summaryrefslogtreecommitdiff
path: root/api/auth/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/auth/auth.go')
-rw-r--r--api/auth/auth.go115
1 files changed, 63 insertions, 52 deletions
diff --git a/api/auth/auth.go b/api/auth/auth.go
index dc348b2..3c633cd 100644
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@@ -35,7 +35,7 @@ func StartSessionContinuation(context *types.RequestContext, req *http.Request,
Path: "/",
Secure: true,
SameSite: http.SameSiteLaxMode,
- MaxAge: 60,
+ MaxAge: 200,
})
http.SetCookie(resp, &http.Cookie{
Name: "state",
@@ -43,7 +43,7 @@ func StartSessionContinuation(context *types.RequestContext, req *http.Request,
Path: "/",
Secure: true,
SameSite: http.SameSiteLaxMode,
- MaxAge: 60,
+ MaxAge: 200,
})
http.Redirect(resp, req, url, http.StatusFound)
@@ -102,6 +102,16 @@ func InterceptOauthCodeContinuation(context *types.RequestContext, req *http.Req
SameSite: http.SameSiteLaxMode,
Secure: true,
})
+ http.SetCookie(resp, &http.Cookie{
+ Name: "verifier",
+ Value: "",
+ MaxAge: 0,
+ })
+ http.SetCookie(resp, &http.Cookie{
+ Name: "state",
+ Value: "",
+ MaxAge: 0,
+ })
redirect := "/"
redirectCookie, err := req.Cookie("redirect")
@@ -110,6 +120,7 @@ func InterceptOauthCodeContinuation(context *types.RequestContext, req *http.Req
http.SetCookie(resp, &http.Cookie{
Name: "redirect",
MaxAge: 0,
+ Value: "",
})
}
@@ -118,52 +129,6 @@ func InterceptOauthCodeContinuation(context *types.RequestContext, req *http.Req
}
}
-func getUserFromAuthHeader(dbConn *sql.DB, bearerToken string) (*database.User, error) {
- if bearerToken == "" {
- return nil, nil
- }
-
- parts := strings.Split(bearerToken, " ")
- if len(parts) != 2 || parts[0] != "Bearer" {
- return nil, nil
- }
-
- typesKey, err := database.GetAPIKey(dbConn, parts[1])
- if err != nil {
- return nil, err
- }
- if typesKey == nil {
- return nil, nil
- }
-
- user, err := database.GetUser(dbConn, typesKey.UserID)
- if err != nil {
- return nil, err
- }
-
- return user, nil
-}
-
-func getUserFromSession(dbConn *sql.DB, sessionId string) (*database.User, error) {
- session, err := database.GetSession(dbConn, sessionId)
- if err != nil {
- return nil, err
- }
-
- if session.ExpireAt.Before(time.Now()) {
- session = nil
- database.DeleteSession(dbConn, sessionId)
- return nil, fmt.Errorf("session expired")
- }
-
- user, err := database.GetUser(dbConn, session.UserID)
- if err != nil {
- return nil, err
- }
-
- return user, nil
-}
-
func VerifySessionContinuation(context *types.RequestContext, req *http.Request, resp http.ResponseWriter) types.ContinuationChain {
return func(success types.Continuation, failure types.Continuation) types.ContinuationChain {
authHeader := req.Header.Get("Authorization")
@@ -179,6 +144,7 @@ func VerifySessionContinuation(context *types.RequestContext, req *http.Request,
http.SetCookie(resp, &http.Cookie{
Name: "session",
+ Value: "",
MaxAge: 0, // reset session cookie in case
})
@@ -210,13 +176,11 @@ func RefreshSessionContinuation(context *types.RequestContext, req *http.Request
return func(success types.Continuation, failure types.Continuation) types.ContinuationChain {
sessionCookie, err := req.Cookie("session")
if err != nil {
- resp.WriteHeader(http.StatusUnauthorized)
return failure(context, req, resp)
}
_, err = database.RefreshSession(context.DBConn, sessionCookie.Value)
if err != nil {
- resp.WriteHeader(http.StatusUnauthorized)
return failure(context, req, resp)
}
@@ -235,6 +199,7 @@ func LogoutContinuation(context *types.RequestContext, req *http.Request, resp h
http.SetCookie(resp, &http.Cookie{
Name: "session",
MaxAge: 0,
+ Value: "",
})
return success(context, req, resp)
}
@@ -246,7 +211,7 @@ func getOauthUser(dbConn *sql.DB, client *http.Client, uri string) (*database.Us
return nil, err
}
- userStruct, err := createUserFromResponse(userResponse)
+ userStruct, err := createUserFromOauthResponse(userResponse)
if err != nil {
return nil, err
}
@@ -259,7 +224,7 @@ func getOauthUser(dbConn *sql.DB, client *http.Client, uri string) (*database.Us
return user, nil
}
-func createUserFromResponse(response *http.Response) (*database.User, error) {
+func createUserFromOauthResponse(response *http.Response) (*database.User, error) {
user := &database.User{
CreatedAt: time.Now(),
}
@@ -286,3 +251,49 @@ func verifyState(req *http.Request, stateCookieName string, expectedState string
return true
}
+
+func getUserFromAuthHeader(dbConn *sql.DB, bearerToken string) (*database.User, error) {
+ if bearerToken == "" {
+ return nil, nil
+ }
+
+ parts := strings.Split(bearerToken, " ")
+ if len(parts) != 2 || parts[0] != "Bearer" {
+ return nil, nil
+ }
+
+ key, err := database.GetAPIKey(dbConn, parts[1])
+ if err != nil {
+ return nil, err
+ }
+ if key == nil {
+ return nil, nil
+ }
+
+ user, err := database.GetUser(dbConn, key.UserID)
+ if err != nil {
+ return nil, err
+ }
+
+ return user, nil
+}
+
+func getUserFromSession(dbConn *sql.DB, sessionId string) (*database.User, error) {
+ session, err := database.GetSession(dbConn, sessionId)
+ if err != nil {
+ return nil, err
+ }
+
+ if session.ExpireAt.Before(time.Now()) {
+ session = nil
+ database.DeleteSession(dbConn, sessionId)
+ return nil, fmt.Errorf("session expired")
+ }
+
+ user, err := database.GetUser(dbConn, session.UserID)
+ if err != nil {
+ return nil, err
+ }
+
+ return user, nil
+}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-12-30 13:04:44 +0000