feat: add session token
This commit is contained in:
Lakhan Samani
@@ -7,6 +7,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/gin-gonic/gin"
|
||||
@@ -36,7 +37,7 @@ func AppHandler() gin.HandlerFunc {
|
||||
stateObj.AuthorizerURL = hostname
|
||||
stateObj.RedirectURL = hostname + "/app"
|
||||
} else {
|
||||
decodedState, err := utils.DecryptB64(state)
|
||||
decodedState, err := crypto.DecryptB64(state)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})
|
||||
return
|
||||
|
||||
72
server/handlers/authorize.go
Normal file
72
server/handlers/authorize.go
Normal file
@@ -0,0 +1,72 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// AuthorizeHandler is the handler for the /authorize route
|
||||
// required params
|
||||
// ?redirect_uri = redirect url
|
||||
// state[recommended] = to prevent CSRF attack (for authorizer its compulsory)
|
||||
// code_challenge = to prevent CSRF attack
|
||||
// code_challenge_method = to prevent CSRF attack [only sh256 is supported]
|
||||
func AuthorizeHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
redirectURI := strings.TrimSpace(c.Query("redirect_uri"))
|
||||
responseType := strings.TrimSpace(c.Query("response_type"))
|
||||
state := strings.TrimSpace(c.Query("state"))
|
||||
codeChallenge := strings.TrimSpace(c.Query("code_challenge"))
|
||||
codeChallengeMethod := strings.TrimSpace(c.Query("code_challenge_method"))
|
||||
fmt.Println(codeChallengeMethod)
|
||||
template := "authorize.tmpl"
|
||||
|
||||
if redirectURI == "" {
|
||||
c.HTML(http.StatusBadRequest, template, gin.H{
|
||||
"targetOrigin": nil,
|
||||
"authorizationResponse": nil,
|
||||
"error": "redirect_uri is required",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
if state == "" {
|
||||
c.HTML(http.StatusBadRequest, template, gin.H{
|
||||
"targetOrigin": nil,
|
||||
"authorizationResponse": nil,
|
||||
"error": "state is required",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
if responseType == "" {
|
||||
responseType = "code"
|
||||
}
|
||||
|
||||
isCode := responseType == "code"
|
||||
isToken := responseType == "token"
|
||||
|
||||
if !isCode && !isToken {
|
||||
c.HTML(http.StatusBadRequest, template, gin.H{
|
||||
"targetOrigin": nil,
|
||||
"authorizationResponse": nil,
|
||||
"error": "response_type is invalid",
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
if isCode {
|
||||
if codeChallenge == "" {
|
||||
c.HTML(http.StatusBadRequest, template, gin.H{
|
||||
"targetOrigin": nil,
|
||||
"authorizationResponse": nil,
|
||||
"error": "code_challenge is required",
|
||||
})
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -30,11 +30,11 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
provider := c.Param("oauth_provider")
|
||||
state := c.Request.FormValue("state")
|
||||
|
||||
sessionState := sessionstore.GetSocailLoginState(state)
|
||||
sessionState := sessionstore.GetState(state)
|
||||
if sessionState == "" {
|
||||
c.JSON(400, gin.H{"error": "invalid oauth state"})
|
||||
}
|
||||
sessionstore.RemoveSocialLoginState(state)
|
||||
sessionstore.GetState(state)
|
||||
// contains random token, redirect url, role
|
||||
sessionSplit := strings.Split(state, "___")
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
sessionstore.SetSocailLoginState(oauthStateString, constants.SignupMethodGoogle)
|
||||
sessionstore.SetState(oauthStateString, constants.SignupMethodGoogle)
|
||||
// during the init of OAuthProvider authorizer url might be empty
|
||||
oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google"
|
||||
url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
|
||||
@@ -64,7 +64,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
sessionstore.SetSocailLoginState(oauthStateString, constants.SignupMethodGithub)
|
||||
sessionstore.SetState(oauthStateString, constants.SignupMethodGithub)
|
||||
oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github"
|
||||
url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
@@ -73,7 +73,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
sessionstore.SetSocailLoginState(oauthStateString, constants.SignupMethodFacebook)
|
||||
sessionstore.SetState(oauthStateString, constants.SignupMethodFacebook)
|
||||
oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook"
|
||||
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
|
||||
Reference in New Issue
Block a user