zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 09:22:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

added better state management to make OAuth sign-ins HA

Browse Source
This commit is contained in:
0xdcarns
2022-08-04 10:03:39 -04:00
parent 40c4a7842c
commit de91533372
8 changed files with 108 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
auth/github.go
View File

@@ -41,7 +41,7 @@ func initGithub(redirectURL string, clientID string, clientSecret string) {
}
func handleGithubLogin(w http.ResponseWriter, r *http.Request) {
oauth_state_string = logic.RandomString(16)
var oauth_state_string = logic.RandomString(16)
if auth_provider == nil && servercfg.GetFrontendURL() != "" {
http.Redirect(w, r, servercfg.GetFrontendURL()+"/login?oauth=callback-error", http.StatusTemporaryRedirect)
return
@@ -49,6 +49,12 @@ func handleGithubLogin(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%s", []byte("no frontend URL was provided and an OAuth login was attempted\nplease reconfigure server to use OAuth or use basic credentials"))
return
}
if err := logic.SetState(oauth_state_string); err != nil {
http.Redirect(w, r, servercfg.GetFrontendURL()+"/login?oauth=callback-error", http.StatusTemporaryRedirect)
return
}
var url = auth_provider.AuthCodeURL(oauth_state_string)
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}
@@ -88,7 +94,8 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
}
func getGithubUserInfo(state string, code string) (*githubOauthUser, error) {
if state != oauth_state_string {
oauth_state_string, isValid := logic.IsStateValid(state)
if !isValid || state != oauth_state_string {
return nil, fmt.Errorf("invalid OAuth state")
}
var token, err = auth_provider.Exchange(context.Background(), code)