Ailur-Archives
/
burgerauth
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

BETA: Add name support instead of relying on the appId

This commit is contained in:
Tracker-Friendly 2024-05-06 12:53:04 +01:00
parent 0db0bb5094
commit 85b2af8225
6 changed files with 128 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
main.go
View File

@ -355,7 +355,28 @@ func main() {
}) })
router.GET("/app", func(c *gin.Context) { router.GET("/app", func(c *gin.Context) {
c.HTML(200, "main.html", gin.H{}) conn := get_db_connection()
defer func(conn *sql.DB) {
err := conn.Close()
if err != nil {
log.Println("[ERROR] Unknown in /app defer at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more detail. Include this error code: cannot_close_db.")
return
}
}(conn)
appId := c.Request.URL.Query().Get("client_id")
var name string
err := conn.QueryRow("SELECT name FROM oauth WHERE appId = ? LIMIT 1", appId).Scan(&name)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
c.String(404, "App not found")
} else {
log.Println("[ERROR] Unknown in /app at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
}
return
}
c.HTML(200, "main.html", gin.H{"name": name})
}) })
router.GET("/dashboard", func(c *gin.Context) { router.GET("/dashboard", func(c *gin.Context) {
@ -954,7 +975,7 @@ func main() {
} }
secretKey := data["secretKey"].(string) secretKey := data["secretKey"].(string)
appId := data["appId"].(string) name := data["name"].(string)
rdiruri := data["rdiruri"].(string) rdiruri := data["rdiruri"].(string)
id, norows := get_user_from_session(secretKey) id, norows := get_user_from_session(secretKey)
@ -963,7 +984,7 @@ func main() {
return return
} }
var testsecret string var testsecret, testappid string
secret := genSalt(512) secret := genSalt(512)
conn := get_db_connection() conn := get_db_connection()
defer func(conn *sql.DB) { defer func(conn *sql.DB) {
@ -990,26 +1011,30 @@ func main() {
} }
} }
_, err = conn.Exec("SELECT secret FROM oauth WHERE appId = ?", appId) appId := genSalt(32)
for {
err = conn.QueryRow("SELECT appId FROM oauth WHERE appId = ?", appId).Scan(&testappid)
if err != nil { if err != nil {
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
log.Println("[Info] New Oauth source added with ID:", appId) log.Println("[Info] New Oauth source added with ID:", appId)
break
} else { } else {
log.Println("[ERROR] Unknown in /api/newauth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) log.Println("[ERROR] Unknown in /api/newauth appidcheck at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Unknown error occured"}) c.JSON(500, gin.H{"error": "Unknown error occured"})
return return
} }
} else { } else {
secret = genSalt(512) appId = genSalt(32)
}
} }
_, err = conn.Exec("INSERT INTO oauth (appId, creator, secret, rdiruri) VALUES (?, ?, ?, ?)", appId, id, secret, rdiruri) _, err = conn.Exec("INSERT INTO oauth (name, appId, creator, secret, rdiruri) VALUES (?, ?, ?, ?, ?)", name, appId, id, secret, rdiruri)
if err != nil { if err != nil {
log.Println("[ERROR] Unknown in /api/newauth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) log.Println("[ERROR] Unknown in /api/newauth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
return return
} }
c.JSON(200, gin.H{"key": secret}) c.JSON(200, gin.H{"key": secret, "appId": appId})
}) })
router.POST("/api/listauth", func(c *gin.Context) { router.POST("/api/listauth", func(c *gin.Context) {
@ -1038,7 +1063,7 @@ func main() {
} }
}(conn) }(conn)
rows, err := conn.Query("SELECT appId FROM oauth WHERE creator = ? ORDER BY creator DESC", id) rows, err := conn.Query("SELECT appId, name, rdiruri FROM oauth WHERE creator = ? ORDER BY creator DESC", id)
if err != nil { if err != nil {
c.JSON(500, gin.H{"error": "Failed to query database"}) c.JSON(500, gin.H{"error": "Failed to query database"})
return return
@ -1052,12 +1077,12 @@ func main() {
var datatemplate []map[string]interface{} var datatemplate []map[string]interface{}
for rows.Next() { for rows.Next() {
var appId string var appId, name, rdiruri string
if err := rows.Scan(&appId); err != nil { if err := rows.Scan(&appId, &name, &rdiruri); err != nil {
c.JSON(500, gin.H{"error": "Failed to scan row"}) c.JSON(500, gin.H{"error": "Failed to scan row"})
return return
} }
template := map[string]interface{}{"appId": appId} template := map[string]interface{}{"appId": appId, "name": name, "rdiruri": rdiruri}
datatemplate = append(datatemplate, template) datatemplate = append(datatemplate, template)
} }
if err := rows.Err(); err != nil { if err := rows.Err(); err != nil {

