mirror of
https://github.com/owncast/owncast.git
synced 2024-11-22 04:40:37 +03:00
feat: move auth under services
This commit is contained in:
parent
429ad7efeb
commit
82b70e73d9
16 changed files with 155 additions and 83 deletions
|
@ -7,11 +7,11 @@ import (
|
|||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/owncast/owncast/auth"
|
||||
"github.com/owncast/owncast/config"
|
||||
"github.com/owncast/owncast/core/chat"
|
||||
"github.com/owncast/owncast/core/data"
|
||||
"github.com/owncast/owncast/models"
|
||||
"github.com/owncast/owncast/services/auth"
|
||||
"github.com/owncast/owncast/services/notifications"
|
||||
"github.com/owncast/owncast/services/webhooks"
|
||||
"github.com/owncast/owncast/services/yp"
|
||||
|
|
|
@ -11,6 +11,34 @@ import (
|
|||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type FediAuth struct {
|
||||
// Key by access token to limit one OTP request for a person
|
||||
// to be active at a time.
|
||||
pendingAuthRequests map[string]OTPRegistration
|
||||
lock sync.Mutex
|
||||
}
|
||||
|
||||
var temporaryFediAuthGlobalInstance *FediAuth
|
||||
|
||||
// GetFediAuth returns the temporary global instance.
|
||||
// Remove this after dependency injection is implemented.
|
||||
func GetFediAuth() *FediAuth {
|
||||
if temporaryFediAuthGlobalInstance == nil {
|
||||
temporaryFediAuthGlobalInstance = NewFediAuth()
|
||||
}
|
||||
|
||||
return temporaryFediAuthGlobalInstance
|
||||
}
|
||||
|
||||
// NewFediAuth creates a new FediAuth instance.
|
||||
func NewFediAuth() *FediAuth {
|
||||
f := &FediAuth{
|
||||
pendingAuthRequests: make(map[string]OTPRegistration),
|
||||
}
|
||||
go f.setupExpiredRequestPruner()
|
||||
return f
|
||||
}
|
||||
|
||||
// OTPRegistration represents a single OTP request.
|
||||
type OTPRegistration struct {
|
||||
Timestamp time.Time
|
||||
|
@ -20,43 +48,32 @@ type OTPRegistration struct {
|
|||
Account string
|
||||
}
|
||||
|
||||
// Key by access token to limit one OTP request for a person
|
||||
// to be active at a time.
|
||||
var (
|
||||
pendingAuthRequests = make(map[string]OTPRegistration)
|
||||
lock = sync.Mutex{}
|
||||
)
|
||||
|
||||
const (
|
||||
registrationTimeout = time.Minute * 10
|
||||
maxPendingRequests = 1000
|
||||
)
|
||||
|
||||
func init() {
|
||||
go setupExpiredRequestPruner()
|
||||
}
|
||||
|
||||
// Clear out any pending requests that have been pending for greater than
|
||||
// the specified timeout value.
|
||||
func setupExpiredRequestPruner() {
|
||||
func (f *FediAuth) setupExpiredRequestPruner() {
|
||||
pruneExpiredRequestsTimer := time.NewTicker(registrationTimeout)
|
||||
|
||||
for range pruneExpiredRequestsTimer.C {
|
||||
lock.Lock()
|
||||
f.lock.Lock()
|
||||
log.Debugln("Pruning expired OTP requests.")
|
||||
for k, v := range pendingAuthRequests {
|
||||
for k, v := range f.pendingAuthRequests {
|
||||
if time.Since(v.Timestamp) > registrationTimeout {
|
||||
delete(pendingAuthRequests, k)
|
||||
delete(f.pendingAuthRequests, k)
|
||||
}
|
||||
}
|
||||
lock.Unlock()
|
||||
f.lock.Unlock()
|
||||
}
|
||||
}
|
||||
|
||||
// RegisterFediverseOTP will start the OTP flow for a user, creating a new
|
||||
// code and returning it to be sent to a destination.
