.idResolver, s.db, store, s.oauth, s.enforcer, s.posthog) 159 return oauth.Router() 160 } 161
+2 -2
appview/state/state.go
··· 176 177 return 178 case http.MethodPost: 179 - session, err := s.oauth.Store.Get(r, appview.SessionName) 180 if err != nil || session.IsNew { 181 log.Println("unauthorized attempt to generate registration key") 182 http.Error(w, "Forbidden", http.StatusUnauthorized) 183 return 184 } 185 186 - did := session.Values[appview.SessionDid].(string) 187 188 // check if domain is valid url, and strip extra bits down to just host 189 domain := r.FormValue("domain")
··· 176 177 return 178 case http.MethodPost: 179 + session, err := s.oauth.Store.Get(r, oauth.SessionName) 180 if err != nil || session.IsNew { 181 log.Println("unauthorized attempt to generate registration key") 182 http.Error(w, "Forbidden", http.StatusUnauthorized) 183 return 184 } 185 186 + did := session.Values[oauth.SessionDid].(string) 187 188 // check if domain is valid url, and strip extra bits down to just host 189 domain := r.FormValue("domain")