3
schema.sql
View File

@ -49,5 +49,6 @@ CREATE TABLE oauth (
appId TEXT NOT NULL, appId TEXT NOT NULL,
secret TEXT NOT NULL, secret TEXT NOT NULL,
creator INTEGER NOT NULL, creator INTEGER NOT NULL,
rdiruri TEXT NOT NULL rdiruri TEXT NOT NULL,
name TEXT NOT NULL
) )

79
static/css/dashboard.css
View File

@ -1,7 +1,47 @@
@import url("/static/fonts/inter.css");
body { body {
font-family: Arial, sans-serif; margin: 0;
font-family: "Inter", sans-serif;
text-align: center; text-align: center;
overflow-wrap: anywhere; overflow-wrap: anywhere;
--theme-color: #157efb;
--border-color: #dadada;
--editor: #ffffff;
--bar: #f4f4f4;
color: #000000;
}
@media (prefers-color-scheme: dark) {
body {
--border-color: #393b3d;
--bar: #2d2f31;
--editor: #202124;
color: #ffffff;
}
}
.spacer {
margin-top: 30px;
}
.credit {
position: fixed;
left: 5px;
color: white;
z-index: -1;
margin: 0;
bottom: 5px;
text-shadow: black 1px 1px 5px;
}
.background {
position: fixed;
z-index: -2;
top: 0;
left: 0;
width: 100%;
min-height: 100%;
} }
.newoauth, .oauthlist, .oauthentry { .newoauth, .oauthlist, .oauthentry {
@ -15,7 +55,8 @@ body {
border-radius: 8px; border-radius: 8px;
border-width: 1px; border-width: 1px;
font-size: 17px; font-size: 17px;
background-color: rgb(235, 255, 235); background-color: var(--bar);
border-color: var(--border-color);
} }
.oauthentry { .oauthentry {
@ -23,7 +64,6 @@ body {
flex-direction: column; flex-direction: column;
justify-content: center; justify-content: center;
padding: 5px; padding: 5px;
background-color: lightcyan;
} }
.oauthentry button { .oauthentry button {
@ -37,25 +77,36 @@ body {
} }
button { button {
border: 1px solid black; background-color: var(--theme-color);
padding: 3px; color: white;
border-radius: 5px; padding: 10px;
background-color: lightcyan; margin-right: 5px;
transition: all 0.3s ease 0s; border: none;
border-radius: 8px;
font-size: 14px;
} }
button:hover { button:hover {
background-color: white; background-color: #152efb;
transition: all 0.3s ease 0s;
} }
h { h2 {
display: block; display: block;
margin-top: 20px; margin-top: 20px;
font-size: 20px; font-weight: 300;
} }
input { input {
padding: 3px; width: calc(100% - 120px);
border-radius: 5px; height: 30px;
border: black solid 1px; margin-bottom: 10px;
padding-left: 10px;
padding-right: 10px;
border: solid;
border-color: var(--border-color);
border-width: 1px;
border-radius: 8px;
background-color: var(--editor);
} }

