willdot.net
anirudh.fi
+1
-1
appview/consts.go
appview/oauth/consts.go
+1
-1
appview/consts.go
appview/oauth/consts.go
+68
-46
appview/oauth/handler/handler.go
+68
-46
appview/oauth/handler/handler.go
···
29
)
30
31
type OAuthHandler struct {
32
-
Config *config.Config
33
-
Pages *pages.Pages
34
-
Idresolver *idresolver.Resolver
35
-
Db *db.DB
36
-
Store *sessions.CookieStore
37
-
OAuth *oauth.OAuth
38
-
Enforcer *rbac.Enforcer
39
-
Posthog posthog.Client
40
}
41
42
func (o *OAuthHandler) Router() http.Handler {
···
45
r.Get("/login", o.login)
46
r.Post("/login", o.login)
47
48
-
r.With(middleware.AuthMiddleware(o.OAuth)).Post("/logout", o.logout)
49
50
r.Get("/oauth/client-metadata.json", o.clientMetadata)
51
r.Get("/oauth/jwks.json", o.jwks)
···
56
func (o *OAuthHandler) clientMetadata(w http.ResponseWriter, r *http.Request) {
57
w.Header().Set("Content-Type", "application/json")
58
w.WriteHeader(http.StatusOK)
59
-
json.NewEncoder(w).Encode(o.OAuth.ClientMetadata())
60
}
61
62
func (o *OAuthHandler) jwks(w http.ResponseWriter, r *http.Request) {
63
-
jwks := o.Config.OAuth.Jwks
64
pubKey, err := pubKeyFromJwk(jwks)
65
if err != nil {
66
log.Printf("error parsing public key: %v", err)
···
78
func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) {
79
switch r.Method {
80
case http.MethodGet:
81
-
o.Pages.Login(w, pages.LoginParams{})
82
case http.MethodPost:
83
handle := strings.TrimPrefix(r.FormValue("handle"), "@")
84
85
-
resolved, err := o.Idresolver.ResolveIdent(r.Context(), handle)
86
if err != nil {
87
log.Println("failed to resolve handle:", err)
88
-
o.Pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle))
89
return
90
}
91
-
self := o.OAuth.ClientMetadata()
92
oauthClient, err := client.NewClient(
93
self.ClientID,
94
-
o.Config.OAuth.Jwks,
95
self.RedirectURIs[0],
96
)
97
98
if err != nil {
99
log.Println("failed to create oauth client:", err)
100
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
101
return
102
}
103
104
authServer, err := oauthClient.ResolvePdsAuthServer(r.Context(), resolved.PDSEndpoint())
105
if err != nil {
106
log.Println("failed to resolve auth server:", err)
107
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
108
return
109
}
110
111
authMeta, err := oauthClient.FetchAuthServerMetadata(r.Context(), authServer)
112
if err != nil {
113
log.Println("failed to fetch auth server metadata:", err)
114
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
115
return
116
}
117
118
dpopKey, err := helpers.GenerateKey(nil)
119
if err != nil {
120
log.Println("failed to generate dpop key:", err)
121
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
122
return
123
}
124
125
dpopKeyJson, err := json.Marshal(dpopKey)
126
if err != nil {
127
log.Println("failed to marshal dpop key:", err)
128
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
129
return
130
}
131
132
parResp, err := oauthClient.SendParAuthRequest(r.Context(), authServer, authMeta, handle, oauthScope, dpopKey)
133
if err != nil {
134
log.Println("failed to send par auth request:", err)
135
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
136
return
137
}
138
139
-
err = db.SaveOAuthRequest(o.Db, db.OAuthRequest{
140
Did: resolved.DID.String(),
141
PdsUrl: resolved.PDSEndpoint(),
142
Handle: handle,
···
148
})
149
if err != nil {
150
log.Println("failed to save oauth request:", err)
151
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
152
return
153
}
154
···
157
query.Add("client_id", self.ClientID)
158
query.Add("request_uri", parResp.RequestUri)
159
u.RawQuery = query.Encode()
160
-
o.Pages.HxRedirect(w, u.String())
161
}
162
}
163
164
