From 82b70e73d9d29f974b05b63b60596b1f6832259d Mon Sep 17 00:00:00 2001 From: Gabe Kangas Date: Thu, 15 Jun 2023 10:58:38 -0700 Subject: [PATCH] feat: move auth under services --- core/core.go | 2 +- {auth => services/auth}/auth.go | 0 .../auth}/fediverse/fediverse.go | 71 ++++++++++++------- .../auth}/fediverse/fediverse_test.go | 24 ++++--- {auth => services/auth}/indieauth/client.go | 31 +++----- {auth => services/auth}/indieauth/helpers.go | 0 services/auth/indieauth/indieauth.go | 55 ++++++++++++++ .../auth}/indieauth/indieauth_test.go | 8 ++- {auth => services/auth}/indieauth/random.go | 0 {auth => services/auth}/indieauth/request.go | 0 {auth => services/auth}/indieauth/response.go | 0 {auth => services/auth}/indieauth/server.go | 12 ++-- {auth => services/auth}/persistence.go | 0 .../handlers/auth/fediverse/fediverse.go | 14 ++-- webserver/handlers/auth/indieauth/client.go | 13 ++-- webserver/handlers/auth/indieauth/server.go | 8 ++- 16 files changed, 155 insertions(+), 83 deletions(-) rename {auth => services/auth}/auth.go (100%) rename {auth => services/auth}/fediverse/fediverse.go (57%) rename {auth => services/auth}/fediverse/fediverse_test.go (64%) rename {auth => services/auth}/indieauth/client.go (87%) rename {auth => services/auth}/indieauth/helpers.go (100%) create mode 100644 services/auth/indieauth/indieauth.go rename {auth => services/auth}/indieauth/indieauth_test.go (71%) rename {auth => services/auth}/indieauth/random.go (100%) rename {auth => services/auth}/indieauth/request.go (100%) rename {auth => services/auth}/indieauth/response.go (100%) rename {auth => services/auth}/indieauth/server.go (84%) rename {auth => services/auth}/persistence.go (100%) diff --git a/core/core.go b/core/core.go index 6c2a7a95e..f1dea2a4c 100644 --- a/core/core.go +++ b/core/core.go @@ -7,11 +7,11 @@ import ( log "github.com/sirupsen/logrus" - "github.com/owncast/owncast/auth" "github.com/owncast/owncast/config" "github.com/owncast/owncast/core/chat" "github.com/owncast/owncast/core/data" "github.com/owncast/owncast/models" + "github.com/owncast/owncast/services/auth" "github.com/owncast/owncast/services/notifications" "github.com/owncast/owncast/services/webhooks" "github.com/owncast/owncast/services/yp" diff --git a/auth/auth.go b/services/auth/auth.go similarity index 100% rename from auth/auth.go rename to services/auth/auth.go diff --git a/auth/fediverse/fediverse.go b/services/auth/fediverse/fediverse.go similarity index 57% rename from auth/fediverse/fediverse.go rename to services/auth/fediverse/fediverse.go index b09f429ec..cb27596bf 100644 --- a/auth/fediverse/fediverse.go +++ b/services/auth/fediverse/fediverse.go @@ -11,6 +11,34 @@ import ( log "github.com/sirupsen/logrus" ) +type FediAuth struct { + // Key by access token to limit one OTP request for a person + // to be active at a time. + pendingAuthRequests map[string]OTPRegistration + lock sync.Mutex +} + +var temporaryFediAuthGlobalInstance *FediAuth + +// GetFediAuth returns the temporary global instance. +// Remove this after dependency injection is implemented. +func GetFediAuth() *FediAuth { + if temporaryFediAuthGlobalInstance == nil { + temporaryFediAuthGlobalInstance = NewFediAuth() + } + + return temporaryFediAuthGlobalInstance +} + +// NewFediAuth creates a new FediAuth instance. +func NewFediAuth() *FediAuth { + f := &FediAuth{ + pendingAuthRequests: make(map[string]OTPRegistration), + } + go f.setupExpiredRequestPruner() + return f +} + // OTPRegistration represents a single OTP request. type OTPRegistration struct { Timestamp time.Time @@ -20,43 +48,32 @@ type OTPRegistration struct { Account string } -// Key by access token to limit one OTP request for a person -// to be active at a time. -var ( - pendingAuthRequests = make(map[string]OTPRegistration) - lock = sync.Mutex{} -) - const ( registrationTimeout = time.Minute * 10 maxPendingRequests = 1000 ) -func init() { - go setupExpiredRequestPruner() -} - // Clear out any pending requests that have been pending for greater than // the specified timeout value. -func setupExpiredRequestPruner() { +func (f *FediAuth) setupExpiredRequestPruner() { pruneExpiredRequestsTimer := time.NewTicker(registrationTimeout) for range pruneExpiredRequestsTimer.C { - lock.Lock() + f.lock.Lock() log.Debugln("Pruning expired OTP requests.") - for k, v := range pendingAuthRequests { + for k, v := range f.pendingAuthRequests { if time.Since(v.Timestamp) > registrationTimeout { - delete(pendingAuthRequests, k) + delete(f.pendingAuthRequests, k) } } - lock.Unlock() + f.lock.Unlock() } } // RegisterFediverseOTP will start the OTP flow for a user, creating a new // code and returning it to be sent to a destination. -func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) (OTPRegistration, bool, error) { - request, requestExists := pendingAuthRequests[accessToken] +func (f *FediAuth) RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) (OTPRegistration, bool, error) { + request, requestExists := f.pendingAuthRequests[accessToken] // If a request is already registered and has not expired then return that // existing request. @@ -64,10 +81,10 @@ func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) return request, false, nil } - lock.Lock() - defer lock.Unlock() + f.lock.Lock() + defer f.lock.Unlock() - if len(pendingAuthRequests)+1 > maxPendingRequests { + if len(f.pendingAuthRequests)+1 > maxPendingRequests { return request, false, errors.New("Please try again later. Too many pending requests.") } @@ -79,23 +96,23 @@ func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) Account: strings.ToLower(account), Timestamp: time.Now(), } - pendingAuthRequests[accessToken] = r + f.pendingAuthRequests[accessToken] = r return r, true, nil } // ValidateFediverseOTP will verify a OTP code for a auth request. -func ValidateFediverseOTP(accessToken, code string) (bool, *OTPRegistration) { - request, ok := pendingAuthRequests[accessToken] +func (f *FediAuth) ValidateFediverseOTP(accessToken, code string) (bool, *OTPRegistration) { + request, ok := f.pendingAuthRequests[accessToken] if !ok || request.Code != code || time.Since(request.Timestamp) > registrationTimeout { return false, nil } - lock.Lock() - defer lock.Unlock() + f.lock.Lock() + defer f.lock.Unlock() - delete(pendingAuthRequests, accessToken) + delete(f.pendingAuthRequests, accessToken) return true, &request } diff --git a/auth/fediverse/fediverse_test.go b/services/auth/fediverse/fediverse_test.go similarity index 64% rename from auth/fediverse/fediverse_test.go rename to services/auth/fediverse/fediverse_test.go index c9b3b3550..18139e849 100644 --- a/auth/fediverse/fediverse_test.go +++ b/services/auth/fediverse/fediverse_test.go @@ -14,8 +14,10 @@ const ( userDisplayName = "fake-user-display-name" ) +var fediAuthInstance = NewFediAuth() + func TestOTPFlowValidation(t *testing.T) { - r, success, err := RegisterFediverseOTP(accessToken, userID, userDisplayName, account) + r, success, err := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account) if err != nil { t.Error(err) } @@ -36,7 +38,7 @@ func TestOTPFlowValidation(t *testing.T) { t.Error("Timestamp is empty") } - valid, registration := ValidateFediverseOTP(accessToken, r.Code) + valid, registration := fediAuthInstance.ValidateFediverseOTP(accessToken, r.Code) if !valid { t.Error("Code is not valid") } @@ -55,8 +57,8 @@ func TestOTPFlowValidation(t *testing.T) { } func TestSingleOTPFlowRequest(t *testing.T) { - r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account) - r2, s2, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account) + r1, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account) + r2, s2, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account) if