Ailur
/
burgerauth
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

BETA: Add name support instead of relying on the appId

This commit is contained in:
Tracker-Friendly 2024-05-06 12:53:04 +01:00
parent 0db0bb5094
commit 85b2af8225
6 changed files with 128 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
main.go
View File

@ -355,7 +355,28 @@ func main() {
})
router.GET("/app", func(c *gin.Context) {
c.HTML(200, "main.html", gin.H{})
conn := get_db_connection()
defer func(conn *sql.DB) {
err := conn.Close()
if err != nil {
log.Println("[ERROR] Unknown in /app defer at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more detail. Include this error code: cannot_close_db.")
return
}
}(conn)
appId := c.Request.URL.Query().Get("client_id")
var name string
err := conn.QueryRow("SELECT name FROM oauth WHERE appId = ? LIMIT 1", appId).Scan(&name)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
c.String(404, "App not found")
} else {
log.Println("[ERROR] Unknown in /app at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
}
return
}
c.HTML(200, "main.html", gin.H{"name": name})
})
router.GET("/dashboard", func(c *gin.Context) {
@ -954,7 +975,7 @@ func main() {
}
secretKey := data["secretKey"].(string)
appId := data["appId"].(string)
name := data["name"].(string)
rdiruri := data["rdiruri"].(string)
id, norows := get_user_from_session(secretKey)
@ -963,7 +984,7 @@ func main() {
return
}
var testsecret string
var testsecret, testappid string
secret := genSalt(512)
conn := get_db_connection()
defer func(conn *sql.DB) {
@ -990,26 +1011,30 @@ func main() {
}
}
_, err = conn.Exec("SELECT secret FROM oauth WHERE appId = ?", appId)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
log.Println("[Info] New Oauth source added with ID:", appId)
appId := genSalt(32)
for {
err = conn.QueryRow("SELECT appId FROM oauth WHERE appId = ?", appId).Scan(&testappid)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
log.Println("[Info] New Oauth source added with ID:", appId)
break
} else {
log.Println("[ERROR] Unknown in /api/newauth appidcheck at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Unknown error occured"})
return
}
} else {
log.Println("[ERROR] Unknown in /api/newauth at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Unknown error occured"})
return
appId = genSalt(32)
}
} else {
secret = genSalt(512)
}
_, err = conn.Exec("INSERT INTO oauth (appId, creator, secret, rdiruri) VALUES (?, ?, ?, ?)", appId, id, secret, rdiruri)
_, err = conn.Exec("INSERT INTO oauth (name, appId, creator, secret, rdiruri) VALUES (?, ?, ?, ?, ?)", name, appId, id, secret, rdiruri)
if err != nil {
log.Println("[ERROR] Unknown in /api/newauth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
return
}
c.JSON(200, gin.H{"key": secret})
c.JSON(200, gin.H{"key": secret, "appId": appId})
})
router.POST("/api/listauth", func(c *gin.Context) {
@ -1038,7 +1063,7 @@ func main() {
}
}(conn)
rows, err := conn.Query("SELECT appId FROM oauth WHERE creator = ? ORDER BY creator DESC", id)
rows, err := conn.Query("SELECT appId, name, rdiruri FROM oauth WHERE creator = ? ORDER BY creator DESC", id)
if err != nil {
c.JSON(500, gin.H{"error": "Failed to query database"})
return
@ -1052,12 +1077,12 @@ func main() {
var datatemplate []map[string]interface{}
for rows.Next() {
var appId string
if err := rows.Scan(&appId); err != nil {
var appId, name, rdiruri string
if err := rows.Scan(&appId, &name, &rdiruri); err != nil {
c.JSON(500, gin.H{"error": "Failed to scan row"})
return
}
template := map[string]interface{}{"appId": appId}
template := map[string]interface{}{"appId": appId, "name": name, "rdiruri": rdiruri}
datatemplate = append(datatemplate, template)
}
if err := rows.Err(); err != nil {

3
schema.sql
View File

@ -49,5 +49,6 @@ CREATE TABLE oauth (
appId TEXT NOT NULL,
secret TEXT NOT NULL,
creator INTEGER NOT NULL,
rdiruri TEXT NOT NULL
rdiruri TEXT NOT NULL,
name TEXT NOT NULL
)