18
static/js/dashboard.js
View File

@ -18,7 +18,7 @@ function attempt() {
"Content-Type": "application/json" "Content-Type": "application/json"
}, },
body: JSON.stringify({ body: JSON.stringify({
appId: document.getElementById("appidbox").value, name: document.getElementById("appidbox").value,
rdiruri: document.getElementById("rdiruribox").value, rdiruri: document.getElementById("rdiruribox").value,
secretKey: localStorage.getItem("DONOTSHARE-secretkey") secretKey: localStorage.getItem("DONOTSHARE-secretkey")
}) })
@ -26,12 +26,12 @@ function attempt() {
.then(response => { .then(response => {
async function doStuff() { async function doStuff() {
let code = await response.json() let code = await response.json()
if (response.status == 200) { if (response.status === 200) {
document.getElementById("status").innerText = "Your key is: " + code["key"] + ". This will only be shown once!" document.getElementById("status").innerText = "Your secret key is: " + code["key"] + " and your client id is: " + code["appId"] + ". This will only be shown once!"
getauths(); getauths();
} else if (response.status == 500) { } else if (response.status === 500) {
document.getElementById("status").innerText = "Whoops... Something went wrong. Please try again later. (Error Code 500)" document.getElementById("status").innerText = "Whoops... Something went wrong. Please try again later. (Error Code 500)"
} else if (response.status == 401) { } else if (response.status === 401) {
document.getElementById("status").innerText = "AppID already taken. (Error Code 401)" document.getElementById("status").innerText = "AppID already taken. (Error Code 401)"
} else { } else {
document.getElementById("status").innerText = "Unkown error encountered. (Error Code " + response.status + ")" document.getElementById("status").innerText = "Unkown error encountered. (Error Code " + response.status + ")"
@ -59,11 +59,15 @@ function getauths() {
for (let i in responseData) { for (let i in responseData) {
let oauthElement = document.createElement("div") let oauthElement = document.createElement("div")
let oauthText = document.createElement("p") let oauthText = document.createElement("p")
let oauthName = document.createElement("p")
let oauthUrl = document.createElement("p")
let oauthRemoveButton = document.createElement("button") let oauthRemoveButton = document.createElement("button")
oauthText.innerText = "Client ID: " + responseData[i]["appId"] oauthText.innerText = "Client ID: " + responseData[i]["appId"]
oauthName.innerText = "App name: " + responseData[i]["name"]
oauthUrl.innerText = "Redirect Url: " + responseData[i]["rdiruri"]
oauthRemoveButton.innerText = "Delete Permanently" oauthRemoveButton.innerText = "Delete Permanently"
oauthRemoveButton.addEventListener("click", (event) => { oauthRemoveButton.addEventListener("click", () => {
if (window.confirm("Are you SURE you would like to delete this FOREVER?") == true) { if (window.confirm("Are you SURE you would like to delete this FOREVER?") === true) {
fetch(origin + "/api/deleteauth", { fetch(origin + "/api/deleteauth", {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({

6
templates/dashboard.html
View File

@ -6,8 +6,10 @@
<title>Dashboard</title> <title>Dashboard</title>
</head> </head>
<body> <body>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<div class="newoauth"> <div class="newoauth">
<h>Submit a new OAuth2 App</h> <h2>Submit a new OAuth2 App</h2>
<p id="status"></p> <p id="status"></p>
<p>AppID:</p> <p>AppID:</p>
<input id="appidbox"> <input id="appidbox">
@ -17,7 +19,7 @@
<button style="margin-top: 10px;" onclick="attempt()">Submit</button> <button style="margin-top: 10px;" onclick="attempt()">Submit</button>
</div> </div>
<div class="oauthlist" id="oauthlist"> <div class="oauthlist" id="oauthlist">
<h>Your existing apps</h> <h2>Your existing apps</h2>
</div> </div>
</body> </body>
</html> </html>

5
templates/main.html
View File

@ -22,8 +22,8 @@
// Get URL parameters // Get URL parameters
if (urlParams.has('client_id')) { if (urlParams.has('client_id')) {
client_id = urlParams.get('client_id'); let name = document.getElementById("passthrough").innerText;
statusBox.textContent = "Would you like to allow " + client_id + " to access your user information?"; statusBox.textContent = "Would you like to allow " + name + " to access your user information?";
redirect_uri = urlParams.get('redirect_uri'); redirect_uri = urlParams.get('redirect_uri');
response_type = urlParams.get('response_type'); response_type = urlParams.get('response_type');
} else { } else {
@ -65,6 +65,7 @@
</head> </head>
<body> <body>
<p id="passthrough" style="display: none;">{{ .name }}</p>
<p class="credit">Image by perga (@pergagreen on discord)</p> <p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt=""> <img src="/static/img/background.jpg" class="background" alt="">
<div class="inoutdiv"> <div class="inoutdiv">