Compare commits
No commits in common. "b7ac5d3534157c2b895758c11a0ded57c8fe0c08" and "3752648c782d1a46a117193f19e15187b136cf5e" have entirely different histories.
b7ac5d3534
...
3752648c78
36
main.go
36
main.go
|
|
@ -35,7 +35,6 @@ import (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
conn *sql.DB
|
conn *sql.DB
|
||||||
mem *sql.DB
|
|
||||||
privateKey *rsa.PrivateKey
|
privateKey *rsa.PrivateKey
|
||||||
publicKey *rsa.PublicKey
|
publicKey *rsa.PublicKey
|
||||||
modulus *big.Int
|
modulus *big.Int
|
||||||
|
|
@ -259,22 +258,6 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mem, err = sql.Open("sqlite3", ":memory:")
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalln("[FATAL] Cannot open memory database at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
|
||||||
}
|
|
||||||
defer func(mem *sql.DB) {
|
|
||||||
err := mem.Close()
|
|
||||||
if err != nil {
|
|
||||||
log.Println("[ERROR] Unknown in main() memory defer at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
|
||||||
}
|
|
||||||
}(mem)
|
|
||||||
|
|
||||||
_, err = mem.Exec("CREATE TABLE logins (appId TEXT NOT NULL, exchangeCode TEXT NOT NULL, loginToken TEXT NOT NULL, creator INT NOT NULL, openid TEXT NOT NULL, pkce TEXT NOT NULL DEFAULT 'none', pkcemethod TEXT NOT NULL DEFAULT 'none')")
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalln("[FATAL] Cannot create logins table at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
privateKeyFile, err := os.ReadFile(PRIVATE_KEY_PATH)
|
privateKeyFile, err := os.ReadFile(PRIVATE_KEY_PATH)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("[ERROR] Cannot read private key:", err)
|
log.Fatal("[ERROR] Cannot read private key:", err)
|
||||||
|
|
@ -930,7 +913,7 @@ func main() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = mem.Exec("INSERT INTO logins (appId, exchangeCode, loginToken, creator, openid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, secret_token, userid, jwt_token, code, codeMethod)
|
_, err = conn.Exec("INSERT INTO logins (appId, secret, nextsecret, code, nextcode, creator, openid, nextopenid, pkce, pkcemethod) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", appId, randomBytes, "none", secret_token, "none", userid, jwt_token, "none", code, codeMethod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[ERROR] Unknown in /api/auth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
log.Println("[ERROR] Unknown in /api/auth insert at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
||||||
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.")
|
c.String(500, "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-AUTH-INSERT.")
|
||||||
|
|
@ -967,7 +950,7 @@ func main() {
|
||||||
|
|
||||||
var appIdCheck, secretCheck, openid, loginCode, PKCECode, PKCEMethod string
|
var appIdCheck, secretCheck, openid, loginCode, PKCECode, PKCEMethod string
|
||||||
|
|
||||||
err = conn.QueryRow("SELECT appId, secret FROM oauth WHERE appId = ?;", appId).Scan(&appIdCheck, &secretCheck)
|
err = conn.QueryRow("SELECT o.appId, o.secret, l.openid, l.code, l.pkce, l.pkcemethod FROM oauth AS o JOIN logins AS l ON o.appId = l.appId WHERE o.appId = ? AND l.secret = ? LIMIT 1;", appId, code).Scan(&appIdCheck, &secretCheck, &openid, &loginCode, &PKCECode, &PKCEMethod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, sql.ErrNoRows) {
|
if errors.Is(err, sql.ErrNoRows) {
|
||||||
c.JSON(401, gin.H{"error": "OAuth screening failed"})
|
c.JSON(401, gin.H{"error": "OAuth screening failed"})
|
||||||
|
|
@ -977,17 +960,6 @@ func main() {
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
err = mem.QueryRow("SELECT loginToken, openid, pkce, pkcemethod FROM logins WHERE exchangeCode = ?", code).Scan(&loginCode, &openid, &PKCECode, &PKCEMethod)
|
|
||||||
if err != nil {
|
|
||||||
if errors.Is(err, sql.ErrNoRows) {
|
|
||||||
c.JSON(401, gin.H{"error": "OAuth screening failed"})
|
|
||||||
} else {
|
|
||||||
log.Println("[ERROR] Unknown in /api/tokenauth memory query at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
|
||||||
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-MEMSELECT"})
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if appIdCheck != appId {
|
if appIdCheck != appId {
|
||||||
c.JSON(401, gin.H{"error": "OAuth screening failed"})
|
c.JSON(401, gin.H{"error": "OAuth screening failed"})
|
||||||
return
|
return
|
||||||
|
|
@ -1020,7 +992,7 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = mem.Exec("DELETE FROM logins WHERE code = ?", loginCode)
|
_, err = conn.Exec("DELETE FROM logins WHERE code = ?", loginCode)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("[ERROR] Unknown in /api/tokenauth delete at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
log.Println("[ERROR] Unknown in /api/tokenauth delete at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
||||||
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE"})
|
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgerauth and refer to the docs for more info. Your error code is: UNKNOWN-API-TOKENAUTH-DELETE"})
|
||||||
|
|
@ -1216,7 +1188,7 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = mem.Exec("DELETE FROM logins WHERE creator = ?", id)
|
_, err = conn.Exec("DELETE FROM logins WHERE creator = ?", id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !errors.Is(err, sql.ErrNoRows) {
|
if !errors.Is(err, sql.ErrNoRows) {
|
||||||
log.Println("[ERROR] Unknown in /api/deleteaccount logins at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
log.Println("[ERROR] Unknown in /api/deleteaccount logins at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
|
||||||
|
|
|
||||||
14
schema.sql
14
schema.sql
|
|
@ -1,6 +1,7 @@
|
||||||
DROP TABLE IF EXISTS users;
|
DROP TABLE IF EXISTS users;
|
||||||
DROP TABLE IF EXISTS userdata;
|
DROP TABLE IF EXISTS userdata;
|
||||||
DROP TABLE IF EXISTS sessions;
|
DROP TABLE IF EXISTS sessions;
|
||||||
|
DROP TABLE IF EXISTS logins;
|
||||||
DROP TABLE IF EXISTS blacklist;
|
DROP TABLE IF EXISTS blacklist;
|
||||||
DROP TABLE IF EXISTS oauth;
|
DROP TABLE IF EXISTS oauth;
|
||||||
|
|
||||||
|
|
@ -25,6 +26,19 @@ CREATE TABLE sessions (
|
||||||
device TEXT NOT NULL DEFAULT '?'
|
device TEXT NOT NULL DEFAULT '?'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
CREATE TABLE logins (
|
||||||
|
appId TEXT NOT NULL,
|
||||||
|
secret TEXT NOT NULL,
|
||||||
|
nextsecret TEXT NOT NULL,
|
||||||
|
code TEXT NOT NULL,
|
||||||
|
nextcode TEXT NOT NULL,
|
||||||
|
creator INTEGER NOT NULL,
|
||||||
|
openid TEXT NOT NULL,
|
||||||
|
nextopenid TEXT NOT NULL,
|
||||||
|
pkce TEXT NOT NULL,
|
||||||
|
pkcemethod TEXT NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
CREATE TABLE blacklist (
|
CREATE TABLE blacklist (
|
||||||
openid TEXT NOT NULL,
|
openid TEXT NOT NULL,
|
||||||
blacklisted BOOLEAN NOT NULL DEFAULT true,
|
blacklisted BOOLEAN NOT NULL DEFAULT true,
|
||||||
|
|
|
||||||
Reference in New Issue