func (o *OAuthHandler) callback(w http.ResponseWriter, r *http.Request) {
165
state := r.FormValue("state")
166
167
-
oauthRequest, err := db.GetOAuthRequestByState(o.Db, state)
168
if err != nil {
169
log.Println("failed to get oauth request:", err)
170
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
171
return
172
}
173
174
defer func() {
175
-
err := db.DeleteOAuthRequestByState(o.Db, state)
176
if err != nil {
177
log.Println("failed to delete oauth request for state:", state, err)
178
}
···
182
errorDescription := r.FormValue("error_description")
183
if error != "" || errorDescription != "" {
184
log.Printf("error: %s, %s", error, errorDescription)
185
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
186
return
187
}
188
189
code := r.FormValue("code")
190
if code == "" {
191
log.Println("missing code for state: ", state)
192
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
193
return
194
}
195
196
iss := r.FormValue("iss")
197
if iss == "" {
198
log.Println("missing iss for state: ", state)
199
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
200
return
201
}
202
203
-
self := o.OAuth.ClientMetadata()
204
205
oauthClient, err := client.NewClient(
206
self.ClientID,
207
-
o.Config.OAuth.Jwks,
208
self.RedirectURIs[0],
209
)
210
211
if err != nil {
212
log.Println("failed to create oauth client:", err)
213
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
214
return
215
}
216
217
jwk, err := helpers.ParseJWKFromBytes([]byte(oauthRequest.DpopPrivateJwk))
218
if err != nil {
219
log.Println("failed to parse jwk:", err)
220
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
221
return
222
}
223
···
231
)
232
if err != nil {
233
log.Println("failed to get token:", err)
234
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
235
return
236
}
237
238
if tokenResp.Scope != oauthScope {
239
log.Println("scope doesn't match:", tokenResp.Scope)
240
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
241
return
242
}
243
244
-
err = o.OAuth.SaveSession(w, r, oauthRequest, tokenResp)
245
if err != nil {
246
log.Println("failed to save session:", err)
247
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
248
return
249
}
250
251
log.Println("session saved successfully")
252
go o.addToDefaultKnot(oauthRequest.Did)
253
254
-
if !o.Config.Core.Dev {
255
-
err = o.Posthog.Enqueue(posthog.Capture{
256
DistinctId: oauthRequest.Did,
257
Event: "signin",
258
})
···
265
}
266
267
func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) {
268
-
err := o.OAuth.ClearSession(r, w)
269
if err != nil {
270
log.Println("failed to clear session:", err)
271
http.Redirect(w, r, "/", http.StatusFound)
···
292
defaultKnot := "knot1.tangled.sh"
293
294
log.Printf("adding %s to default knot", did)
295
-
err := o.Enforcer.AddMember(defaultKnot, did)
296
if err != nil {
297
log.Println("failed to add user to knot1.tangled.sh: ", err)
298
return
299
}
300
-
err = o.Enforcer.E.SavePolicy()
301
if err != nil {
302
log.Println("failed to add user to knot1.tangled.sh: ", err)
303
return
304
}
305
306
-
secret, err := db.GetRegistrationKey(o.Db, defaultKnot)
307
if err != nil {
308
log.Println("failed to get registration key for knot1.tangled.sh")
309
return
310
}
311
-
signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.Config.Core.Dev)
312
resp, err := signedClient.AddMember(did)
313
if err != nil {
314
log.Println("failed to add user to knot1.tangled.sh: ", err)
···
29
)
30
31
type OAuthHandler struct {
32
+
config *config.Config
33
+
pages *pages.Pages
34
+
idResolver *idresolver.Resolver
35
+
db *db.DB
36
+
store *sessions.CookieStore
37
+
oauth *oauth.OAuth
38
+
enforcer *rbac.Enforcer
39
+
