✨ Bug fixes
This commit is contained in:
parent
58a4a367cf
commit
e0d496cc47
9
.idea/workspace.xml
generated
9
.idea/workspace.xml
generated
@ -4,7 +4,14 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Bug fixes of design" />
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Bug fixes of design">
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/server/auth_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/auth_api.go" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/server/oauth_api.go" beforeDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/server/startup.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/startup.go" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/views/users/directory/userinfo.gohtml" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/views/users/directory/userinfo.gohtml" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/views/users/me.gohtml" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/views/users/me.gohtml" afterDir="false" />
|
||||||
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||||
|
@ -117,8 +117,8 @@ func getToken(c *fiber.Ctx) error {
|
|||||||
ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
|
ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid password: %v", err.Error()))
|
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid password: %v", err.Error()))
|
||||||
} else if ticket.GrantToken == nil {
|
} else if err := ticket.IsAvailable(); err != nil {
|
||||||
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable to get grant token to get token"))
|
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("risk detected: %v", err))
|
||||||
}
|
}
|
||||||
access, refresh, err = services.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, *ticket.GrantToken)
|
access, refresh, err = services.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, *ticket.GrantToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1,120 +0,0 @@
|
|||||||
package server
|
|
||||||
|
|
||||||
import (
|
|
||||||
"strings"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/database"
|
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/services"
|
|
||||||
"github.com/gofiber/fiber/v2"
|
|
||||||
"github.com/samber/lo"
|
|
||||||
)
|
|
||||||
|
|
||||||
func preConnect(c *fiber.Ctx) error {
|
|
||||||
id := c.Query("client_id")
|
|
||||||
redirect := c.Query("redirect_uri")
|
|
||||||
|
|
||||||
if len(id) <= 0 || len(redirect) <= 0 {
|
|
||||||
return fiber.NewError(fiber.StatusBadRequest, "invalid request, missing query parameters")
|
|
||||||
}
|
|
||||||
|
|
||||||
var client models.ThirdClient
|
|
||||||
if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
|
|
||||||
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
|
||||||
} else if !client.IsDraft && !lo.Contains(client.Callbacks, strings.Split(redirect, "?")[0]) {
|
|
||||||
return fiber.NewError(fiber.StatusBadRequest, "invalid callback url")
|
|
||||||
}
|
|
||||||
|
|
||||||
user := c.Locals("principal").(models.Account)
|
|
||||||
|
|
||||||
var ticket models.AuthTicket
|
|
||||||
if err := database.C.Where(&models.AuthTicket{
|
|
||||||
AccountID: user.ID,
|
|
||||||
ClientID: &client.ID,
|
|
||||||
}).Where("last_grant_at IS NULL").First(&ticket).Error; err == nil {
|
|
||||||
if ticket.ExpiredAt != nil && ticket.ExpiredAt.Unix() < time.Now().Unix() {
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"client": client,
|
|
||||||
"ticket": nil,
|
|
||||||
})
|
|
||||||
} else {
|
|
||||||
ticket, err = services.RegenSession(ticket)
|
|
||||||
}
|
|
||||||
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"client": client,
|
|
||||||
"ticket": ticket,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"client": client,
|
|
||||||
"ticket": nil,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func doConnect(c *fiber.Ctx) error {
|
|
||||||
user := c.Locals("principal").(models.Account)
|
|
||||||
id := c.Query("client_id")
|
|
||||||
response := c.Query("response_type")
|
|
||||||
redirect := c.Query("redirect_uri")
|
|
||||||
scope := c.Query("scope")
|
|
||||||
if len(scope) <= 0 {
|
|
||||||
return fiber.NewError(fiber.StatusBadRequest, "invalid request params")
|
|
||||||
}
|
|
||||||
|
|
||||||
var client models.ThirdClient
|
|
||||||
if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
|
|
||||||
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
switch response {
|
|
||||||
case "code":
|
|
||||||
// OAuth Authorization Mode
|
|
||||||
ticket, err := services.NewOauthTicket(
|
|
||||||
user,
|
|
||||||
client,
|
|
||||||
strings.Split(scope, " "),
|
|
||||||
[]string{"passport", client.Alias},
|
|
||||||
c.IP(),
|
|
||||||
c.Get(fiber.HeaderUserAgent),
|
|
||||||
)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
|
||||||
} else {
|
|
||||||
services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"ticket": ticket,
|
|
||||||
"redirect_uri": redirect,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
case "token":
|
|
||||||
// OAuth Implicit Mode
|
|
||||||
ticket, err := services.NewOauthTicket(
|
|
||||||
user,
|
|
||||||
client,
|
|
||||||
strings.Split(scope, " "),
|
|
||||||
[]string{"passport", client.Alias},
|
|
||||||
c.IP(),
|
|
||||||
c.Get(fiber.HeaderUserAgent),
|
|
||||||
)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
|
||||||
} else if access, refresh, err := services.GetToken(ticket); err != nil {
|
|
||||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
|
||||||
} else {
|
|
||||||
services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
|
|
||||||
return c.JSON(fiber.Map{
|
|
||||||
"access_token": access,
|
|
||||||
"refresh_token": refresh,
|
|
||||||
"redirect_uri": redirect,
|
|
||||||
"ticket": ticket,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
return fiber.NewError(fiber.StatusBadRequest, "unsupported response type")
|
|
||||||
}
|
|
||||||
}
|
|
@ -115,9 +115,6 @@ func NewServer() {
|
|||||||
api.Post("/auth/token", getToken)
|
api.Post("/auth/token", getToken)
|
||||||
api.Post("/auth/factors/:factorId", requestFactorToken)
|
api.Post("/auth/factors/:factorId", requestFactorToken)
|
||||||
|
|
||||||
api.Get("/auth/o/connect", authMiddleware, preConnect)
|
|
||||||
api.Post("/auth/o/connect", authMiddleware, doConnect)
|
|
||||||
|
|
||||||
developers := api.Group("/dev").Name("Developers API")
|
developers := api.Group("/dev").Name("Developers API")
|
||||||
{
|
{
|
||||||
developers.Post("/notify", notifyUser)
|
developers.Post("/notify", notifyUser)
|
||||||
|
@ -53,6 +53,7 @@
|
|||||||
display: block;
|
display: block;
|
||||||
width: 64px;
|
width: 64px;
|
||||||
height: 64px;
|
height: 64px;
|
||||||
|
object-fit: cover;
|
||||||
|
|
||||||
clip-path: circle();
|
clip-path: circle();
|
||||||
}
|
}
|
||||||
|
@ -57,6 +57,7 @@
|
|||||||
display: block;
|
display: block;
|
||||||
width: 64px;
|
width: 64px;
|
||||||
height: 64px;
|
height: 64px;
|
||||||
|
object-fit: cover;
|
||||||
|
|
||||||
clip-path: circle();
|
clip-path: circle();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user