|
||||
func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) (OTPRegistration, bool, error) {
|
||||
request, requestExists := pendingAuthRequests[accessToken]
|
||||
func (f *FediAuth) RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) (OTPRegistration, bool, error) {
|
||||
request, requestExists := f.pendingAuthRequests[accessToken]
|
||||
|
||||
// If a request is already registered and has not expired then return that
|
||||
// existing request.
|
||||
|
@ -64,10 +81,10 @@ func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string)
|
|||
return request, false, nil
|
||||
}
|
||||
|
||||
lock.Lock()
|
||||
defer lock.Unlock()
|
||||
f.lock.Lock()
|
||||
defer f.lock.Unlock()
|
||||
|
||||
if len(pendingAuthRequests)+1 > maxPendingRequests {
|
||||
if len(f.pendingAuthRequests)+1 > maxPendingRequests {
|
||||
return request, false, errors.New("Please try again later. Too many pending requests.")
|
||||
}
|
||||
|
||||
|
@ -79,23 +96,23 @@ func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string)
|
|||
Account: strings.ToLower(account),
|
||||
Timestamp: time.Now(),
|
||||
}
|
||||
pendingAuthRequests[accessToken] = r
|
||||
f.pendingAuthRequests[accessToken] = r
|
||||
|
||||
return r, true, nil
|
||||
}
|
||||
|
||||
// ValidateFediverseOTP will verify a OTP code for a auth request.
|
||||
func ValidateFediverseOTP(accessToken, code string) (bool, *OTPRegistration) {
|
||||
request, ok := pendingAuthRequests[accessToken]
|
||||
func (f *FediAuth) ValidateFediverseOTP(accessToken, code string) (bool, *OTPRegistration) {
|
||||
request, ok := f.pendingAuthRequests[accessToken]
|
||||
|
||||
if !ok || request.Code != code || time.Since(request.Timestamp) > registrationTimeout {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
lock.Lock()
|
||||
defer lock.Unlock()
|
||||
f.lock.Lock()
|
||||
defer f.lock.Unlock()
|
||||
|
||||
delete(pendingAuthRequests, accessToken)
|
||||
delete(f.pendingAuthRequests, accessToken)
|
||||
return true, &request
|
||||
}
|
||||
|
|
@ -14,8 +14,10 @@ const (
|
|||
userDisplayName = "fake-user-display-name"
|
||||
)
|
||||
|
||||
var fediAuthInstance = NewFediAuth()
|
||||
|
||||
func TestOTPFlowValidation(t *testing.T) {
|
||||
r, success, err := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
r, success, err := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
@ -36,7 +38,7 @@ func TestOTPFlowValidation(t *testing.T) {
|
|||
t.Error("Timestamp is empty")
|
||||
}
|
||||
|
||||
valid, registration := ValidateFediverseOTP(accessToken, r.Code)
|
||||
valid, registration := fediAuthInstance.ValidateFediverseOTP(accessToken, r.Code)
|
||||
if !valid {
|
||||
t.Error("Code is not valid")
|
||||
}
|
||||
|
@ -55,8 +57,8 @@ func TestOTPFlowValidation(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestSingleOTPFlowRequest(t *testing.T) {
|
||||
r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
r2, s2, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
r1, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
r2, s2, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
|
||||
if r1.Code != r2.Code {
|
||||
t.Error("Only one registration should be permitted.")