posthog posthog.Client
40
+
}
41
+
42
+
func New(
43
+
config *config.Config,
44
+
pages *pages.Pages,
45
+
idResolver *idresolver.Resolver,
46
+
db *db.DB,
47
+
store *sessions.CookieStore,
48
+
oauth *oauth.OAuth,
49
+
enforcer *rbac.Enforcer,
50
+
posthog posthog.Client,
51
+
) *OAuthHandler {
52
+
return &OAuthHandler{
53
+
config: config,
54
+
pages: pages,
55
+
idResolver: idResolver,
56
+
db: db,
57
+
store: store,
58
+
oauth: oauth,
59
+
enforcer: enforcer,
60
+
posthog: posthog,
61
+
}
62
}
63
64
func (o *OAuthHandler) Router() http.Handler {
···
67
r.Get("/login", o.login)
68
r.Post("/login", o.login)
69
70
+
r.With(middleware.AuthMiddleware(o.oauth)).Post("/logout", o.logout)
71
72
r.Get("/oauth/client-metadata.json", o.clientMetadata)
73
r.Get("/oauth/jwks.json", o.jwks)
···
78
func (o *OAuthHandler) clientMetadata(w http.ResponseWriter, r *http.Request) {
79
w.Header().Set("Content-Type", "application/json")
80
w.WriteHeader(http.StatusOK)
81
+
json.NewEncoder(w).Encode(o.oauth.ClientMetadata())
82
}
83
84
func (o *OAuthHandler) jwks(w http.ResponseWriter, r *http.Request) {
85
+
jwks := o.config.OAuth.Jwks
86
pubKey, err := pubKeyFromJwk(jwks)
87
if err != nil {
88
log.Printf("error parsing public key: %v", err)
···
100
func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) {
101
switch r.Method {
102
case http.MethodGet:
103
+
o.pages.Login(w, pages.LoginParams{})
104
case http.MethodPost:
105
handle := strings.TrimPrefix(r.FormValue("handle"), "@")
106
107
+
resolved, err := o.idResolver.ResolveIdent(r.Context(), handle)
108
if err != nil {
109
log.Println("failed to resolve handle:", err)
110
+
o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle))
111
return
112
}
113
+
self := o.oauth.ClientMetadata()
114
oauthClient, err := client.NewClient(
115
self.ClientID,
116
+
o.config.OAuth.Jwks,
117
self.RedirectURIs[0],
118
)
119
120
if err != nil {
121
log.Println("failed to create oauth client:", err)
122
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
123
return
124
}
125
126
authServer, err := oauthClient.ResolvePdsAuthServer(r.Context(), resolved.PDSEndpoint())
127
if err != nil {
128
log.Println("failed to resolve auth server:", err)
129
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
130
return
131
}
132
133
authMeta, err := oauthClient.FetchAuthServerMetadata(r.Context(), authServer)
134
if err != nil {
135
log.Println("failed to fetch auth server metadata:", err)
136
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
137
return
138
}
139
140
dpopKey, err := helpers.GenerateKey(nil)
141
if err != nil {
142
log.Println("failed to generate dpop key:", err)
143
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
144
return
145
}
146
147
dpopKeyJson, err := json.Marshal(dpopKey)
148
if err != nil {
149
log.Println("failed to marshal dpop key:", err)
150
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
151
return
152
}
153
154
parResp, err := oauthClient.SendParAuthRequest(r.Context(), authServer, authMeta, handle, oauthScope, dpopKey)
155
if err != nil {
156
log.Println("failed to send par auth request:", err)
157
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
158
return
159
}
160
161
+
err = db.SaveOAuthRequest(o.db, db.OAuthRequest{
162
Did: resolved.DID.String(),
163
PdsUrl: resolved.PDSEndpoint(),
164
Handle: handle,
···
170
})
171
if err != nil {
172
log.Println("failed to save oauth request:", err)
173
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
174
return
175
}
176
···
179
query.Add("client_id", self.ClientID)
180
query.Add("request_uri", parResp.RequestUri)
181
u.RawQuery = query.Encode()
182
+
o.pages.HxRedirect(w, u.String())
