refactored view package

internal/handlers/callback.go

@@ -15,6 +15,7 @@ import (
 	"git.haelnorr.com/h/oslstats/internal/discord"
 	"git.haelnorr.com/h/oslstats/internal/store"
 	"git.haelnorr.com/h/oslstats/internal/throw"
+	"git.haelnorr.com/h/oslstats/internal/validation"
 	"git.haelnorr.com/h/oslstats/pkg/oauth"
 )
 
@@ -36,15 +37,23 @@ func Callback(
 				throw.BadRequest(s, w, r, "Too many redirects. Please try logging in again.", err)
 				return
 			}
-
-			state := r.URL.Query().Get("state")
-			code := r.URL.Query().Get("code")
-			if state == "" && code == "" {
-				http.Redirect(w, r, "/", http.StatusBadRequest)
+			getter := validation.NewQueryGetter(r)
+			state := getter.String("state").Required().Value
+			code := getter.String("code").Required().Value
+			if !getter.Validate() {
+				store.ClearRedirectTrack(r, "/callback")
+				apiErr := getter.String("error").Value
+				errDesc := getter.String("error_description").Value
+				if apiErr == "access_denied" {
+					throw.Unauthorized(s, w, r, "OAuth login failed or cancelled", errors.New(errDesc))
+					return
+				}
+				throw.BadRequest(s, w, r, "OAuth login failed", errors.New("state or code parameters missing"))
 				return
 			}
 			data, err := verifyState(cfg.OAuth, w, r, state)
 			if err != nil {
+				store.ClearRedirectTrack(r, "/callback")
 				if vsErr, ok := err.(*verifyStateError); ok {
 					if vsErr.IsCookieError() {
 						throw.Unauthorized(s, w, r, "OAuth session not found or expired", err)