diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 2be49cf..a5a4431 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,7 +4,14 @@
-
+
+
+
+
+
+
+
+
diff --git a/pkg/server/auth_api.go b/pkg/server/auth_api.go
index 0a38d88..8250cb9 100644
--- a/pkg/server/auth_api.go
+++ b/pkg/server/auth_api.go
@@ -117,8 +117,8 @@ func getToken(c *fiber.Ctx) error {
ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid password: %v", err.Error()))
- } else if ticket.GrantToken == nil {
- return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable to get grant token to get token"))
+ } else if err := ticket.IsAvailable(); err != nil {
+ return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("risk detected: %v", err))
}
access, refresh, err = services.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, *ticket.GrantToken)
if err != nil {
diff --git a/pkg/server/oauth_api.go b/pkg/server/oauth_api.go
deleted file mode 100644
index ba16629..0000000
--- a/pkg/server/oauth_api.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package server
-
-import (
- "strings"
- "time"
-
- "git.solsynth.dev/hydrogen/passport/pkg/database"
- "git.solsynth.dev/hydrogen/passport/pkg/models"
- "git.solsynth.dev/hydrogen/passport/pkg/services"
- "github.com/gofiber/fiber/v2"
- "github.com/samber/lo"
-)
-
-func preConnect(c *fiber.Ctx) error {
- id := c.Query("client_id")
- redirect := c.Query("redirect_uri")
-
- if len(id) <= 0 || len(redirect) <= 0 {
- return fiber.NewError(fiber.StatusBadRequest, "invalid request, missing query parameters")
- }
-
- var client models.ThirdClient
- if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
- return fiber.NewError(fiber.StatusNotFound, err.Error())
- } else if !client.IsDraft && !lo.Contains(client.Callbacks, strings.Split(redirect, "?")[0]) {
- return fiber.NewError(fiber.StatusBadRequest, "invalid callback url")
- }
-
- user := c.Locals("principal").(models.Account)
-
- var ticket models.AuthTicket
- if err := database.C.Where(&models.AuthTicket{
- AccountID: user.ID,
- ClientID: &client.ID,
- }).Where("last_grant_at IS NULL").First(&ticket).Error; err == nil {
- if ticket.ExpiredAt != nil && ticket.ExpiredAt.Unix() < time.Now().Unix() {
- return c.JSON(fiber.Map{
- "client": client,
- "ticket": nil,
- })
- } else {
- ticket, err = services.RegenSession(ticket)
- }
-
- return c.JSON(fiber.Map{
- "client": client,
- "ticket": ticket,
- })
- }
-
- return c.JSON(fiber.Map{
- "client": client,
- "ticket": nil,
- })
-}
-
-func doConnect(c *fiber.Ctx) error {
- user := c.Locals("principal").(models.Account)
- id := c.Query("client_id")
- response := c.Query("response_type")
- redirect := c.Query("redirect_uri")
- scope := c.Query("scope")
- if len(scope) <= 0 {
- return fiber.NewError(fiber.StatusBadRequest, "invalid request params")
- }
-
- var client models.ThirdClient
- if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
- return fiber.NewError(fiber.StatusNotFound, err.Error())
- }
-
- switch response {
- case "code":
- // OAuth Authorization Mode
- ticket, err := services.NewOauthTicket(
- user,
- client,
- strings.Split(scope, " "),
- []string{"passport", client.Alias},
- c.IP(),
- c.Get(fiber.HeaderUserAgent),
- )
-
- if err != nil {
- return fiber.NewError(fiber.StatusInternalServerError, err.Error())
- } else {
- services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
- return c.JSON(fiber.Map{
- "ticket": ticket,
- "redirect_uri": redirect,
- })
- }
- case "token":
- // OAuth Implicit Mode
- ticket, err := services.NewOauthTicket(
- user,
- client,
- strings.Split(scope, " "),
- []string{"passport", client.Alias},
- c.IP(),
- c.Get(fiber.HeaderUserAgent),
- )
-
- if err != nil {
- return fiber.NewError(fiber.StatusInternalServerError, err.Error())
- } else if access, refresh, err := services.GetToken(ticket); err != nil {
- return fiber.NewError(fiber.StatusInternalServerError, err.Error())
- } else {
- services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
- return c.JSON(fiber.Map{
- "access_token": access,
- "refresh_token": refresh,
- "redirect_uri": redirect,
- "ticket": ticket,
- })
- }
- default:
- return fiber.NewError(fiber.StatusBadRequest, "unsupported response type")
- }
-}
diff --git a/pkg/server/startup.go b/pkg/server/startup.go
index 6d2f408..00f8ca6 100644
--- a/pkg/server/startup.go
+++ b/pkg/server/startup.go
@@ -115,9 +115,6 @@ func NewServer() {
api.Post("/auth/token", getToken)
api.Post("/auth/factors/:factorId", requestFactorToken)
- api.Get("/auth/o/connect", authMiddleware, preConnect)
- api.Post("/auth/o/connect", authMiddleware, doConnect)
-
developers := api.Group("/dev").Name("Developers API")
{
developers.Post("/notify", notifyUser)
diff --git a/pkg/views/users/directory/userinfo.gohtml b/pkg/views/users/directory/userinfo.gohtml
index 8da4048..d7bf038 100644
--- a/pkg/views/users/directory/userinfo.gohtml
+++ b/pkg/views/users/directory/userinfo.gohtml
@@ -53,6 +53,7 @@
display: block;
width: 64px;
height: 64px;
+ object-fit: cover;
clip-path: circle();
}
diff --git a/pkg/views/users/me.gohtml b/pkg/views/users/me.gohtml
index 2793fb7..f9285fc 100644
--- a/pkg/views/users/me.gohtml
+++ b/pkg/views/users/me.gohtml
@@ -57,6 +57,7 @@
display: block;
width: 64px;
height: 64px;
+ object-fit: cover;
clip-path: circle();
}