183
}
184
}
185
186
func (o *OAuthHandler) callback(w http.ResponseWriter, r *http.Request) {
187
state := r.FormValue("state")
188
189
+
oauthRequest, err := db.GetOAuthRequestByState(o.db, state)
190
if err != nil {
191
log.Println("failed to get oauth request:", err)
192
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
193
return
194
}
195
196
defer func() {
197
+
err := db.DeleteOAuthRequestByState(o.db, state)
198
if err != nil {
199
log.Println("failed to delete oauth request for state:", state, err)
200
}
···
204
errorDescription := r.FormValue("error_description")
205
if error != "" || errorDescription != "" {
206
log.Printf("error: %s, %s", error, errorDescription)
207
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
208
return
209
}
210
211
code := r.FormValue("code")
212
if code == "" {
213
log.Println("missing code for state: ", state)
214
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
215
return
216
}
217
218
iss := r.FormValue("iss")
219
if iss == "" {
220
log.Println("missing iss for state: ", state)
221
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
222
return
223
}
224
225
+
self := o.oauth.ClientMetadata()
226
227
oauthClient, err := client.NewClient(
228
self.ClientID,
229
+
o.config.OAuth.Jwks,
230
self.RedirectURIs[0],
231
)
232
233
if err != nil {
234
log.Println("failed to create oauth client:", err)
235
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
236
return
237
}
238
239
jwk, err := helpers.ParseJWKFromBytes([]byte(oauthRequest.DpopPrivateJwk))
240
if err != nil {
241
log.Println("failed to parse jwk:", err)
242
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
243
return
244
}
245
···
253
)
254
if err != nil {
255
log.Println("failed to get token:", err)
256
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
257
return
258
}
259
260
if tokenResp.Scope != oauthScope {
261
log.Println("scope doesn't match:", tokenResp.Scope)
262
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
263
return
264
}
265
266
+
err = o.oauth.SaveSession(w, r, oauthRequest, tokenResp)
267
if err != nil {
268
log.Println("failed to save session:", err)
269
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
270
return
271
}
272
273
log.Println("session saved successfully")
274
go o.addToDefaultKnot(oauthRequest.Did)
275
276
+
if !o.config.Core.Dev {
277
+
err = o.posthog.Enqueue(posthog.Capture{
278
DistinctId: oauthRequest.Did,
279
Event: "signin",
280
})
···
287
}
288
289
func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) {
290
+
err := o.oauth.ClearSession(r, w)
291
if err != nil {
292
log.Println("failed to clear session:", err)
293
http.Redirect(w, r, "/", http.StatusFound)
···
314
defaultKnot := "knot1.tangled.sh"
315
316
log.Printf("adding %s to default knot", did)
317
+
err := o.enforcer.AddMember(defaultKnot, did)
318
if err != nil {
319
log.Println("failed to add user to knot1.tangled.sh: ", err)
320
return
321
}
322
+
err = o.enforcer.E.SavePolicy()
323
if err != nil {
324
log.Println("failed to add user to knot1.tangled.sh: ", err)
325
return
326
}
327
328
+
secret, err := db.GetRegistrationKey(o.db, defaultKnot)
329
if err != nil {
330
log.Println("failed to get registration key for knot1.tangled.sh")
331
return
332
}
333
+
signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.config.Core.Dev)
334
resp, err := signedClient.AddMember(did)
335
if err != nil {
336
log.Println("failed to add user to knot1.tangled.sh: ", err)
+16
-17
appview/oauth/oauth.go
+16
-17
appview/oauth/oauth.go
···
10
"github.com/gorilla/sessions"
11
oauth "tangled.sh/icyphox.sh/atproto-oauth"
12
"tangled.sh/icyphox.sh/atproto-oauth/helpers"
13