|
||||
|
@ -70,12 +72,12 @@ func TestSingleOTPFlowRequest(t *testing.T) {
|
|||
func TestAccountCaseInsensitive(t *testing.T) {
|
||||
account := "Account"
|
||||
accessToken := "another-fake-access-token"
|
||||
r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
_, reg1 := ValidateFediverseOTP(accessToken, r1.Code)
|
||||
r1, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
|
||||
_, reg1 := fediAuthInstance.ValidateFediverseOTP(accessToken, r1.Code)
|
||||
|
||||
// Simulate second auth with account in different case
|
||||
r2, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account))
|
||||
_, reg2 := ValidateFediverseOTP(accessToken, r2.Code)
|
||||
r2, _, _ := fediAuthInstance.RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account))
|
||||
_, reg2 := fediAuthInstance.ValidateFediverseOTP(accessToken, r2.Code)
|
||||
|
||||
if reg1.Account != reg2.Account {
|
||||
t.Errorf("Account names should be case-insensitive: %s %s", reg1.Account, reg2.Account)
|
||||
|
@ -88,9 +90,9 @@ func TestLimitGlobalPendingRequests(t *testing.T) {
|
|||
uid, _ := utils.GenerateRandomString(10)
|
||||
account, _ := utils.GenerateRandomString(10)
|
||||
|
||||
_, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account)
|
||||
_, success, error := fediAuthInstance.RegisterFediverseOTP(at, uid, "userDisplayName", account)
|
||||
if !success {
|
||||
t.Error("Registration should be permitted.", i, " of ", len(pendingAuthRequests))
|
||||
t.Error("Registration should be permitted.", i, " of ", len(fediAuthInstance.pendingAuthRequests))
|
||||
}
|
||||
if error != nil {
|
||||
t.Error(error)
|
||||
|
@ -101,7 +103,7 @@ func TestLimitGlobalPendingRequests(t *testing.T) {
|
|||
at, _ := utils.GenerateRandomString(10)
|
||||
uid, _ := utils.GenerateRandomString(10)
|
||||
account, _ := utils.GenerateRandomString(10)
|
||||
_, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account)
|
||||
_, success, error := fediAuthInstance.RegisterFediverseOTP(at, uid, "userDisplayName", account)
|
||||
if success {
|
||||
t.Error("Registration should not be permitted.")
|
||||
}
|
|
@ -8,7 +8,6 @@ import (
|
|||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/owncast/owncast/core/data"
|
||||
|
@ -17,38 +16,28 @@ import (
|
|||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var (
|
||||
pendingAuthRequests = make(map[string]*Request)
|
||||
lock = sync.Mutex{}
|
||||
)
|
||||
|
||||
const registrationTimeout = time.Minute * 10
|
||||
|
||||
func init() {
|
||||
go setupExpiredRequestPruner()
|
||||
}
|
||||
|
||||
// Clear out any pending requests that have been pending for greater than
|
||||
// the specified timeout value.
|
||||
func setupExpiredRequestPruner() {
|
||||
func (c *IndieAuthClient) setupExpiredRequestPruner() {
|
||||
pruneExpiredRequestsTimer := time.NewTicker(registrationTimeout)
|
||||
|
||||
for range pruneExpiredRequestsTimer.C {
|
||||
lock.Lock()
|
||||
c.lock.Lock()
|
||||
log.Debugln("Pruning expired IndieAuth requests.")
|
||||
for k, v := range pendingAuthRequests {
|
||||
for k, v := range c.pendingAuthRequests {
|
||||
if time.Since(v.Timestamp) > registrationTimeout {
|
||||
delete(pendingAuthRequests, k)
|
||||
delete(c.pendingAuthRequests, k)
|
||||
}
|
||||
}
|
||||
lock.Unlock()
|
||||
c.lock.Unlock()
|
||||
}
|
||||
}
|
||||
|
||||
// StartAuthFlow will begin the IndieAuth flow by generating an auth request.
|
||||
func StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL, error) {
|
||||
// Limit the number of pending requests
|
||||
if len(pendingAuthRequests) >= maxPendingRequests {
|
||||
func (c *IndieAuthClient) StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL, error) {
|
||||
if len(c.pendingAuthRequests) >= maxPendingRequests {
|
||||
return nil, errors.New("Please try again later. Too many pending requests.")
|
||||
}
|
||||
|
||||
|
@ -78,15 +67,15 @@ func StartAuthFlow(authHost, userID, accessToken, displayName string) (*url.URL,
|
|||
return nil, errors.Wrap(err, "unable to generate IndieAuth request")
|
||||
}
|
||||
|
||||
pendingAuthRequests[r.State] = r
|
||||
c.pendingAuthRequests[r.State] = r
|
||||
|
||||
return r.Redirect, nil
|
||||
}
|
||||
|
||||
// HandleCallbackCode will handle the callback from the IndieAuth server
|
||||
// to continue the next step of the auth flow.