r1.Code != r2.Code { t.Error("Only one registration should be permitted.") @@ -70,12 +72,12 @@ func TestSingleOTPFlowRequest(t *testing.T) { func TestAccountCaseInsensitive(t *testing.T) { account := "Account" accessToken := "another-fake-access-token" - r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account) - _, reg1 := ValidateFediverseOTP(accessToken, r1.Code) + r1, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account) + _, reg1 := fediAuthInstance.ValidateFediverseOTP(accessToken, r1.Code) // Simulate second auth with account in different case - r2, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account)) - _, reg2 := ValidateFediverseOTP(accessToken, r2.Code) + r2, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account)) + _, reg2 := fediAuthInstance.ValidateFediverseOTP(accessToken, r2.Code) if reg1.Account != reg2.Account { t.Errorf("Account names should be case-insensitive: %s %s", reg1.Account, reg2.Account) @@ -88,9 +90,9 @@ func TestLimitGlobalPendingRequests(t *testing.T) { uid, _ := utils.GenerateRandomString(10) account, _ := utils.GenerateRandomString(10) - _, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account) + _, success, error := fediAuthInstance.RegisterFediverseOTP(at, uid, "userDisplayName", account) if !success { - t.Error("Registration should be permitted.", i, " of ", len(pendingAuthRequests)) + t.Error("Registration should be permitted.", i, " of ", len(fediAuthInstance.pendingAuthRequests)) } if error != nil { t.Error(error) @@ -101,7 +103,7 @@ func TestLimitGlobalPendingRequests(t *testing.T) { at, _ := utils.GenerateRandomString(10) uid, _ := utils.GenerateRandomString(10) account, _ := utils.GenerateRandomString(10) - _, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account) + _, success, error := fediAuthInstance.RegisterFediverseOTP(at, uid, "userDisplayName", account) if success { t.Error("Registration should not be permitted.") } diff --git a/auth/indieauth/client.go b/services/auth/indieauth/client.go similarity index 87% rename from auth/indieauth/client.go rename to services/auth/indieauth/client.go index 9d7a4e736..aa722b114 100644 --- a/auth/indieauth/client.go +++ b/services/auth/indieauth/client.go @@ -8,7 +8,6 @@ import ( "net/url" "strconv" "strings" - "sync" "time" "github.com/owncast/owncast/core/data" @@ -17,38 +16,28 @@ import ( log "github.com/sirupsen/logrus" ) -var ( - pendingAuthRequests = make(map[string]*Request) - lock = sync.Mutex{} -) - const registrationTimeout = time.Minute * 10 -func init() { - go setupExpiredRequestPruner() -} - // Clear out any pending requests that have been pending for greater than // the specified timeout value. -func setupExpiredRequestPruner() { +func (c *IndieAuthClient) setupExpiredRequestPruner() { pruneExpiredRequestsTimer := time.NewTicker(registrationTimeout) for range pruneExpiredRequestsTimer.C { - lock.Lock() + c.lock.Lock() log.Debugln("Pruning expired IndieAuth requests.") - for k, v := range pendingAuthRequests { + for k, v := range c.pendingAuthRequests { if time.Since(v.Timestamp) > registrationTimeout { - delete(pendingAuthRequests, k) + delete(c.pendingAuthRequests, k) } } - lock.Unlock() + c.lock.Unlock() } } // StartAuthFlow will begin the IndieAuth flow by generating an auth request. -func StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL, error) { - // Limit the number of pending requests - if len(pendingAuthRequests) >= maxPendingRequests { +func (c *IndieAuthClient) StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL, error) { + if len(c.pendingAuthRequests) >= maxPendingRequests { return nil, errors.New("Please try again later. Too many pending requests.") } @@ -78,15 +67,15 @@ func StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL, return nil, errors.Wrap(err, "unable to generate IndieAuth request") } - pendingAuthRequests[r.State] = r + c.pendingAuthRequests[r.State] = r return r.Redirect, nil } // HandleCallbackCode will handle the callback from the IndieAuth server // to continue the next step of the auth flow. -func HandleCallbackCode(code, state string) (*Request, *Response, error) { - request, exists := pendingAuthRequests[state] +func (c *IndieAuthClient) HandleCallbackCode(code, state string) (*Request, *Response, error) { + request, exists := c.pendingAuthRequests[state] if !exists { return nil, nil, errors.New("no auth requests pending") } diff --git a/auth/indieauth/helpers.go b/services/auth/indieauth/helpers.go similarity index 100% rename from auth/indieauth/helpers.go rename to services/auth/indieauth/helpers.go diff --git a/services/auth/indieauth/indieauth.go b/services/auth/indieauth/indieauth.go new file mode 100644 index 000000000..def72ea5d --- /dev/null +++ b/services/auth/indieauth/indieauth.go @@ -0,0 +1,55 @@ +package indieauth + +import "sync" + +type IndieAuthClient struct { + pendingAuthRequests map[string]*Request + lock sync.Mutex +} + +type IndieAuthServer struct { + pendingServerAuthRequests map[string]ServerAuthRequest +} + +var temporaryGlobalClientInstance *IndieAuthClient + +// GetIndieAuthClient returns the temporary global instance of IndieAuthClient. +// Remove this after dependency injection is implemented. +func GetIndieAuthClient() *IndieAuthClient { + if temporaryGlobalClientInstance == nil { + temporaryGlobalClientInstance = NewIndieAuthClient() + } + + return temporaryGlobalClientInstance +} + +// NewIndieAuthClient creates a new IndieAuth client instance. +func NewIndieAuthClient() *IndieAuthClient { + i := &IndieAuthClient{ + pendingAuthRequests: make(map[string]*Request), + } + go i.setupExpiredRequestPruner() + + return i +} + +var temporaryGlobalServerInstance *IndieAuthServer + +// GetIndieAuthServer returns the temporary global instance of IndieAuthServer. +// Remove this after dependency injection is implemented. +func GetIndieAuthServer() *IndieAuthServer { + if temporaryGlobalServerInstance == nil { + temporaryGlobalServerInstance = NewIndieAuthServer() + } + + return temporaryGlobalServerInstance +} + +// NewIndieAuthServer creates a new IndieAuth client instance. +func NewIndieAuthServer() *IndieAuthServer { + i := &IndieAuthServer{ + pendingServerAuthRequests: make(map[string]ServerAuthRequest), + } + + return i +} diff --git a/auth/indieauth/indieauth_test.go b/services/auth/indieauth/indieauth_test.go similarity index 71% rename from auth/indieauth/indieauth_test.go rename to services/auth/indieauth/indieauth_test.go index 20c5b5970..661f05f1c 100644 --- a/auth/indieauth/indieauth_test.go +++ b/services/auth/indieauth/indieauth_test.go @@ -6,6 +6,8 @@ import ( "github.com/owncast/owncast/utils" ) +var indieAuthServer = GetIndieAuthServer() + func TestLimitGlobalPendingRequests(t *testing.T) { // Simulate 10 pending requests for i := 0; i < maxPendingRequests-1; i++ { @@ -15,9 +17,9 @@ func TestLimitGlobalPendingRequests(t *testing.T) { state, _ := utils.GenerateRandomString(10) me, _ := utils.GenerateRandomString(10) - _, err := StartServerAuth(cid, redirectURL, cc, state, me) + _, err := indieAuthServer.StartServerAuth(cid, redirectURL, cc, state, me) if err != nil { - t.Error("Registration should be permitted.", i, " of ", len(pendingAuthRequests), err) + t.Error("Registration should be permitted.", i, " of ", len(indieAuthServer.pendingServerAuthRequests), err) } } @@ -28,7 +30,7 @@ func TestLimitGlobalPendingRequests(t *testing.T) { state, _ := utils.GenerateRandomString(10) me, _ := utils.GenerateRandomString(10) - _, err := StartServerAuth(cid, redirectURL, cc, state, me) + _, err := indieAuthServer.StartServerAuth(cid, redirectURL, cc, state, me) if err == nil { t.Error("Registration should not be permitted.") } diff --git a/auth/indieauth/random.go b/services/auth/indieauth/random.go similarity index 100% rename from auth/indieauth/random.go rename to services/auth/indieauth/random.go diff --git a/auth/indieauth/request.go b/services/auth/indieauth/request.go similarity index 100% rename from auth/indieauth/request.go rename to services/auth/indieauth/request.go diff --git a/auth/indieauth/response.go b/services/auth/indieauth/response.go similarity index 100% rename from auth/indieauth/response.go rename to services/auth/indieauth/response.go diff --git a/auth/indieauth/server.go b/services/auth/indieauth/server.go similarity index 84% rename from auth/indieauth/server.go rename to services/auth/indieauth/server.go index 0d2ddb378..640336ce4 100644 --- a/auth/indieauth/server.go +++ b/services/auth/indieauth/server.go @@ -38,15 +38,13 @@ type ServerProfileResponse struct { ErrorDescription string `json:"error_description,omitempty"` } -var pendingServerAuthRequests = map[string]ServerAuthRequest{} - const maxPendingRequests = 100 // StartServerAuth will handle the authentication for the admin user of this // Owncast server. Initiated via a GET of the auth endpoint. // https://indieweb.org/authorization-endpoint -func StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*ServerAuthRequest, error) { - if len(pendingServerAuthRequests)+1 >= maxPendingRequests { +func (s *IndieAuthServer) StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*ServerAuthRequest, error) { + if len(s.pendingServerAuthRequests)+1 >= maxPendingRequests { return nil, errors.New("Please try again later. Too many pending requests.") } @@ -62,15 +60,15 @@ func StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*S Timestamp: time.Now(), } - pendingServerAuthRequests[code] = r + s.pendingServerAuthRequests[code] = r return &r, nil } // CompleteServerAuth will verify that the values provided in the final step // of the IndieAuth flow are correct, and return some basic profile info. -func CompleteServerAuth(code, redirectURI, clientID string, codeVerifier string) (*ServerProfileResponse, error) { - request, pending := pendingServerAuthRequests[code] +func (s *IndieAuthServer) CompleteServerAuth(code, redirectURI, clientID string, codeVerifier string) (*ServerProfileResponse, error) { + request, pending := s.pendingServerAuthRequests[code] if !pending { return nil, errors.New("no pending authentication request") } diff --git a/auth/persistence.go b/services/auth/persistence.go similarity index 100% rename from auth/persistence.go rename to services/auth/persistence.go diff --git a/webserver/handlers/auth/fediverse/fediverse.go b/webserver/handlers/auth/fediverse/fediverse.go index 2e2df52dd..dbae56946 100644 --- a/webserver/handlers/auth/fediverse/fediverse.go +++ b/webserver/handlers/auth/fediverse/fediverse.go @@ -6,11 +6,12 @@ import ( "net/http" "github.com/owncast/owncast/activitypub" - "github.com/owncast/owncast/auth" - fediverseauth "github.com/owncast/owncast/auth/fediverse" "github.com/owncast/owncast/core/chat" "github.com/owncast/owncast/core/data" - "github.com/owncast/owncast/core/user" + "github.com/owncast/owncast/models" + "github.com/owncast/owncast/services/auth" + fediverseauth "github.com/owncast/owncast/services/auth/fediverse" + "github.com/owncast/owncast/storage" "github.com/owncast/owncast/webserver/responses" log "github.com/sirupsen/logrus" ) @@ -27,8 +28,9 @@ func RegisterFediverseOTPRequest(u user.User, w http.ResponseWriter, r *http.Req return } + fediAuth := fediverseauth.GetFediAuth() accessToken := r.URL.Query().Get("accessToken") - reg, success, err := fediverseauth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount) + reg, success, err := fediAuth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount) if err != nil { responses.WriteSimpleResponse(w, false, "Could not register auth request: "+err.Error()) return @@ -61,7 +63,9 @@ func VerifyFediverseOTPRequest(w http.ResponseWriter, r *http.Request) { return } accessToken := r.URL.Query().Get("accessToken") - valid, authRegistration := fediverseauth.ValidateFediverseOTP(accessToken, req.Code) + fediAuth := fediverseauth.GetFediAuth() + + valid, authRegistration := fediAuth.ValidateFediverseOTP(accessToken, req.Code) if !valid { w.WriteHeader(http.StatusForbidden) return diff --git a/webserver/handlers/auth/indieauth/client.go b/webserver/handlers/auth/indieauth/client.go index 5f3ac8b4b..f37eb1dd6 100644 --- a/webserver/handlers/auth/indieauth/client.go +++ b/webserver/handlers/auth/indieauth/client.go @@ -6,10 +6,11 @@ import ( "io" "net/http" - "github.com/owncast/owncast/auth" - ia "github.com/owncast/owncast/auth/indieauth" "github.com/owncast/owncast/core/chat" - "github.com/owncast/owncast/core/user" + "github.com/owncast/owncast/models" + "github.com/owncast/owncast/services/auth" + ia "github.com/owncast/owncast/services/auth/indieauth" + "github.com/owncast/owncast/storage" "github.com/owncast/owncast/webserver/responses" log "github.com/sirupsen/logrus" ) @@ -38,7 +39,8 @@ func StartAuthFlow(u user.User, w http.ResponseWriter, r *http.Request) { accessToken := r.URL.Query().Get("accessToken") - redirectURL, err := ia.StartAuthFlow(authRequest.AuthHost, u.ID, accessToken, u.DisplayName) + indieAuthClient := ia.GetIndieAuthClient() + redirectURL, err := indieAuthClient.StartAuthFlow(authRequest.AuthHost, u.ID, accessToken, u.DisplayName) if err != nil { responses.WriteSimpleResponse(w, false, err.Error()) return @@ -53,9 +55,10 @@ func StartAuthFlow(u user.User, w http.ResponseWriter, r *http.Request) { // HandleRedirect will handle the redirect from an IndieAuth server to // continue the auth flow. func HandleRedirect(w http.ResponseWriter, r *http.Request) { + indieAuthClient := ia.GetIndieAuthClient() state := r.URL.Query().Get("state") code := r.URL.Query().Get("code") - request, response, err := ia.HandleCallbackCode(code, state) + request, response, err := indieAuthClient.HandleCallbackCode(code, state) if err != nil { log.Debugln(err) msg := `Unable to complete authentication. Go back.
` diff --git a/webserver/handlers/auth/indieauth/server.go b/webserver/handlers/auth/indieauth/server.go index 58ee82793..9396bea5a 100644 --- a/webserver/handlers/auth/indieauth/server.go +++ b/webserver/handlers/auth/indieauth/server.go @@ -4,7 +4,7 @@ import ( "net/http" "net/url" - ia "github.com/owncast/owncast/auth/indieauth" + ia "github.com/owncast/owncast/services/auth/indieauth" "github.com/owncast/owncast/webserver/middleware" "github.com/owncast/owncast/webserver/responses" ) @@ -31,7 +31,8 @@ func handleAuthEndpointGet(w http.ResponseWriter, r *http.Request) { state := r.URL.Query().Get("state") me := r.URL.Query().Get("me") - request, err := ia.StartServerAuth(clientID, redirectURI, codeChallenge, state, me) + indieAuthServer := ia.GetIndieAuthServer() + request, err := indieAuthServer.StartServerAuth(clientID, redirectURI, codeChallenge, state, me) if err != nil { _ = responses.WriteString(w, err.Error(), http.StatusInternalServerError) return @@ -70,7 +71,8 @@ func handleAuthEndpointPost(w http.ResponseWriter, r *http.Request) { // If the server auth flow cannot be completed then return with specific // "invalid_client" error. - response, err := ia.CompleteServerAuth(code, redirectURI, clientID, codeVerifier) + indieAuthServer := ia.GetIndieAuthServer() + response, err := indieAuthServer.CompleteServerAuth(code, redirectURI, clientID, codeVerifier) if err != nil { responses.WriteResponse(w, ia.Response{ Error: "invalid_client",