diffdown.com / diffdown-app
Diffdown is a real-time collaborative Markdown editor/previewer built on the AT Protocol diffdown.com
fork atom

feat: add PKCE helpers; remove GitHub/Google OAuth configs

John Luther 14038c67 ef768081

+15 -26
+15 -26
internal/auth/auth.go
··· 3 3 import ( 4 4 "context" 5 5 "crypto/rand" 6 + "crypto/sha256" 7 + "encoding/base64" 6 8 "encoding/hex" 7 9 "fmt" 8 10 "net/http" 9 - "os" 10 11 11 12 "github.com/gorilla/sessions" 12 13 "golang.org/x/crypto/bcrypt" 13 - "golang.org/x/oauth2" 14 - "golang.org/x/oauth2/github" 15 - "golang.org/x/oauth2/google" 16 14 ) 17 15 18 16 type contextKey string ··· 83 81 return hex.EncodeToString(b) 84 82 } 85 83 86 - // OAuth configs 87 - 88 - func GitHubConfig() *oauth2.Config { 89 - return &oauth2.Config{ 90 - ClientID: os.Getenv("GITHUB_CLIENT_ID"), 91 - ClientSecret: os.Getenv("GITHUB_CLIENT_SECRET"), 92 - Endpoint: github.Endpoint, 93 - RedirectURL: os.Getenv("BASE_URL") + "/auth/github/callback", 94 - Scopes: []string{"user:email"}, 95 - } 96 - } 97 - 98 - func GoogleConfig() *oauth2.Config { 99 - return &oauth2.Config{ 100 - ClientID: os.Getenv("GOOGLE_CLIENT_ID"), 101 - ClientSecret: os.Getenv("GOOGLE_CLIENT_SECRET"), 102 - Endpoint: google.Endpoint, 103 - RedirectURL: os.Getenv("BASE_URL") + "/auth/google/callback", 104 - Scopes: []string{"openid", "email", "profile"}, 105 - } 106 - } 107 - 108 84 // State parameter for CSRF protection 109 85 func SetOAuthState(w http.ResponseWriter, r *http.Request) string { 110 86 state := GenerateToken() ··· 123 99 delete(sess.Values, "oauth_state") 124 100 return nil 125 101 } 102 + 103 + // PKCEVerifier generates a cryptographically random PKCE code verifier (43-128 chars, URL-safe base64). 104 + func PKCEVerifier() string { 105 + b := make([]byte, 32) 106 + rand.Read(b) 107 + return base64.RawURLEncoding.EncodeToString(b) 108 + } 109 + 110 + // PKCEChallenge derives the S256 code challenge from a verifier. 111 + func PKCEChallenge(verifier string) string { 112 + h := sha256.Sum256([]byte(verifier)) 113 + return base64.RawURLEncoding.EncodeToString(h[:]) 114 + }