79
static/css/dashboard.css
View File

@ -1,7 +1,47 @@
@import url("/static/fonts/inter.css");
body {
font-family: Arial, sans-serif;
margin: 0;
font-family: "Inter", sans-serif;
text-align: center;
overflow-wrap: anywhere;
--theme-color: #157efb;
--border-color: #dadada;
--editor: #ffffff;
--bar: #f4f4f4;
color: #000000;
}
@media (prefers-color-scheme: dark) {
body {
--border-color: #393b3d;
--bar: #2d2f31;
--editor: #202124;
color: #ffffff;
}
}
.spacer {
margin-top: 30px;
}
.credit {
position: fixed;
left: 5px;
color: white;
z-index: -1;
margin: 0;
bottom: 5px;
text-shadow: black 1px 1px 5px;
}
.background {
position: fixed;
z-index: -2;
top: 0;
left: 0;
width: 100%;
min-height: 100%;
}
.newoauth, .oauthlist, .oauthentry {
@ -15,7 +55,8 @@ body {
border-radius: 8px;
border-width: 1px;
font-size: 17px;
background-color: rgb(235, 255, 235);
background-color: var(--bar);
border-color: var(--border-color);
}
.oauthentry {
@ -23,7 +64,6 @@ body {
flex-direction: column;
justify-content: center;
padding: 5px;
background-color: lightcyan;
}
.oauthentry button {
@ -37,25 +77,36 @@ body {
}
button {
border: 1px solid black;
padding: 3px;
border-radius: 5px;
background-color: lightcyan;
transition: all 0.3s ease 0s;
background-color: var(--theme-color);
color: white;
padding: 10px;
margin-right: 5px;
border: none;
border-radius: 8px;
font-size: 14px;
}
button:hover {
background-color: white;
background-color: #152efb;
transition: all 0.3s ease 0s;
}
h {
h2 {
display: block;
margin-top: 20px;
font-size: 20px;
font-weight: 300;
}
input {
padding: 3px;
border-radius: 5px;
border: black solid 1px;
width: calc(100% - 120px);
height: 30px;
margin-bottom: 10px;
padding-left: 10px;
padding-right: 10px;
border: solid;
border-color: var(--border-color);
border-width: 1px;
border-radius: 8px;
background-color: var(--editor);
}

18
static/js/dashboard.js
View File

@ -18,7 +18,7 @@ function attempt() {
"Content-Type": "application/json"
},
body: JSON.stringify({
appId: document.getElementById("appidbox").value,
name: document.getElementById("appidbox").value,
rdiruri: document.getElementById("rdiruribox").value,
secretKey: localStorage.getItem("DONOTSHARE-secretkey")
})
@ -26,12 +26,12 @@ function attempt() {
.then(response => {
async function doStuff() {
let code = await response.json()
if (response.status == 200) {
document.getElementById("status").innerText = "Your key is: " + code["key"] + ". This will only be shown once!"
if (response.status === 200) {
document.getElementById("status").innerText = "Your secret key is: " + code["key"] + " and your client id is: " + code["appId"] + ". This will only be shown once!"
getauths();
} else if (response.status == 500) {
} else if (response.status === 500) {
document.getElementById("status").innerText = "Whoops... Something went wrong. Please try again later. (Error Code 500)"
} else if (response.status == 401) {
} else if (response.status === 401) {
document.getElementById("status").innerText = "AppID already taken. (Error Code 401)"
} else {
document.getElementById("status").innerText = "Unkown error encountered. (Error Code " + response.status + ")"
@ -59,11 +59,15 @@ function getauths() {
for (let i in responseData) {
let oauthElement = document.createElement("div")
let oauthText = document.createElement("p")
let oauthName = document.createElement("p")
let oauthUrl = document.createElement("p")
let oauthRemoveButton = document.createElement("button")
oauthText.innerText = "Client ID: " + responseData[i]["appId"]
oauthName.innerText = "App name: " + responseData[i]["name"]
oauthUrl.innerText = "Redirect Url: " + responseData[i]["rdiruri"]
oauthRemoveButton.innerText = "Delete Permanently"
oauthRemoveButton.addEventListener("click", (event) => {
if (window.confirm("Are you SURE you would like to delete this FOREVER?") == true) {
oauthRemoveButton.addEventListener("click", () => {
if (window.confirm("Are you SURE you would like to delete this FOREVER?") === true) {
fetch(origin + "/api/deleteauth", {
method: "POST",
body: JSON.stringify({

6
templates/dashboard.html
View File

@ -6,8 +6,10 @@
<title>Dashboard</title>
</head>
<body>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<div class="newoauth">
<h>Submit a new OAuth2 App</h>
<h2>Submit a new OAuth2 App</h2>
<p id="status"></p>
<p>AppID:</p>
<input id="appidbox">
@ -17,7 +19,7 @@
<button style="margin-top: 10px;" onclick="attempt()">Submit</button>
</div>
<div class="oauthlist" id="oauthlist">
<h>Your existing apps</h>
<h2>Your existing apps</h2>
</div>
</body>
</html>

5
templates/main.html
View File

@ -22,8 +22,8 @@
// Get URL parameters
if (urlParams.has('client_id')) {
client_id = urlParams.get('client_id');
statusBox.textContent = "Would you like to allow " + client_id + " to access your user information?";
let name = document.getElementById("passthrough").innerText;
statusBox.textContent = "Would you like to allow " + name + " to access your user information?";
redirect_uri = urlParams.get('redirect_uri');
response_type = urlParams.get('response_type');
} else {
@ -65,6 +65,7 @@
</head>
<body>
<p id="passthrough" style="display: none;">{{ .name }}</p>
<p class="credit">Image by perga (@pergagreen on discord)</p>
<img src="/static/img/background.jpg" class="background" alt="">
<div class="inoutdiv">