-
"tangled.sh/tangled.sh/core/appview"
14
"tangled.sh/tangled.sh/core/appview/config"
15
"tangled.sh/tangled.sh/core/appview/db"
16
"tangled.sh/tangled.sh/core/appview/oauth/client"
···
44
45
func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, oreq db.OAuthRequest, oresp *oauth.TokenResponse) error {
46
// first we save the did in the user session
47
-
userSession, err := o.Store.Get(r, appview.SessionName)
48
if err != nil {
49
return err
50
}
51
52
-
userSession.Values[appview.SessionDid] = oreq.Did
53
-
userSession.Values[appview.SessionHandle] = oreq.Handle
54
-
userSession.Values[appview.SessionPds] = oreq.PdsUrl
55
-
userSession.Values[appview.SessionAuthenticated] = true
56
err = userSession.Save(r, w)
57
if err != nil {
58
return fmt.Errorf("error saving user session: %w", err)
···
75
}
76
77
func (o *OAuth) ClearSession(r *http.Request, w http.ResponseWriter) error {
78
-
userSession, err := o.Store.Get(r, appview.SessionName)
79
if err != nil || userSession.IsNew {
80
return fmt.Errorf("error getting user session (or new session?): %w", err)
81
}
82
83
-
did := userSession.Values[appview.SessionDid].(string)
84
85
err = db.DeleteOAuthSessionByDid(o.Db, did)
86
if err != nil {
···
93
}
94
95
func (o *OAuth) GetSession(r *http.Request) (*db.OAuthSession, bool, error) {
96
-
userSession, err := o.Store.Get(r, appview.SessionName)
97
if err != nil || userSession.IsNew {
98
return nil, false, fmt.Errorf("error getting user session (or new session?): %w", err)
99
}
100
101
-
did := userSession.Values[appview.SessionDid].(string)
102
-
auth := userSession.Values[appview.SessionAuthenticated].(bool)
103
104
session, err := db.GetOAuthSessionByDid(o.Db, did)
105
if err != nil {
···
156
}
157
158
func (a *OAuth) GetUser(r *http.Request) *User {
159
-
clientSession, err := a.Store.Get(r, appview.SessionName)
160
161
if err != nil || clientSession.IsNew {
162
return nil
163
}
164
165
return &User{
166
-
Handle: clientSession.Values[appview.SessionHandle].(string),
167
-
Did: clientSession.Values[appview.SessionDid].(string),
168
-
Pds: clientSession.Values[appview.SessionPds].(string),
169
}
170
}
171
172
func (a *OAuth) GetDid(r *http.Request) string {
173
-
clientSession, err := a.Store.Get(r, appview.SessionName)
174
175
if err != nil || clientSession.IsNew {
176
return ""
177
}
178
179
-
return clientSession.Values[appview.SessionDid].(string)
180
}
181
182
func (o *OAuth) AuthorizedClient(r *http.Request) (*xrpc.Client, error) {
···
10
"github.com/gorilla/sessions"
11
oauth "tangled.sh/icyphox.sh/atproto-oauth"
12
"tangled.sh/icyphox.sh/atproto-oauth/helpers"
13
"tangled.sh/tangled.sh/core/appview/config"
14
"tangled.sh/tangled.sh/core/appview/db"
15
"tangled.sh/tangled.sh/core/appview/oauth/client"
···
43
44
func (o *OAuth) SaveSession(w http.ResponseWriter, r *http.Request, oreq db.OAuthRequest, oresp *oauth.TokenResponse) error {
45
// first we save the did in the user session
46
+
userSession, err := o.Store.Get(r, SessionName)
47
if err != nil {
48
return err
49
}
50
51
+
userSession.Values[SessionDid] = oreq.Did
52
+
userSession.Values[SessionHandle] = oreq.Handle
53
+
userSession.Values[SessionPds] = oreq.PdsUrl
54
+
userSession.Values[SessionAuthenticated] = true
55
err = userSession.Save(r, w)
56
if err != nil {
57
return fmt.Errorf("error saving user session: %w", err)
···
74
}
75
76
func (o *OAuth) ClearSession(r *http.Request, w http.ResponseWriter) error {
77
+
userSession, err := o.Store.Get(r, SessionName)
78
if err != nil || userSession.IsNew {
79
return fmt.Errorf("error getting user session (or new session?): %w", err)
80
}
81
82
+
did := userSession.Values[SessionDid].(string)