|
||||
func HandleCallbackCode(code, state string) (*Request, *Response, error) {
|
||||
request, exists := pendingAuthRequests[state]
|
||||
func (c *IndieAuthClient) HandleCallbackCode(code, state string) (*Request, *Response, error) {
|
||||
request, exists := c.pendingAuthRequests[state]
|
||||
if !exists {
|
||||
return nil, nil, errors.New("no auth requests pending")
|
||||
}
|
55
services/auth/indieauth/indieauth.go
Normal file
55
services/auth/indieauth/indieauth.go
Normal file
|
@ -0,0 +1,55 @@
|
|||
package indieauth
|
||||
|
||||
import "sync"
|
||||
|
||||
type IndieAuthClient struct {
|
||||
pendingAuthRequests map[string]*Request
|
||||
lock sync.Mutex
|
||||
}
|
||||
|
||||
type IndieAuthServer struct {
|
||||
pendingServerAuthRequests map[string]ServerAuthRequest
|
||||
}
|
||||
|
||||
var temporaryGlobalClientInstance *IndieAuthClient
|
||||
|
||||
// GetIndieAuthClient returns the temporary global instance of IndieAuthClient.
|
||||
// Remove this after dependency injection is implemented.
|
||||
func GetIndieAuthClient() *IndieAuthClient {
|
||||
if temporaryGlobalClientInstance == nil {
|
||||
temporaryGlobalClientInstance = NewIndieAuthClient()
|
||||
}
|
||||
|
||||
return temporaryGlobalClientInstance
|
||||
}
|
||||
|
||||
// NewIndieAuthClient creates a new IndieAuth client instance.
|
||||
func NewIndieAuthClient() *IndieAuthClient {
|
||||
i := &IndieAuthClient{
|
||||
pendingAuthRequests: make(map[string]*Request),
|
||||
}
|
||||
go i.setupExpiredRequestPruner()
|
||||
|
||||
return i
|
||||
}
|
||||
|
||||
var temporaryGlobalServerInstance *IndieAuthServer
|
||||
|
||||
// GetIndieAuthServer returns the temporary global instance of IndieAuthServer.
|
||||
// Remove this after dependency injection is implemented.
|
||||
func GetIndieAuthServer() *IndieAuthServer {
|
||||
if temporaryGlobalServerInstance == nil {
|
||||
temporaryGlobalServerInstance = NewIndieAuthServer()
|
||||
}
|
||||
|
||||
return temporaryGlobalServerInstance
|
||||
}
|
||||
|
||||
// NewIndieAuthServer creates a new IndieAuth client instance.
|
||||
func NewIndieAuthServer() *IndieAuthServer {
|
||||
i := &IndieAuthServer{
|
||||
pendingServerAuthRequests: make(map[string]ServerAuthRequest),
|
||||
}
|
||||
|
||||
return i
|
||||
}
|
|
@ -6,6 +6,8 @@ import (
|
|||
"github.com/owncast/owncast/utils"
|
||||
)
|
||||
|
||||
var indieAuthServer = GetIndieAuthServer()
|
||||
|
||||
func TestLimitGlobalPendingRequests(t *testing.T) {
|
||||
// Simulate 10 pending requests
|
||||
for i := 0; i < maxPendingRequests-1; i++ {
|
||||
|
@ -15,9 +17,9 @@ func TestLimitGlobalPendingRequests(t *testing.T) {
|
|||
state, _ := utils.GenerateRandomString(10)
|
||||
me, _ := utils.GenerateRandomString(10)
|
||||
|
||||
_, err := StartServerAuth(cid, redirectURL, cc, state, me)
|
||||
_, err := indieAuthServer.StartServerAuth(cid, redirectURL, cc, state, me)
|
||||
if err != nil {
|
||||
t.Error("Registration should be permitted.", i, " of ", len(pendingAuthRequests), err)
|
||||
t.Error("Registration should be permitted.", i, " of ", len(indieAuthServer.pendingServerAuthRequests), err)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -28,7 +30,7 @@ func TestLimitGlobalPendingRequests(t *testing.T) {
|
|||
state, _ := utils.GenerateRandomString(10)
|
||||
me, _ := utils.GenerateRandomString(10)
|
||||
|
||||
_, err := StartServerAuth(cid, redirectURL, cc, state, me)
|
||||
_, err := indieAuthServer.StartServerAuth(cid, redirectURL, cc, state, me)
|
||||
if err == nil {
|
||||
t.Error("Registration should not be permitted.")
