burgerauth/templates/main.html

<html lang="en">
<head>
    <title>Authorize application</title>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    <link rel="stylesheet" type="text/css" href="/static/css/style.css" media="">
    <script src="/static/js/hash-wasm.js"></script>
    <link rel="icon" href="/static/svg/favicon.svg">
    <script>
        let client_id, redirect_uri, response_type, state, code, codemethod, secret_key, expires, nonce;

        if (localStorage.getItem("DONOTSHARE-secretkey") === null) {
            window.location.replace("/login" + window.location.search)
            document.body.innerHTML = "Redirecting..."
            throw new Error();
        }

        document.addEventListener("DOMContentLoaded", function() {
            const urlParams = new URLSearchParams(window.location.search);
            const statusBox = document.getElementById("statusBox");

            // Get URL parameters
            if (urlParams.has('client_id')) {
                client_id = urlParams.get('client_id')
                let name = document.getElementById("passthrough").innerText;
                statusBox.textContent = "Would you like to allow " + name + " to access your user information?";
                redirect_uri = urlParams.get('redirect_uri');
                response_type = urlParams.get('response_type');
            } else {
                window.location.replace("/dashboard");
                document.body.innerHTML = "Redirecting..."
                throw new Error();
            }

            state = urlParams.has('state') ? urlParams.get('state') : "none";

            if (urlParams.has('code_challenge')) {
                code = urlParams.get('code_challenge');
                codemethod = urlParams.get('code_challenge_method');
            } else {
                code = "none";
                codemethod = "none";
            }

            if (urlParams.has('nonce')) {
                nonce = urlParams.get('nonce');
            } else {
                nonce = "none";
            }

            // Get DONOTSHARE-secretkey from localStorage
            secret_key = localStorage.getItem("DONOTSHARE-secretkey");
            const now = new Date();
            const expireTime = now.getTime() + (21 * 1000); // 21 seconds from now
            expires = new Date(expireTime).toUTCString();
        });

        function oauth() {
            document.cookie = "key=" + secret_key + "; expires=" + expires + "; path=/; SameSite=Strict";

            // Send data to example.org using POST request
            window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce);
        }
    </script>
</head>

<body>
    <p id="passthrough" style="display: none;">{{ .name }}</p>
    <p class="credit">Image by perga (@pergagreen on discord)</p>
    <img src="/static/img/background.jpg" class="background" alt="">
    <div style="position: fixed;top: 0;"><button onclick="document.getElementById('iframe').classList.toggle('hidden');" class="acctbutton">Account</button><iframe id="iframe" src="/account" class="iframe hidden"></iframe></div>
    <div class="inoutdiv">
        <h2 class="w300">Authorise Application</h2>
        <p id="statusBox">Loading...</p>
        <br>
        <div style="display: flex;justify-content: center;">
            <button onclick="oauth();" style="width: 100%;margin: 0 3px 0 0;">Allow</button>
            <button onclick="window.location.replace('https://www.hectabit.org');" style="width: 100%;margin: 0 0 0 3px;">Deny</button>
        </div>
    </div>
</body>

</html>