Made /api/auth clear out the database of any ongoing login attempts before proceeding

This commit is contained in:
Tracker-Friendly 2024-06-25 01:49:45 +01:00
parent 277c343a1b
commit d04785d2d3
1 changed files with 10 additions and 9 deletions

13
main.go
View File

@ -15,7 +15,6 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"github.com/mattn/go-sqlite3"
"log" "log"
"math/big" "math/big"
"os" "os"
@ -931,17 +930,19 @@ func main() {
return return
} }
_, err = mem.Exec("DELETE FROM logins WHERE creator = ?", userid)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth delete at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-DELETE.")
return
}
_, err = mem.Exec("INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, secret_token, userid, jwt_token, code, codeMethod) _, err = mem.Exec("INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, secret_token, userid, jwt_token, code, codeMethod)
if err != nil { if err != nil {
if errors.Is(err, sqlite3.ErrConstraintUnique) {
c.String(400, "Only one login is permitted at a time. Please try again later.")
return
} else {
log.Println("[ERROR] Unknown in /api/auth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) log.Println("[ERROR] Unknown in /api/auth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.") c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.")
return return
} }
}
if randomBytes != "" { if randomBytes != "" {
c.Redirect(302, redirect_uri+"?code="+randomBytes+"&state="+state) c.Redirect(302, redirect_uri+"?code="+randomBytes+"&state="+state)