83
84
err = db.DeleteOAuthSessionByDid(o.Db, did)
85
if err != nil {
···
92
}
93
94
func (o *OAuth) GetSession(r *http.Request) (*db.OAuthSession, bool, error) {
95
+
userSession, err := o.Store.Get(r, SessionName)
96
if err != nil || userSession.IsNew {
97
return nil, false, fmt.Errorf("error getting user session (or new session?): %w", err)
98
}
99
100
+
did := userSession.Values[SessionDid].(string)
101
+
auth := userSession.Values[SessionAuthenticated].(bool)
102
103
session, err := db.GetOAuthSessionByDid(o.Db, did)
104
if err != nil {
···
155
}
156
157
func (a *OAuth) GetUser(r *http.Request) *User {
158
+
clientSession, err := a.Store.Get(r, SessionName)
159
160
if err != nil || clientSession.IsNew {
161
return nil
162
}
163
164
return &User{
165
+
Handle: clientSession.Values[SessionHandle].(string),
166
+
Did: clientSession.Values[SessionDid].(string),
167
+
Pds: clientSession.Values[SessionPds].(string),
168
}
169
}
170
171
func (a *OAuth) GetDid(r *http.Request) string {
172
+
clientSession, err := a.Store.Get(r, SessionName)
173
174
if err != nil || clientSession.IsNew {
175
return ""
176
}
177
178
+
return clientSession.Values[SessionDid].(string)
179
}
180
181
func (o *OAuth) AuthorizedClient(r *http.Request) (*xrpc.Client, error) {
+3
-12
appview/state/router.go
+3
-12
appview/state/router.go
···
7
"github.com/go-chi/chi/v5"
8
"github.com/gorilla/sessions"
9
"tangled.sh/tangled.sh/core/appview/middleware"
10
-
oauthhandler "tangled.sh/tangled.sh/core/appview/oauth/handler"
11
"tangled.sh/tangled.sh/core/appview/pulls"
12
"tangled.sh/tangled.sh/core/appview/repo"
13
"tangled.sh/tangled.sh/core/appview/settings"
···
154
}
155
156
func (s *State) OAuthRouter() http.Handler {
157
-
oauth := &oauthhandler.OAuthHandler{
158
-
Config: s.config,
159
-
Pages: s.pages,
160
-
Idresolver: s.idResolver,
161
-
Db: s.db,
162
-
Store: sessions.NewCookieStore([]byte(s.config.Core.CookieSecret)),
163
-
OAuth: s.oauth,
164
-
Enforcer: s.enforcer,
165
-
Posthog: s.posthog,
166
-
}
167
-
168
return oauth.Router()
169
}
170
···
7
"github.com/go-chi/chi/v5"
8
"github.com/gorilla/sessions"
9
"tangled.sh/tangled.sh/core/appview/middleware"
10
+
oauth "tangled.sh/tangled.sh/core/appview/oauth/handler"
11
"tangled.sh/tangled.sh/core/appview/pulls"
12
"tangled.sh/tangled.sh/core/appview/repo"
13
"tangled.sh/tangled.sh/core/appview/settings"
···
154
}
155
156
func (s *State) OAuthRouter() http.Handler {
157
+
store := sessions.NewCookieStore([]byte(s.config.Core.CookieSecret))
158
+
oauth := oauth.New(s.config, s.pages, s.idResolver, s.db, store, s.oauth, s.enforcer, s.posthog)
159
return oauth.Router()
160
}
161
+2
-2
appview/state/state.go
+2
-2
appview/state/state.go
···
176
177
return
178
case http.MethodPost:
179
-
session, err := s.oauth.Store.Get(r, appview.SessionName)
180
if err != nil || session.IsNew {
181
log.Println("unauthorized attempt to generate registration key")
182
http.Error(w, "Forbidden", http.StatusUnauthorized)
183
return
184
}
185
186
-
did := session.Values[appview.SessionDid].(string)
187
188
// check if domain is valid url, and strip extra bits down to just host
189
domain := r.FormValue("domain")
···
176
177
return
178
case http.MethodPost:
179
+
session, err := s.oauth.Store.Get(r, oauth.SessionName)
180
if err != nil || session.IsNew {
181
log.Println("unauthorized attempt to generate registration key")
182
http.Error(w, "Forbidden", http.StatusUnauthorized)
183
return
184
}
185
186
+
did := session.Values[oauth.SessionDid].(string)
187
188
// check if domain is valid url, and strip extra bits down to just host
189
domain := r.FormValue("domain")