Clean up url generation and callback
This commit is contained in:
parent
e596a116bb
commit
f3da9da58d
|
@ -185,6 +185,16 @@ func isLoggedIn(backend *memoryBackend, sess *session) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func performIndieauthCallback(r *http.Request, sess *session) (bool, *authResponse, error) {
|
||||||
|
state := r.Form.Get("state")
|
||||||
|
if state != sess.State {
|
||||||
|
return false, &authResponse{}, fmt.Errorf("mismatched state")
|
||||||
|
}
|
||||||
|
|
||||||
|
code := r.Form.Get("code")
|
||||||
|
return verifyAuthCode(code, sess.RedirectURI, sess.AuthorizationEndpoint)
|
||||||
|
}
|
||||||
|
|
||||||
func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
conn := pool.Get()
|
conn := pool.Get()
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
|
@ -225,15 +235,7 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
sessionVar := c.Value
|
sessionVar := c.Value
|
||||||
sess, err := loadSession(sessionVar, conn)
|
sess, err := loadSession(sessionVar, conn)
|
||||||
|
|
||||||
state := r.Form.Get("state")
|
verified, authResponse, err := performIndieauthCallback(r, &sess)
|
||||||
if state != sess.State {
|
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
|
||||||
fmt.Fprintf(w, "ERROR: Mismatched state\n")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
code := r.Form.Get("code")
|
|
||||||
|
|
||||||
verified, authResponse, err := verifyAuthCode(code, sess.RedirectURI, sess.AuthorizationEndpoint)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(w, "ERROR: %q\n", err)
|
fmt.Fprintf(w, "ERROR: %q\n", err)
|
||||||
return
|
return
|
||||||
|
@ -390,10 +392,7 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
|
|
||||||
} else if r.URL.Path == "/auth/token" {
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if r.Method == http.MethodPost {
|
} else if r.Method == http.MethodPost {
|
||||||
if r.URL.Path == "/session" {
|
if r.URL.Path == "/session" {
|
||||||
c, err := r.Cookie("session")
|
c, err := r.Cookie("session")
|
||||||
|
@ -438,15 +437,9 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
saveSession(sessionVar, &sess, conn)
|
saveSession(sessionVar, &sess, conn)
|
||||||
|
|
||||||
q := authURL.Query()
|
authenticationURL := indieauth.CreateAuthenticationURL(*authURL, meURL.String(), ClientID, redirectURI, state)
|
||||||
q.Add("response_type", "id")
|
|
||||||
q.Add("me", meURL.String())
|
|
||||||
q.Add("client_id", ClientID)
|
|
||||||
q.Add("redirect_uri", redirectURI)
|
|
||||||
q.Add("state", state)
|
|
||||||
authURL.RawQuery = q.Encode()
|
|
||||||
|
|
||||||
http.Redirect(w, r, authURL.String(), 302)
|
http.Redirect(w, r, authenticationURL, 302)
|
||||||
return
|
return
|
||||||
} else if r.URL.Path == "/session/logout" {
|
} else if r.URL.Path == "/session/logout" {
|
||||||
c, err := r.Cookie("session")
|
c, err := r.Cookie("session")
|
||||||
|
|
|
@ -94,16 +94,9 @@ func Authorize(me *url.URL, endpoints Endpoints, clientID, scope string) (TokenR
|
||||||
redirectURI := fmt.Sprintf("http://%s/", local)
|
redirectURI := fmt.Sprintf("http://%s/", local)
|
||||||
state := util.RandStringBytes(16)
|
state := util.RandStringBytes(16)
|
||||||
|
|
||||||
q := authURL.Query()
|
authorizationURL := CreateAuthorizationURL(*authURL, me.String(), clientID, redirectURI, state, scope)
|
||||||
q.Add("response_type", "code")
|
|
||||||
q.Add("me", me.String())
|
|
||||||
q.Add("client_id", clientID)
|
|
||||||
q.Add("redirect_uri", redirectURI)
|
|
||||||
q.Add("state", state)
|
|
||||||
q.Add("scope", scope)
|
|
||||||
authURL.RawQuery = q.Encode()
|
|
||||||
|
|
||||||
log.Printf("Browse to %s\n", authURL.String())
|
log.Printf("Browse to %s\n", authorizationURL)
|
||||||
|
|
||||||
shutdown := make(chan struct{}, 1)
|
shutdown := make(chan struct{}, 1)
|
||||||
|
|
||||||
|
@ -164,3 +157,29 @@ func Authorize(me *url.URL, endpoints Endpoints, clientID, scope string) (TokenR
|
||||||
|
|
||||||
return tokenResponse, nil
|
return tokenResponse, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func CreateAuthenticationURL(authURL url.URL, meURL, clientID, redirectURI, state string) string {
|
||||||
|
q := authURL.Query()
|
||||||
|
|
||||||
|
q.Add("response_type", "id")
|
||||||
|
q.Add("me", meURL)
|
||||||
|
q.Add("client_id", clientID)
|
||||||
|
q.Add("redirect_uri", redirectURI)
|
||||||
|
q.Add("state", state)
|
||||||
|
|
||||||
|
authURL.RawQuery = q.Encode()
|
||||||
|
|
||||||
|
return authURL.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func CreateAuthorizationURL(authURL url.URL, meURL, clientID, redirectURI, state, scope string) string {
|
||||||
|
q := authURL.Query()
|
||||||
|
q.Add("response_type", "code")
|
||||||
|
q.Add("me", meURL)
|
||||||
|
q.Add("client_id", clientID)
|
||||||
|
q.Add("redirect_uri", redirectURI)
|
||||||
|
q.Add("state", state)
|
||||||
|
q.Add("scope", scope)
|
||||||
|
authURL.RawQuery = q.Encode()
|
||||||
|
return authURL.String()
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user