|
||||
}
|
|
@ -38,15 +38,13 @@ type ServerProfileResponse struct {
|
|||
ErrorDescription string `json:"error_description,omitempty"`
|
||||
}
|
||||
|
||||
var pendingServerAuthRequests = map[string]ServerAuthRequest{}
|
||||
|
||||
const maxPendingRequests = 100
|
||||
|
||||
// StartServerAuth will handle the authentication for the admin user of this
|
||||
// Owncast server. Initiated via a GET of the auth endpoint.
|
||||
// https://indieweb.org/authorization-endpoint
|
||||
func StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*ServerAuthRequest, error) {
|
||||
if len(pendingServerAuthRequests)+1 >= maxPendingRequests {
|
||||
func (s *IndieAuthServer) StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*ServerAuthRequest, error) {
|
||||
if len(s.pendingServerAuthRequests)+1 >= maxPendingRequests {
|
||||
return nil, errors.New("Please try again later. Too many pending requests.")
|
||||
}
|
||||
|
||||
|
@ -62,15 +60,15 @@ func StartServerAuth(clientID, redirectURI, codeChallenge, state, me string) (*S
|
|||
Timestamp: time.Now(),
|
||||
}
|
||||
|
||||
pendingServerAuthRequests[code] = r
|
||||
s.pendingServerAuthRequests[code] = r
|
||||
|
||||
return &r, nil
|
||||
}
|
||||
|
||||
// CompleteServerAuth will verify that the values provided in the final step
|
||||
// of the IndieAuth flow are correct, and return some basic profile info.
|
||||
func CompleteServerAuth(code, redirectURI, clientID string, codeVerifier string) (*ServerProfileResponse, error) {
|
||||
request, pending := pendingServerAuthRequests[code]
|
||||
func (s *IndieAuthServer) CompleteServerAuth(code, redirectURI, clientID string, codeVerifier string) (*ServerProfileResponse, error) {
|
||||
request, pending := s.pendingServerAuthRequests[code]
|
||||
if !pending {
|
||||
return nil, errors.New("no pending authentication request")
|
||||
}
|
|
@ -6,11 +6,12 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/owncast/owncast/activitypub"
|
||||
"github.com/owncast/owncast/auth"
|
||||
fediverseauth "github.com/owncast/owncast/auth/fediverse"
|
||||
"github.com/owncast/owncast/core/chat"
|
||||
"github.com/owncast/owncast/core/data"
|
||||
"github.com/owncast/owncast/core/user"
|
||||
"github.com/owncast/owncast/models"
|
||||
"github.com/owncast/owncast/services/auth"
|
||||
fediverseauth "github.com/owncast/owncast/services/auth/fediverse"
|
||||
"github.com/owncast/owncast/storage"
|
||||
"github.com/owncast/owncast/webserver/responses"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
@ -27,8 +28,9 @@ func RegisterFediverseOTPRequest(u user.User, w http.ResponseWriter, r *http.Req
|
|||
return
|
||||
}
|
||||
|
||||
fediAuth := fediverseauth.GetFediAuth()
|
||||
accessToken := r.URL.Query().Get("accessToken")
|
||||
reg, success, err := fediverseauth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount)
|
||||
reg, success, err := fediAuth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount)
|
||||
if err != nil {
|
||||
responses.WriteSimpleResponse(w, false, "Could not register auth request: "+err.Error())
|
||||
return
|
||||
|
@ -61,7 +63,9 @@ func VerifyFediverseOTPRequest(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
accessToken := r.URL.Query().Get("accessToken")
|
||||
valid, authRegistration := fediverseauth.ValidateFediverseOTP(accessToken, req.Code)
|
||||
fediAuth := fediverseauth.GetFediAuth()
|
||||
