Accidentally put redirect uri check before scanning it in

This commit is contained in:
Tracker-Friendly 2024-05-16 19:12:25 +01:00
parent 52dcc8c282
commit fb0a298ae3
1 changed files with 11 additions and 10 deletions

21
main.go
View File

@ -807,16 +807,6 @@ func main() {
var appidcheck, rdiruricheck string
if !(rdiruricheck == redirect_uri) {
c.String(401, "Redirect URI does not match")
return
}
if deny == "true" {
c.Redirect(302, redirect_uri+"?error=access_denied&state="+state)
return
}
err := conn.QueryRow("SELECT appId, rdiruri FROM oauth WHERE appId = ? LIMIT 1", appId).Scan(&appidcheck, &rdiruricheck)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
@ -828,6 +818,17 @@ func main() {
return
}
if !(rdiruricheck == redirect_uri) {
c.String(401, "Redirect URI does not match")
return
}
if deny == "true" {
c.Redirect(302, redirect_uri+"?error=access_denied&state="+state)
return
}
if !(appidcheck == appId) {
fmt.Println(appidcheck, appId)
c.String(401, "OAuth screening failed")