Ailur-Archives
/
burgerauth
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Compare commits

base: Ailur-Archives:96d145b174e4554e7b8fe4788302b7fc23860a8f
Branches Tags
Ailur-Archives:main
Ailur-Archives:v1.0
..
compare: Ailur-Archives:ee30b1d4439ebdf6f30d5aaf3e71ff18eee7d14d
Branches Tags
Ailur-Archives:main
Ailur-Archives:v1.0

No commits in common. "96d145b174e4554e7b8fe4788302b7fc23860a8f" and "ee30b1d4439ebdf6f30d5aaf3e71ff18eee7d14d" have entirely different histories.
96d145b174 ... ee30b1d443

1 changed files with 5 additions and 17 deletions
Show Stats Expand all files Collapse all files

22
main.go
View File

@ -604,18 +604,7 @@ func main() {
})
router.GET("/userinfo", func(c *gin.Context) {
var token string
if len(c.Request.Header["Authorization"]) > 0 {
if len(strings.Fields(c.Request.Header["Authorization"][0])) > 1 {
token = strings.Fields(c.Request.Header["Authorization"][0])[1]
} else {
c.JSON(400, gin.H{"error": "Invalid token"})
return
}
} else {
c.JSON(400, gin.H{"error": "Invalid token"})
return
}
token := strings.Fields(c.Request.Header["Authorization"][0])[1]
var blacklisted bool
err := conn.QueryRow("SELECT blacklisted FROM blacklist WHERE openid = ? LIMIT 1", token).Scan(&blacklisted)
@ -880,12 +869,11 @@ func main() {
"nonce": nonce,
}
secondNonce, err := genSalt(512)
dataTemplateTwo := jwt.MapClaims{
"exp": time.Now().Unix() + 2592000,
"iat": time.Now().Unix(),
"session": secretKey,
"nonce": secondNonce,
"nonce": genSalt(512),
}
tokenTemp := jwt.NewWithClaims(jwt.SigningMethodRS256, dataTemplate)
@ -893,7 +881,7 @@ func main() {
jwt_token, err := tokenTemp.SignedString(privateKey)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth jwt_token at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN")
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKOWN-API-AUTH-JWTCANNOTSIGN")
return
}
@ -902,7 +890,7 @@ func main() {
secret_token, err := secretTemp.SignedString(privateKey)
if err != nil {
log.Println("[ERROR] Unknown in /api/auth secret_token at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-JWTCANNOTSIGN.")
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKOWN-API-AUTH-JWTCANNOTSIGN.")
return
}
@ -950,7 +938,7 @@ func main() {
var appIdCheck, secretCheck, openid, loginCode, PKCECode, PKCEMethod string
err = conn.QueryRow("SELECT o.appId, o.secret, l.openid, l.code, l.pkce, l.pkcemethod FROM oauth AS o JOIN logins AS l ON o.appId = l.appId WHERE o.appId = ? AND l.secret = ? LIMIT 1;", appId, code).Scan(&appIdCheck, &secretCheck, &openid, &loginCode, &PKCECode, &PKCEMethod)
err = conn.QueryRow("SELECT o.appId, o.secret, l.openid, l.code, l.PKCECode, l.PKCEMethod FROM oauth AS o JOIN logins AS l ON o.appId = l.appId WHERE o.appId = ? AND l.secret = ? LIMIT 1;", appId, code).Scan(&appIdCheck, &secretCheck, &openid, &loginCode, &PKCECode, &PKCEMethod)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
c.JSON(401, gin.H{"error": "OAuth screening failed"})