|
||||
valid, authRegistration := fediAuth.ValidateFediverseOTP(accessToken, req.Code)
|
||||
if !valid {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
|
|
|
@ -6,10 +6,11 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
|
||||
"github.com/owncast/owncast/auth"
|
||||
ia "github.com/owncast/owncast/auth/indieauth"
|
||||
"github.com/owncast/owncast/core/chat"
|
||||
"github.com/owncast/owncast/core/user"
|
||||
"github.com/owncast/owncast/models"
|
||||
"github.com/owncast/owncast/services/auth"
|
||||
ia "github.com/owncast/owncast/services/auth/indieauth"
|
||||
"github.com/owncast/owncast/storage"
|
||||
"github.com/owncast/owncast/webserver/responses"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
@ -38,7 +39,8 @@ func StartAuthFlow(u user.User, w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
accessToken := r.URL.Query().Get("accessToken")
|
||||
|
||||
redirectURL, err := ia.StartAuthFlow(authRequest.AuthHost, u.ID, accessToken, u.DisplayName)
|
||||
indieAuthClient := ia.GetIndieAuthClient()
|
||||
redirectURL, err := indieAuthClient.StartAuthFlow(authRequest.AuthHost, u.ID, accessToken, u.DisplayName)
|
||||
if err != nil {
|
||||
responses.WriteSimpleResponse(w, false, err.Error())
|
||||
return
|
||||
|
@ -53,9 +55,10 @@ func StartAuthFlow(u user.User, w http.ResponseWriter, r *http.Request) {
|
|||
// HandleRedirect will handle the redirect from an IndieAuth server to
|
||||
// continue the auth flow.
|
||||
func HandleRedirect(w http.ResponseWriter, r *http.Request) {
|
||||
indieAuthClient := ia.GetIndieAuthClient()
|
||||
state := r.URL.Query().Get("state")
|
||||
code := r.URL.Query().Get("code")
|
||||
request, response, err := ia.HandleCallbackCode(code, state)
|
||||
request, response, err := indieAuthClient.HandleCallbackCode(code, state)
|
||||
if err != nil {
|
||||
log.Debugln(err)
|
||||
msg := `Unable to complete authentication. <a href="/">Go back.</a><hr/>`
|
||||
|
|
|
@ -4,7 +4,7 @@ import (
|
|||
"net/http"
|
||||
"net/url"
|
||||
|
||||
ia "github.com/owncast/owncast/auth/indieauth"
|
||||
ia "github.com/owncast/owncast/services/auth/indieauth"
|
||||
"github.com/owncast/owncast/webserver/middleware"
|
||||
"github.com/owncast/owncast/webserver/responses"
|
||||
)
|
||||
|
@ -31,7 +31,8 @@ func handleAuthEndpointGet(w http.ResponseWriter, r *http.Request) {
|
|||
state := r.URL.Query().Get("state")
|
||||
me := r.URL.Query().Get("me")
|
||||
|
||||
request, err := ia.StartServerAuth(clientID, redirectURI, codeChallenge, state, me)
|
||||
indieAuthServer := ia.GetIndieAuthServer()
|
||||
request, err := indieAuthServer.StartServerAuth(clientID, redirectURI, codeChallenge, state, me)
|
||||
if err != nil {
|
||||
_ = responses.WriteString(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
|
@ -70,7 +71,8 @@ func handleAuthEndpointPost(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
// If the server auth flow cannot be completed then return with specific
|
||||
// "invalid_client" error.
|
||||
response, err := ia.CompleteServerAuth(code, redirectURI, clientID, codeVerifier)
|
||||
indieAuthServer := ia.GetIndieAuthServer()
|
||||
response, err := indieAuthServer.CompleteServerAuth(code, redirectURI, clientID, codeVerifier)
|
||||
if err != nil {
|
||||
responses.WriteResponse(w, ia.Response{
|
||||
Error: "invalid_client",
|
||||
|
|
Loading…
Reference in a new issue