too much effort into the garbage
This commit is contained in:
bel
@@ -2,13 +2,14 @@ package server
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"gitea.inhome.blapointe.com/local/oauth2"
|
||||
"gitea.inhome.blapointe.com/local/router"
|
||||
"gitea.inhome.blapointe.com/local/storage"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"gitea.inhome.blapointe.com/local/oauth2"
|
||||
"gitea.inhome.blapointe.com/local/router"
|
||||
"gitea.inhome.blapointe.com/local/storage"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
@@ -55,9 +56,9 @@ func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func (s *Server) genAuth(scope, user string) {
|
||||
access := uuid.New().String()
|
||||
token := uuid.New().String()
|
||||
s.store.Set(user, []byte(access), ACCESS)
|
||||
s.store.Set(scope+"."+access, []byte(token), TOKEN)
|
||||
s.store.Set(user, []byte(user), ACCESS)
|
||||
s.store.Set(access, []byte(user), ACCESS)
|
||||
}
|
||||
|
||||
func (s *Server) getAccess(scope, user string) (string, bool) {
|
||||
@@ -69,7 +70,10 @@ func (s *Server) getAccess(scope, user string) (string, bool) {
|
||||
return string(access), err == nil
|
||||
}
|
||||
|
||||
func (s *Server) getToken(scope, access string) (string, bool) {
|
||||
token, err := s.store.Get(scope+"."+access, TOKEN)
|
||||
return string(token), err == nil
|
||||
func (s *Server) verifyAccess(access string) error {
|
||||
_, err := s.store.Get(access, ACCESS)
|
||||
if err != nil {
|
||||
return fmt.Errorf("access not found: %s", access)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package server
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"gitea.inhome.blapointe.com/local/oauth2/oauth2server/config"
|
||||
"gitea.inhome.blapointe.com/local/router"
|
||||
"gitea.inhome.blapointe.com/local/storage"
|
||||
@@ -14,7 +15,6 @@ var wildcard = router.Wildcard
|
||||
const (
|
||||
USERS = "users"
|
||||
ACCESS = "access"
|
||||
TOKEN = "token"
|
||||
SALT = "salt"
|
||||
)
|
||||
|
||||
@@ -42,10 +42,6 @@ func purgeIssuedCredentials(store storage.DB) {
|
||||
for _, access := range accesses {
|
||||
store.Set(access, nil, ACCESS)
|
||||
}
|
||||
tokens, _ := store.List([]string{TOKEN})
|
||||
for _, token := range tokens {
|
||||
store.Set(token, nil, TOKEN)
|
||||
}
|
||||
}
|
||||
|
||||
func wrapBody(title, body string) string {
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"gitea.inhome.blapointe.com/local/router"
|
||||
"net/http"
|
||||
|
||||
"gitea.inhome.blapointe.com/local/router"
|
||||
)
|
||||
|
||||
func (s *Server) verify(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -13,10 +14,8 @@ func (s *Server) verify(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
access := r.FormValue("access")
|
||||
token, ok := s.getToken(scope, access)
|
||||
if !ok {
|
||||
if err := s.verifyAccess(access); err != nil {
|
||||
http.Error(w, "unknown access", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
w.Write([]byte(token))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user